if ($_GET[h] && $_GET[h] != '' && $_GET[h] != '0'){ $output_random_pass = rand

1. if ($_GET[h] && $_GET[h] != '' && $_GET[h] != '0'){
2. $output_random_pass = random_string(10);
3. $query = mysql_query("SELECT username FROM `account` WHERE reset_password='$_GET[h]'");
4. $res = mysql_fetch_array($query);
5. if (mysql_num_rows($query) == 1){
6. echo "Hi $res[username], Your password is: $output_random_pass. Please change your password fast as possible.";
7. $pass_hash = sha_password($res[username],$output_random_pass);
8. mysql_query("UPDATE `account` SET sha_pass_hash='$pass_hash' WHERE reset_password='$_GET[h]'");
9. mysql_query("UPDATE `account` SET reset_password='' WHERE username='$res[username]'");
10. }else{
11. echo "Error.";
12. }