File: /home/httpd/html/baretube.com/forgot_pass.php
<?
session_start();
include('admin/db.php');
if($_POST[email]) {
if(strtolower($_POST[captchaaa]) != strtolower($_SESSION[captcha])) {
$errors[] = "Incorrect CAPTCHA Response";
}
if(!$errors) {
$newpass = uniqid();
$newpassenc = md5($newpass);
$email = mysql_real_escape_string($_POST[email]);
$result = mysql_query("SELECT * FROM users WHERE email LIKE '$email'");
if(mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result);
mysql_query("UPDATE users SET password = '$newpassenc' WHERE record_num = '$row[record_num]'");
$to = $email;
$from = "From: $sitename <$admin_email>";
$subject = $sitename.' Login Information';
$body = "Hello,
Your Login information has been reset to the following:
Username: $row[username]
Password: $newpass
Regards,
$sitename";
mail($to,$subject,$body,$from);
$message = "Your login information has been emailed to you.";
$success = true;
}
else {
$message = "We're sorry, no user matching that email has been found in our system.";
}
}
}
$title = 'Forgot Password?';
$headertitle = 'Forgot Password?';
include('templates/template.overall_header.php'); ?>
<p>Fill out this form to have your password emailed to you.</p>
<? if($message) { ?><p style='font-weight: bold;'><? echo $message; ?></p><? } ?>
<? if(!$success) { ?>
<form id="form1" name="form1" method="post" action="">
<table width="300" border="0" align="left">
<tr>
<td width="80">Email</td>
<td width="210"><input name="email" type="text" id="ahd_username" size="35" maxlength="255" /></td>
</tr>
<tr>
<td>Human?</td>
<td><img src='/captcha.php' /><br />
<input class='f02' name="captchaaa" type="text" id="signup_email" size="10" maxlength="35" value='' /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type='submit' name="Submit" id="button" value="Send" />
<br /></td>
</tr>
</table>
</form>
<? } ?>
<? include('templates/template.overall_footer.php'); ?>