<?phprequire_once("common.php");error_reporting(E_ALL);$user = @$_POST[

1. <?php
2. require_once("common.php");
3. error_reporting(E_ALL);
4.  
5. $user = @$_POST['user'];
6.  
7. $pw = "";
8. $alpha = "abcdefghijklmnopqrstuvwxyz";
9. for ($i = 0; $i < 8; $i++)
10. $pw .= $alpha[mt_rand(0, 25)];
11.  
12. $hash_pw = sha1($user . $pw);
13.  
14.  
15. $qry = mysql_query("SELECT * FROM `players` WHERE username = '" . mysql_real_escape_string($user) . "';");
16. $row = mysql_fetch_assoc($qry);
17. $email = $row['email'];
18.  
19. if(empty($email)) {
20. echo 'This user has no email please set an email to activate a password reset';
21. } else {
22. mysql_select_db("emps");
23. mysql_query("UPDATE `players` SET password = '" . $hash_pw . "', password_salt=NULL, hash_func='' WHERE username = '" . mysql_real_escape_string($user) . "';");
24. generate_mail(6, $user, $email, $pw);
25. echo '<p>A new password for <?php echo htmlentities($user); ?> was sent to <?php echo $email; ?>.</p>
26. <p><a href="index.php">OK</a></p>';
27. }
28. ?>