<?php

if(!defined('GEN4_PROCESS')) exit();
$ref_title = "Reset Your Password";

$tok_id = sha1(md5(session_id()));
$done = 0;
if($loggedin) {
	$error = "You are already logged in.";
} elseif($_GET['k'] and $_GET and $_SESSION['rp_key'] and $_GET['k'] == $_SESSION['rp_key']) {
	$gen_pw = substr(md5(time()), 0, 10);
	$new_password = sha1($gen_pw);
	mysql_query("UPDATE users SET password='$new_password' WHERE username='{$_SESSION['rp_user']}' LIMIT 1;");
	$epconts .= "Hello {$_SESSION['rp_user']},<br /><br />

We've successfully changed your password for {$set['site_name']}.<br />
You're new password for {$set['site_name']} is \"$gen_pw\" (without the quotes).<br /><br />

Thanks,<br />
{$set['site_name']}";

	$headers  = "MIME-Version: 1.0\r\n";
	$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
	$headers .= "Reply-To: {$set['title']} <{$set['noreply']}>\r\n"; 
    $headers .= "Return-Path: {$set['title']} <{$set['noreply']}>\r\n"; 
    $headers .= "From: {$set['title']} <{$set['noreply']}>\r\n"; 

	@mail($_SESSION['rp_email'], "New Password - {$set['title']}", $epconts, $headers);
	$email = $_SESSION['rp_email'];
	
	$_SESSION['rp_key'] = false;
	$_SESSION['rp_user'] = false;
	$_SESSION['rp_email'] = false;
	$error = "We have sent an email with your new password to {$email}.";
	$done = 1;
} elseif(isset($_POST['reset'])) {
	$username = $do->filter($_POST['login_username']);
	$email = $do->filter($_POST['login_email']);

	if(!$username) {
		$error=(!$error) ? "You forgot to fill in the username field." : $error;
	}
	if(!$email) {
		$error=(!$error) ? "You forgot to fill in the e-mail field." : $error;
	}

	$u_ex = mysql_query("SELECT COUNT(*) AS cnt FROM users WHERE username='{$username}' AND email='{$email}' LIMIT 1;");
	$u_ex = mysql_fetch_array($u_ex);
	$u_ex = $u_ex['cnt'];

	if(!$u_ex) $error=(!$error) ? "We couldn't find an account with those details." : $error;

	if(!$error) {
		$my_rp_key = md5(time());
		$_SESSION['rp_key'] = $my_rp_key;
		$_SESSION['rp_email'] = $email;
		$_SESSION['rp_user'] = $username;

		$emconts = "Hello {$username},<br /><br />

You recently requested for your password to be changed on {$set['site_name']}. If you authorized this request, please click the link below and we will send you a new password.<br /><br />

Copy and paste the link below to have your password sent to you.<br />
".($do->get_loc())."reset.php?k={$my_rp_key}<br /><br />

Thank You,<br />
{$set['site_name']}";

		$headers  = "MIME-Version: 1.0\r\n";
		$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
		$headers .= "Reply-To: {$set['title']} <{$set['noreply']}>\r\n"; 
    	$headers .= "Return-Path: {$set['title']} <{$set['noreply']}>\r\n"; 
    	$headers .= "From: {$set['title']} <{$set['noreply']}>\r\n"; 

		@mail($email, "Password Reset - {$set['title']}", $emconts, $headers);

		$error = "We have sent a confirmation email to {$email}.<br />Please click the link provided to have us email you a new password.";
		$done = 1;
	}

}
$contents = "
	<div id=\"content\" class=\"register cashpin\">
		<h1 class=\"reset\">{$ref_title}</h1>";
		
if($error) $contents .= "
		<div class=\"error\">$error</div>";

if(!$done) {
	$contents .= "
		<div>
			<form action=\"\" method=\"post\">
				<input type=\"hidden\" name=\"token\" value=\"{$tok_id}\">
				<div><label for=\"l_username\">Username:</label> <input type=\"text\" name=\"login_username\" id=\"l_username\" value=\"{$username}\" /></div>
				<div><label for=\"L_email\">E-Mail Address</label> <input type=\"text\" id=\"L_email\" name=\"login_email\" /></div>
				<p class=\"border\"></p>
				{$captcha}
				<input type='hidden' name='7' value='{$country_name}'>
				<div class=\"buttons\"><input type=\"submit\" name=\"reset\" class=\"bigbutton\" value=\"Reset My Password!\" /> <a href=\"login.php\">Back to Login</a></div>
			</form>
			<div class=\"clear\"></div>
		</div>";
}else $contents .= "
		<script type=\"text/javascript\">window.location = 'acc.php';</script>";
$contents .= "
	</div>";
?>