blogartisanal/user/lost2.php

<?php

session_start();
require_once('config.php');
$page_name='Password forgotten';
include_once('top.php');

//récupération du formulaire
$email=formulaires($_POST['email']);
$username=formulaires($_POST['username']);
if(!$email)
	{
	echo"Empty E-mail.<br /><a href='#' onClick='history.back()'>Back</a></center>";
	include_once('bottom.php');
	return FALSE;
	}
if(!$username)
	{
	echo"Empty username.<br /><a href='#' onClick='history.back()'>Back</a></center>";
	include_once('bottom.php');
	return FALSE;
	}

$reponse_username=mysql_query("SELECT username FROM user WHERE username='$username'") or die ('error : '.mysql_error());	
$count_username=mysql_num_rows($reponse_username);
if($count_username == 0)
	{
	echo"Invalid username.<br /><a href='#' onClick='history.back()'>Back</a>";
	include_once('bottom.php');
	return FALSE;
	}

$reponse_email=mysql_query("SELECT email FROM user WHERE email='$email'") or die ('error : '.mysql_error());	
$count_email=mysql_num_rows($reponse_email);
if($count_email == 0)
	{
	echo" Invalid E-mail.<br /><a href='#' onClick='history.back()'>Back</a>";
	include_once('bottom.php');
	return FALSE;
	}

$existe=mysql_query("SELECT email FROM user WHERE email='$email' AND username='$username'") or die ('error : '.mysql_error());	
$test=mysql_num_rows($existe);
if($test == 0)
	{
	echo"E-mail and Username don't match.<br /><a href='#' onClick='history.back()'>Back</a>";
	include_once('bottom.php');
	return FALSE;
	}
	
for ($ligne=0;$ligne<10;$ligne++)		//Création d'un mot de passe aléatoire
	{
	@$passwd.=substr('0123456789AZERTYUIOPMLKJHGFDSQWXCVBN',(rand()%(strlen('0123456789AZERTYUIOPMLKJHGFDSQWXCVBN'))),1);
	}
	
mail("$email", "".$website_name." - Forgotten password" , "Hello, this is your new password : ".$passwd."", "From: ".$blog_email."");
$passwd=md5($passwd);
mysql_query("UPDATE user SET pass='$passwd' WHERE email='$email'") or die ('error : '.mysql_error());	
echo 'An E-mail has been sent to your mailbox with your new password';
?>