Location: PHPKode > scripts > WebsiteMemberManager > members-section/members/php/forgottenpassword.php
<?php
include_once("header.html");
if(!isset($email)) include("forgottenpassword.html");
else
{
 if ($stop_sp!=5) exit("spam detected - system stopped.");//stop spambots
 $dbc = dbc::instance();
 $correct_email = 0;
 $result = $dbc->prepare("SELECT id,their_username,activated FROM wmm_members WHERE their_username=:email");
 $result->bindParam(':email', $email, PDO::PARAM_STR);
 $rows = $dbc->executeGetRows($result);
 if (count($rows)>0) $row = $rows[0];//username is same as provided email
 
 $result = $dbc->prepare("SELECT id,their_username,activated FROM wmm_members WHERE email=:email");
 $result->bindParam(':email', $email, PDO::PARAM_STR);
 $rows = $dbc->executeGetRows($result);
 if (count($rows)>0) $row = $rows[0];//contact email is same as provided email

 if (!isset($row)) $feedback->setShow("$email <br>NOT FOUND. Checked both the updated email address and original username!","Feedback",0,"member");
 else
 {
  if ($row['activated']<1) $feedback->setShow("Account NOT ACTIVATED<br><br>Please WAIT for admin to activate your account.<br><br>Thank you.","Feedback",0,"member");
  else
  {
   $new_date = mktime (0,0,0,date("m"), date("d")-1, date("Y"));
   $result = $dbc->prepare("SELECT * FROM wmm_forgotten_password where id='".$row['id']."'");
   $rows = $dbc->executeGetRows($result);
   
   $last_sent_date = (count($rows)>0)? $rows[0]['last_sent_date'] : 1;
   if ($new_date>$last_sent_date)// not sent within last 24 hours
   {
    $their_username = $row['their_username'];
    $id = $row['id'];
    $now_date = time();
    if (count($rows)>0) $query="UPDATE wmm_forgotten_password set last_sent_date= :now_date where id= :id";
    else $query="INSERT INTO wmm_forgotten_password (id, last_sent_date) VALUES (:id, :now_date) ";
    $result = $dbc->prepare($query);
    $result->bindParam(':now_date', $now_date, PDO::PARAM_INT);
    $result->bindParam(':id', $id, PDO::PARAM_INT);
    $result = $dbc->execute($result);
    
    $result = $dbc->prepare("delete from wmm_forgotten_password where last_sent_date< :new_date ");//remove old data
    $result->bindParam(':new_date', $new_date, PDO::PARAM_INT);
    $result = $dbc->execute($result);
      
    $their_password = random_password(8);
    $cpass = WMMcrypt($their_password,$their_username);
    $result = $dbc->prepare("update wmm_members set their_password= :cpass where id= :id");
    $result->bindParam(':cpass', $cpass, PDO::PARAM_STR);
    $result->bindParam(':id', $id, PDO::PARAM_INT);
    $result = $dbc->execute($result);
    include("__password_changed_email.php");
    $feedback->setShow("A new password has been sent to $email<br><br>Please check your mailbox.","SUCCESS - email sent.",0,"member");
   }
   else $feedback->setShow("Details already sent within the last 24 hours.<br><br>You must wait at least 24 hours before requesting a new password again.","UNABLE TO RESEND!",0,"member");
  }
 }
 include_once("header.html");
 include("login.html");
 include("footer.html");
} 
?>
Return current item: WebsiteMemberManager