$email was not found in the database.\n"); $sec = mksecret(); do_mysql_query("UPDATE users SET editsecret=" . sqlesc($sec) . " WHERE id=" . $arr["id"]) or sqlerr(); if (!mysql_affected_rows()) stderr( _("Error"), "Database error. Please contact an administrator about this."); $hash = md5($sec . $email . $arr["passhash"] . $sec); $body = <<$email.\n" . "Please allow a few minutes for the mail to arrive."); } elseif($_GET) { // if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches)) // httperr(); // $id = 0 + $matches[1]; // $md5 = $matches[2]; $id = (int) $_GET["id"]; $md5 = $_GET["secret"]; if (!$id) httperr(); $res = do_mysql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = $id"); $arr = mysql_fetch_array($res) or httperr(); $email = $arr["email"]; $sec = hash_pad($arr["editsecret"]); if (preg_match('/^ *$/s', $sec)) httperr(); if ($md5 != md5($sec . $email . $arr["passhash"] . $sec)) httperr(); // generate new password; $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $newpassword = ""; for ($i = 0; $i < 10; $i++) $newpassword .= $chars[mt_rand(0, strlen($chars) - 1)]; $sec = mksecret(); $newpasshash = md5($sec . $newpassword . $sec); do_mysql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" . sqlesc($arr["editsecret"])); if (!mysql_affected_rows()) stderr( _("Error"), "Unable to update user data. Please contact an administrator about this error."); $body = <<$email.\n" . "Please allow a few minutes for the mail to arrive."); } else { stdhead(); ?>

Recover lost user name or password

Use the form below to have your password reset and your account details mailed back to you.
(You will have to reply to a confirmation email.)

Registered email