Password Reset"; include "header.html"; print "

Password Reset

"; openDatabase (); $email = $_POST['email']; $query = "SELECT user FROM users WHERE email='$email'"; $result = mysql_query($query); if (mysql_errno ()) { error ("Select error for " . $query . ": " . mysql_error ()); } if (mysql_num_rows($result) != 1) { error ("No user matching email: " . $email); } else { $user = mysql_result ($result, 0, 0); } $password = substr (md5 ($user . rand (0, 100000)), 0, 8); $encryptedpass = md5 ($password . $user); // We use the user as a salt $query = "UPDATE users SET password='$encryptedpass' WHERE user='$user'"; $result = mysql_query($query); if (mysql_errno ()) { error ("Update failed for " . $query . ": " . mysql_error ()); } mysql_close(); $msg = "\nYour new login information is:\n" . " Username: " . $user . "\n" . " Password: " . $password . "\n\n" . "Login at: " . $siteurl . $baseurl . "\n"; mail ($email, $sitename . " Password Reset", $msg, "From: " . $botname); print "A new password has been sent to " . $email . ".

"; print "Return to login page

"; include "footer.php"; } ?>