Untitled

<?
require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'include'.DIRECTORY_SEPARATOR.'bittorrent.php');
require_once(INCL_DIR.'user_functions.php');
require_once(INCL_DIR.'password_functions.php');
dbconn();
loggedinorreturn();

$HTMLOUT . '';

// Reset Lost Password ACTION
if ($CURUSER['class'] < UC_ADMINISTRATOR)
    stderr("Error", "Permission denied Your Not A Admin+.");

if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST")
{
  $username = trim($_POST["username"]);
    $res = mysql_query("SELECT * FROM users WHERE username=" . sqlesc($username) . " ") or sqlerr();
 $arr = mysql_fetch_assoc($res);


 $id = $arr['id'];
$newpass="digifeed";
$secret = mksecret();
$newpassword =  make_passhash( $secret, md5($newpass) ) ;
mysql_query('UPDATE users SET passhash=' . sqlesc($newpassword) . ' WHERE id = ' . sqlesc($id) . ' AND editsecret = ' . sqlesc($fetch["editsecret"]));
write_log("Password Reset For $username by $CURUSER[username]");
  if (!mysql_affected_rows())
    stderr("Error", "Unable to RESET PASSWORD on this account.");
  else
    stderr("Success", "The account <b>$username</b> Password Reset To resetthisnow please inform User of this change.");

}
stdhead("Reset User's Lost Password");
$HTMLOUT .="
<h1>Reset User's Lost Password</h1>
<form method='post' action='resetpassword.php' >
<table border='0' cellspacing='0' cellpadding='5'>
<tr><td><input size='40' name='username' value='Username here' />&nbsp;&nbsp;<input type='submit' class='btn' value='resetthisnow' /></td></tr>
</table></form>";

print stdhead('Reset Lost Password'). $HTMLOUT . stdfoot();
?>