Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $email = 'admin@runohotel.com';
- if (isset($_GET['code'])) {
- $hashcode = filter($_GET['code']);
- $check = dbquery("SELECT username FROM `passrecovery` WHERE hash='$hashcode'");
- if ($check->num_rows) {
- $r = $check->fetch_assoc();
- $username = $r['username'];
- echo 'Hey, $username, your password has been sent to your mail account.';
- $pass = substr(md5(uniqid(mt_rand(), 1)), 3, 10);
- $udpass = dbquery("UPDATE `users` SET password='$pass' WHERE username='$username'");
- // send mail
- $check = dbquery("SELECT mail FROM `users` WHERE username='$username'");
- $r = $check->fetch_assoc();
- $to = $r['mail'];
- $subject = 'Your new password - {hotelName}';
- $message = "Your login information \r\nUsername: $username\r\nPassword: $pass";
- $header = "From: " . $email;
- $sentmail = mail($to, $subject, $message, $header);
- $endquery = dbquery("DELETE FROM `passrecovery` WHERE hash='$hashcode'");
- } else {
- echo 'Invalid key';
- }
- }
- if (isset($_POST['submit'])) {
- // Look for their user
- $user = filter($_POST['username']);
- $check = dbquery("SELECT mail FROM `users` WHERE username='$user'");
- // If we find a row
- if ($check->num_rows) {
- $r = $check->fetch_assoc();
- $code = dbquery("SELECT NULL FROM `passrecovery` WHERE username='$user'");
- if ($code->num_rows) {
- $hash = md5(uniqid(mt_rand(), true));
- $query1 = dbquery("INSERT INTO `passrecovery`(username, hash) VALUES ('$user', '$hash')");
- echo 'Please check your email (It may appear in the Junk folder).';
- $to = $r['mail'];
- $subject = "Password reset - {hotelName}";
- $header = "Content-type: text/html\r\n";
- $header .= "From: " . $email;
- $message = "Your confirmation link<br>\r\n";
- $message .= "<a href={siteurl}/forgot?code=$hash> Click here to get a password sent to you.\r\n </a><br>";
- $message .= "If you cannot click the link, copy and paste this link to your URL bar..\r\n<br>";
- $message .= "{siteurl}/forgot?code=" . $hash;
- $sentmail = mail($to, $subject, $message, $header);
- }
- } // If no row was found
- else {
- echo "An error has occured. <br> If you are sure you entered your username correctly, please contact an administrator.";
- }
- } else {
- ?>
- <form method="post">
- <input type="text" name="username"/>
- <input type="submit" name="submit" value="Submit"/>
- </form>
- <?php } ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement