File: /home/httpd/html/porn.tw/public_html/controllers/control.forgot_pass.php
<?php
if ($_GET['hash']) {
$result = dbQuery("SELECT record_num, salt FROM users WHERE forgot_pass_hash = '" . mysqli_real_escape_string($dbconn,strip_tags($_GET['hash'])) . "' AND forgot_pass_hash != ''", false);
if (!empty($result)) {
$newpass = uniqid();
$newpassenc = md5($newpass . $result[0]['salt']);
dbQuery("UPDATE users SET password = '$newpassenc', session_reload = 1 WHERE record_num = '" . $result[0]['record_num'] . "'", false);
sendForgotPasswordStep(2, $result[0]['record_num'], $newpass);
setMessage(_t("Your new password has been sent."),"success");
}
}
if ($_POST) {
$_POST = mysql_real_escape_array($_POST);
if (strtolower($_POST['captchaaa']) != strtolower($_SESSION['captcha'])) {
setMessage(_t("Incorrect CAPTCHA Response"),"error");
$errors = true;
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
setMessage(_t("Invalid Email Address"),"error");
$errors = true;
}
if (!$errors) {
$result = dbQuery("SELECT * FROM users WHERE email LIKE '" . $_POST['email'] . "'", false);
sendForgotPasswordStep(1, $result[0]['record_num'], false);
setMessage(_t("If your email exists in our database, a change password confirmation link has been sent."),"success");
}
}