summaryrefslogtreecommitdiff
path: root/forgot.php
diff options
context:
space:
mode:
Diffstat (limited to 'forgot.php')
-rw-r--r--forgot.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/forgot.php b/forgot.php
index ad036d2..9ea9777 100644
--- a/forgot.php
+++ b/forgot.php
@@ -4,7 +4,7 @@ require('inc/common.php');
if ($b_user['id'] > 0) loggedin();
if (!empty($_GET['key']) && !empty($_GET['id'])) {
$db = new bdb() or fatal('No database connection!');
- $result = $db->query('SELECT id FROM users WHERE id = '.intval($_GET['id']).' AND session = \''.hash('sha512', $_GET['key']).'\' AND active = 1 LIMIT 1') or fatal($db->error);
+ $result = $db->query('SELECT id FROM users WHERE id = '.intval($_GET['id']).' AND session = \''.bulletin_hash($_GET['key']).'\' AND active = 1 LIMIT 1') or fatal($db->error);
if ($result->num_rows < 1) {
$result->free();
$db->close();
@@ -19,14 +19,14 @@ if (!empty($_GET['key']) && !empty($_GET['id'])) {
$token = uniqid('fp', true);
$result = $db->query('SELECT id FROM users WHERE email = \''.$db->escape_string($_POST['email']).'\'') or fatal($db->error);
if ($result->num_rows > 0) {
- $db->query('UPDATE users SET session = \''.hash('sha512', $token).'\' WHERE email = \''.$db->escape_string($_POST['email']).'\'') or fatal($db->error);
+ $db->query('UPDATE users SET session = \''.bulletin_hash($token).'\' WHERE email = \''.$db->escape_string($_POST['email']).'\'') or fatal($db->error);
if ($db->affected_rows < 1) fatal('Could not affect the database');
$row = $result->fetch_assoc();
$result->free();
$db->close();
- mail($_POST['email'], 'Recover Your Bulletin Account', tpl(array(
+ bulletin_mail($_POST['email'], 'Recover Your Bulletin Account', tpl(array(
'vars' => 'id='.$row['id'].'&key='.$token,
-), 'forgot.tpl'), "From: ".$b_config['mail_from']."\r\nContent-type: text/html") or fatal('Could not send out the recovery email, we apologize for the inconvenience.');
+), 'forgot.tpl')) or fatal('Could not send out the recovery email, we apologize for the inconvenience.');
fatal('A recovery email has been sent to the address you supplied. You can use this email to access your account, and from there change your password.');
} else {
$result->free();
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-03 03:49:37 +0000