<?php 
session_start();

$metatitle = "Forgot Password - ";
include('config.php');

    $length = 10;
    $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
    $newpass = "";    
    for ($p = 0; $p < $length; $p++) {
        $newpass .= $characters[mt_rand(0, strlen($characters))];
}

	$sitequery = 'select * from settings;';
	$siteresult = mysql_query($sitequery,$connection) or die(mysql_error());
	
	//Create site settings variables		
	$siteinfo = mysql_fetch_array($siteresult);
	$sitetitle = $siteinfo['title'];
	$siteurl = $siteinfo['url'];

	$adminquery = 'select * from admins;';
	$adminresults = mysql_query($adminquery,$connection) or die(mysql_error());
	$admininfo = mysql_fetch_array($adminresults);
	$adminemail = $admininfo['email'];

// Update the settings 
	if(isset($_POST['getpass'])) { 
	
		$email = $_POST['email'];
		$checkforemails = mysql_query("SELECT * FROM authors WHERE email = '".$email."'");
	
		if(mysql_num_rows($checkforemails) != 0){
			$query = "select * from authors where email ='".$email."'";
			$result = mysql_query($query,$connection) or die(mysql_error());
			$info = mysql_fetch_array($result);
			$id = $info['id'];
			$username = $info['username'];

			$sql = "UPDATE `authors` SET `password`='".md5($newpass)."' WHERE `id`=".$id;
			$query = mysql_query($sql);
			
		// send e-mail ...
			$to=$email; 

			$subject="Temporary Password for ".$sitetitle; 

			$header="from: Admin <".$adminemail.">"; 

			$messages ="Your temporary password is $newpass \r\n\n";
			$messages.="You may now login and update your password from the Account Settings page: \r\n";
			$messages.="Username: $username \r\n";
			$messages.="Password: $newpass \r\n";
			$messages.= $siteurl."/login.php \r\n";
	
		// send email 
			$sentmail = mail($to,$subject,$messages,$header);

			
			header('Location: forgot.php?emailed=true');
			exit();
		} else {
			header('Location: forgot.php?error=noemail');
		}
	
	} 


	include('header.php'); 


// Setup the template
	$forgottemp = new Template("templates/".$template."/forgot.tpl");


	include('sidebar.php');  
	if($_GET["error"] == "noemail") {
		$forgottemp->set("error", '<div class="warning"><b>ERROR: That email doesn\'t exist in our system</b></div>');
	} elseif($_GET["emailed"] == "true") {
		$forgottemp->set("error", '<div class="warning"><b>A new password has been emailed to you</b></div>');
	} else {
		$forgottemp->set("error", '');
	}
	

// Outputs the  template!
	 
	echo $forgottemp->output();
	
	include('rightsidebar.php');
	include('obinclude.php'); 
?>