";
$randtext = generateRandomString(500);
$randtext = md5($randtext);
$xtm = time()+60*60*24*1;
$sql = "INSERT INTO `temp_token` (`easy_key`, `date_added`, `date_expired`, `ip_add`, `status`, `user_id`) VALUES ('$randtext', '$nowtime', '$xtm', '$ip_add', '1', '0')";
$res = mysqli_query($db, $sql);
if(empty($_POST) == false) {
$fields = array('email2', 'captcha');
foreach($_POST as $key=>$value) {
if(empty($value) && in_array($key, $fields) == true){
$errors = 'All fields are required';
break 1;
}
}
$captcha = $_POST['captcha'];
$email = $_POST['email2'];
$udt = mysqli_fetch_array(mysqli_query($db, "SELECT COUNT(*), user_id, username, email, name FROM users WHERE email='$email'"));
$tkn = mysqli_fetch_array(mysqli_query($db, "SELECT COUNT(*), easy_key, date_added, ip_add, status, user_id FROM temp_token WHERE easy_key='$captcha'"));
if(empty($errors)) {
if($tkn[0]=='0')
{
$errors = 'Security Key Not Found!';
$res = mysqli_query($db, "INSERT INTO error_log SET tried_username='$email', uid='$udt[1]', username='$udt[2]', email='$udt[3]', action='Forgot_Password', error_msg='Security Key Not Found as $captcha $email', ip_add='$ip_add', time='$nowtime'");
}
if($tkn[4]=='0')
{
$errors = 'Security key Already Used. Please Try Again!';
$res = mysqli_query($db, "INSERT INTO error_log SET tried_username='$email', uid='$udt[1]', username='$udt[2]', email='$udt[3]', action='Forgot_Password', error_msg='security key $captcha already used by you or some one else $email', ip_add='$ip_add', time='$nowtime'");
}
if($captcha!=$captcha)
{
$errors = 'Please enter the correct captcha code!';
$res = mysqli_query($db, "INSERT INTO error_log SET tried_username='$email', uid='$udt[1]', username='$udt[2]', email='$udt[3]', action='Forgot_Password', error_msg='wrong captcha entered for username $email', ip_add='$ip_add', time='$nowtime'");
}
if($udt[0] == '0') {
$errors = 'Sorry, the username \'' . $_POST['email2'] . '\' is not exist.';
$res = mysqli_query($db, "INSERT INTO error_log SET tried_username='$email', uid='$udt[1]', username='$udt[2]', email='$udt[3]', action='Forgot_Password', error_msg='$email does not exist, ip_add='$ip_add', time='$nowtime'");
}
}
}
if(empty($_POST) == false && empty($errors) == true){
$knd = mysqli_fetch_array(mysqli_query($db, "SELECT user_id, username, email, email_code, name FROM users WHERE email='$email'"));
$to = $knd[2];
$title = "$sitename : Reset Your Password";
$message = "
Reset Your Password
|
Forgot your password?
|
|
Click On Below Button To Reset Your Password. Please Note your previous password will be no longer after clicking this button.
|
|
|
|
|
";
$headers = "From: $mydomain <$esender>\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
mail($to, $title, $message, $headers);
echo "
Your Password Reset Link Sent to Your Mailbox.
";
$res = mysqli_query($db, "INSERT INTO complete_log SET user_id='$knd[0]', user_name='$knd[1]', user_email='$knd[2]', action_type='Forgot_Password', user_action='User Placed Forgot Password Request.', secret_info='Email Code $knd[3]', ip_add='$ip_add', act_time='$nowtime', act_status='1'");
$sql = "UPDATE temp_token SET `use_for`='Forgot_Password', `date_used`='$nowtime', `status`='0' WHERE easy_key='$captcha'";
if ($db->query($sql) === TRUE)
{
echo "
This Security Key is Disabled Now !
";
}
} else if(isset($errors)) {
echo "
Error Occured $errors
";
}
echo "