Execute("SELECT user_recovery_time FROM td_users WHERE user_id='$uid' AND user_recovery_code='$code'"); if ($result->EOF) ErrorOut("Invalid user ID or recovery code."); list($rt) = $result->fields; if (time() > ($rt + 86400)) ErrorOut("This password recovery link has expired. Please request a new one."); if ($rt == 0) ErrorOut("Password recovery link unavailable"); if ($_POST['exec'] != "1") { // Display the recovery page PrintHeader("Password Recovery - Enter New Password"); echo "

"; echo "Please enter your new password:

"; echo ""; echo ""; echo ""; echo ""; echo "

New Password:
Confirm Password:

"; echo "

"; PrintFooter(); } else { // Recover the password $passwd = trim($_POST['passwd']); $passwd2 = trim($_POST['passwd2']); if (strlen($passwd) < 6 || strlen($passwd) > 32) ErrorOut("Passwords must be at least 6 characters and no more than 32."); if ($passwd != $passwd2) ErrorOut("Passwords do not match."); // Set the password $dbconn->Execute("UPDATE td_users SET user_password='" . sha1($passwd) . "', user_recovery_time=0, user_recovery_code='' WHERE user_id='$uid' LIMIT 1"); // Tell the user we're successful PrintHeader("Password Recovery Successful"); echo "Your password has been successfully reset. You may now log in."; PrintFooter(); } } function recover_recover() { $email = trim($_POST['email']); if ($email == "") ErrorOut("Please provide a valid e-mail address."); // Get the userid and other info $dbconn = dbInit(); $result = $dbconn->Execute("SELECT user_id, user_recovery_time, user_active FROM td_users WHERE user_email='$email'"); if ($result->EOF) ErrorOut("The e-mail address you provided is invalid."); list($id, $rt, $active) = $result->fields; if ($active == "0") ErrorOut("This account has not yet been activated."); if (time() < ($rt + 86400)) ErrorOut("You have recently requested to recover your password on this account. Only one request per 24-hour period is allowed."); // Generate the ID $rc = uniqid("TD_PWR_"); // Send the e-mail Mail($email, "[TorqueDev] Password Recovery", "Hello,\n\nYou or someone else has requested a password recovery link on the TorqueDev website.\n\nTo create a new password, follow the link below. If you did not request this, or received this e-mail in error, you may ignore it. This link will expire in 24 hours.\n\n\nhttp://www.torquedev.com/network/recover.php?op=change&uid=$id&code=$rc\n\n\nSincerely,\nSam Bacsa", "From: TorqueDev Network "); // Update the database $dbconn->Execute("UPDATE td_users SET user_recovery_time=" . time() . ", user_recovery_code='$rc' WHERE user_id=$id"); // Inform the user PrintHeader("Password Recovery Mail Sent"); echo "The password recovery e-mail has been sent to $email. You will be receiving it shortly. Please follow the directions in that e-mail to complete this process."; PrintFooter(); } function recover_main() { PrintHeader("Password Recovery"); echo "To recover your password, enter your e-mail address below. You will be sent a link which you can use to provide a new password. If you no longer have access to the address in question, you'll have to e-mail us."; echo "

"; echo "

"; echo "E-Mail Address:

"; PrintFooter(); } ?>