File: /home/httpd/html/xdudes.com/controllers/control.forgot_pass.php
<?php
if (isset($_GET['hash'])) {
$result = dbQuery("SELECT record_num, salt FROM users WHERE forgot_pass_hash = '" . mysqli_real_escape_string($dbconn,strip_tags($_GET['hash'])) . "' AND forgot_pass_hash != ''", false);
if (!empty($result)) {
$newpass = uniqid();
$newpassenc = md5($newpass . $result[0]['salt']);
dbQuery("UPDATE users SET password = '$newpassenc', session_reload = 1 WHERE record_num = '" . $result[0]['record_num'] . "'", false);
sendForgotPasswordStep(2, $result[0]['record_num'], $newpass);
setMessage(_t("Your new password has been sent."),"success");
}
}
if (isset($_POST['email']) && isset($_POST['captchaaa'])) {
$_POST = mysql_real_escape_array($_POST);
$errors = false;
if(!isset($_POST['captchaaa'])) {
setMessage(_t("Incorrect or missing CAPTCHA Response"),"error");
$errors = true;
}
if ((isset($_POST['captchaaa']) && isset($_SESSION['captchaBlack'])) && (strtolower($_POST['captchaaa']) != strtolower($_SESSION['captchaBlack']))) {
setMessage(_t("Incorrect CAPTCHA Response"),"error");
$errors = true;
}
if (isset($POST['email']) && !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
setMessage(_t("Invalid Email Address"),"error");
$errors = true;
}
if (!$errors) {
$result = dbQuery("SELECT * FROM users WHERE email LIKE '" . $_POST['email'] . "'", false);
sendForgotPasswordStep(1, $result[0]['record_num'], false);
setMessage(_t("If your email exists in our database, a change password confirmation link has been sent."),"success");
}
}