Location: PHPKode > projects > @1 File Store > password.php
<?
require_once("libs/header.php");
if(isset($_GET["action"]) && $_GET["action"]=="done")
{
 $smarty->assign("message", "password");
 $smarty->display("message.tpl");
 exit();
}

$form=array(
	"method"=>"POST",
	"action"=>"",
	"message"=>"",
	"errorcount"=>0,
	"fields"=>$PASSWORD_FORM,
	"submit"=>$lang['send']
);
$userform=new UserForms($form["fields"]);
if($_SERVER["REQUEST_METHOD"]==$form["method"])
{
 $userform->load($form["fields"], $_POST);
 $form["errorcount"]=$userform->check($form["fields"]);

// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/

/* Fields:
$form["fields"]["email"]["value"]
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
                '@<[\/\!]*?[^<>]*?>@si',
                '@([\r\n])[\s]+@',
                '@&(quot|#34);@i',
                '@&(amp|#38);@i',
                '@&(lt|#60);@i',
                '@&(gt|#62);@i',
                '@&(nbsp|#160);@i',
                '@&(iexcl|#161);@i',
                '@&(cent|#162);@i',
                '@&(pound|#163);@i',
                '@&(copy|#169);@i',
                '@&#(\d+);@e');

$replace = array ('',
                 '',
                 '\1',
                 '"',
                 '&',
                 '<',
                 '>',
                 ' ',
                 chr(161),
                 chr(162),
                 chr(163),
                 chr(169),
                 'chr(\1)');

$femail = $form["fields"]["email"]["value"];

$form["fields"]["email"]["value"] = preg_replace($search, $replace, $form["fields"]["email"]["value"]);

if ($femail!=$form["fields"]["email"]["value"]) { $st=$lang['malicious_code']; }

if (isset($st)) {
	$form["errorcount"]=1;
	$form["message"]=$st;
}
if (empty($form["fields"]["email"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['email_is_empty'];
}
if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $form["fields"]["email"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['email_format'];
}
/************************ eod ******************************/

 if($form["errorcount"]==0)
 {
  $SQL="SELECT * FROM `".DB_PREFIX."users` WHERE `email`='".$form["fields"]["email"]["value"]."'";
  if(!$mysql->query($SQL))
  {
   exit($mysql->error);
  }
  if($mysql->num<=0)
  {
   $form["errorcount"]++;
   $form["message"]=$lang['email_not_exist'];
  }
  if($form["errorcount"]==0)
  { 
   $MAIL=sprintf($PASSWORD_EMAIL, $mysql->field("login"),
   				  $mysql->field("password")
   		);
   mail($mysql->field("email"), $lang['retrieve_password'], $MAIL, "From:".ADMIN_EMAIL);
   Header("Location:password.php?action=done");
   exit();
  }
 }
}

$smarty->assign("form", $form);
$smarty->display("password.tpl");
?>
Return current item: @1 File Store