View file recover.php

File size: 4.09Kb
<?php

// Криме / Krime
include('common.php');

if(!islogged())
{
  echo theader($lang['lostpassword']);

  if(getarg('code') != NULL)
  {
    $query = mysql_query('SELECT * FROM `recover` WHERE `code` = \'' . getarg('code') . '\';');
    if(mysql_num_rows($query) > 0)
    {
      $newpassword = clean(getcode());
      $result = mysql_fetch_array($query);
      $userid = intval($result['user']);
      $query = mysql_query('SELECT * FROM `users` WHERE `id` = \'' . $userid . '\';');
      $result = mysql_fetch_array($query);
      $useremail = $result['email'];
      $query = mysql_query('UPDATE `users` SET `password` = \'' . md5(md5($newpassword)) . '\' WHERE `id` = \'' . $userid . '\';');
      if(mysql_affected_rows() > 0)
      {
	  	  $msub = $lang['lostpassword'];
	  	  $mmsg = $lang['yournewpassword'] . ' ' . $newpassword . "\r\n" . $s_siteurl . '/' . "\r\n";
	  	  @mail($useremail, $msub, $mmsg, "From: $s_email <$s_email>\r\n");
        @mysql_query('DELETE FROM `recover` WHERE `code` = \'' . getarg('code') . '\';');
        echo '    <span>' . $lang['newpasswordsent'] . '</span><br />' . "\r\n";
        echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
      }
      else
      {
        echo '    <span>' . $lang['recoveryerror'] . '</span><br />' . "\r\n";
        echo '    <span><a href="' . $s_siteurl . '/recover.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
      }
    }
    else
    {
      echo '    <span>' . $lang['wrongrecoverycode'] . '</span><br />' . "\r\n";
      echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
    }
  }
  else
  {
    if(isset($_POST['email']) && !empty($_POST['email']))
    {
      $email = trim($_POST['email']);
      $query = mysql_query('SELECT * FROM `users` WHERE `email` = \'' . $email . '\';');
      if(mysql_num_rows($query) > 0)
      {
        $result = mysql_fetch_array($query);
        $userid = intval($result['id']);
        $query = mysql_query('SELECT * FROM `recover` WHERE `user` = \'' . $userid . '\';');
        if(mysql_num_rows($query) > 0)
        {
          $result = mysql_fetch_array($query);
          $code = trim($result['code']);
		      $msub = $lang['lostpassword'];
		      $mmsg = $lang['torecover'] . "\r\n" . $s_siteurl . '/recover.php?lang=' . $language . '&code=' . $code . "\r\n";
		      @mail($email, $msub, $mmsg, "From: $s_email <$s_email>\r\n");
          echo '    <span>' . $lang['recoversent'] . '</span><br />' . "\r\n";
          echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
        }
        else
        {
          $code = clean(getcode());
          @mysql_query('INSERT INTO `recover` VALUES(\'0\', \'' . $userid . '\', \'' . $code . '\', \'' . time() . '\');');
	  	    $msub = $lang['lostpassword'];
	  	    $mmsg = $lang['torecover'] . "\r\n" . $s_siteurl . '/recover.php?lang=' . $language . '&code=' . $code . "\r\n";
	  	    @mail($email, $msub, $mmsg, "From: $s_email <$s_email>\r\n");
          echo '    <span>' . $lang['recoversent'] . '</span><br />' . "\r\n";
          echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
        }
      }
      else
      {
        echo '    <span>' . $lang['emailnotinuse'] . '</span><br />' . "\r\n";
        echo '    <span><a href="' . $s_siteurl . '/recover.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
      }
    }
    else
    {
	    echo '    <span>' . $lang['enteremail'] . '</span><br /><br />' . "\r\n";
  	  echo trecoverbox();
  	  echo '    <span><a href="' . $s_siteurl . '/index.php?lang=' . $language . '">' . $lang['back'] . '</a></span><br /><br />' . "\r\n";
    }
  }

  echo tfooter();
}
else
{
  header('Location: ' . $s_siteurl . '/index.php?lang=' . $language);
}

exit();

?>