<?php
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
include("include.php");
if ($_POST['submit'] == "get password") {
if (($_POST['username'] == "") || ($_POST['email'] == "")) {
bco_error("Username or email was blank.");
}
$query = "select id from users where lower(username)=lower('$_POST[username]') and email_signup='$_POST[email]' and security_answer='" . md5($_POST['security_answer']) . "'";
if (!$result = pg_query($query)) {
bco_error("Verification failed.");
}
if (pg_num_rows($result) != 1) {
bco_error("There is either no account with that name, the email is not correct or the security answer is incorrect.");
} else {
$row = pg_fetch_assoc($result);
// Generate a new password here.
$password = bco_randompassword(8);
// md5 the password.
$md5_password = md5($password);
$userid = pg_fetch_result($result, 0);
if ($userid != "") {
// Update the users password
$update_query = "update users set password='$md5_password' where id=$userid";
if (!pg_query($update_query)) {
bco_error("Password update failed.</br >" . pg_last_error());
}
} else {
bco_error("Something went wrong. Sorry.");
}
$mail_msg = "Hey forgetful! Here's your username and password.\n\n";
$mail_msg .= "Username: $_POST[username]\n";
$mail_msg .= "Password: $password\n\n";
$mail_msg .= "Please don't lose/delete/forget me!\n" . ADMIN_NAME . "\n\n";
if (!mail($_POST['email'], "Your lost password.", $mail_msg, "From: " . ADMIN_EMAIL)) {
bco_error("Mail could not be sent");
}
bco_html_header("Password mailed");
bco_index_menu("Password mailed");
echo <<< END
\n<br />
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
<tr>
<td align="center" class="tr1">Email sent to $_POST[email]!
<br />
<br />
<a href="index.php" class="tr1">Go back to the index.</a>
</td>
</tr>
</table>
END;
bco_html_footer();
}
exit;
}
bco_html_header("Reset your password");
bco_index_menu("Reset your password");
echo <<< END
\n<br />
<form method="post" action="$PHP_SELF">
If you happen to lose your password, you can have a new one generated and emailed to you at the address you signed up with.
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
<tr>
<td width="170" align="right">username:</td>
<td align="left"><input type="text" name="username" maxlength="25" size="25" class="textfield" /></td>
</tr>
<tr>
<td width="170" align="right">email registered with:</td>
<td align="left"><input type="text" name="email" size="25" class="textfield" /></td>
</tr>
<tr>
<td width="170" align="right">Mother's maiden name:</td>
<td align="left" valign="top"><input type="text" name="security_answer" size="25" class="textfield" /></td>
</tr>
<tr>
<td width="170" align="right"> </td>
<td align="left"><input type="submit" name="submit" value="get password" class="button" /></td>
</tr>
</table>
<input type="hidden" name="refer" value="index.php" />
</form>
END;
bco_html_footer();
?>