Invalid username /email combination.'; }
//i there isn't any error, give this user, a new password, and email it to them!
if (!$error) {
$mysql['user_id'] = mysql_real_escape_string($user_row['user_id']);
//generate random key
$user_pass_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$user_pass_key = substr(str_shuffle($user_pass_key), 0, 40) . time();
$mysql['user_pass_key'] = mysql_real_escape_string($user_pass_key);
//set the user pass time
$mysql['user_pass_time'] = time();
//insert this verification key into the database, and the timestamp of inserting it
$update_sql = " UPDATE 202_users
SET user_pass_key='" . $mysql['user_pass_key'] . "',
user_pass_time='" . $mysql['user_pass_time'] . "'
WHERE user_id='".$mysql['user_id']."'";
$update_result = _mysql_query($update_sql);
//now email the user the script to reset their email
$to = $_POST['user_email'];
$subject = "[Propser202 on ".$_SERVER['SERVER_NAME']."] Password Reset";
$message = "
Someone has asked to reset the password for the following site and username.
http://".$_SERVER['SERVER_NAME']."
Username: ".$_POST['user_name']."
To reset your password visit the following address, otherwise just ignore this email and nothing will happen.
http://".$_SERVER['SERVER_NAME']."/202-pass-reset.php?key=$user_pass_key
";
$from = "propser202@".$_SERVER['SERVER_NAME'];
$header = "From: Propser202<" . $from . "> \r\n";
$header .= "Reply-To: ".$from." \r\n";
$header .= "To: " . $to . " \r\n";
$header .= "Content-Type: text/html; charset=\"iso-8859-1\" \r\n";
$header .= "Content-Transfer-Encoding: 8bit \r\n";
$header .= "MIME-Version: 1.0 \r\n";
mail($to,$subject,$message,$header);
$success = true;
}
$html['user_name'] = htmlentities($_POST['user_name'], ENT_QUOTES, 'UTF-8');
$html['user_email'] = htmlentities($_POST['user_email'], ENT_QUOTES, 'UTF-8');
} ?>
An email has been sent with a link where you can change your password.