• Registered: 2006-08-29
  • Posts: 4

Topic: "New password request" not working

I was testing the "Forgot your password?" thing. For some stupid reason, i used the admin username. Anyway, i typed my email address in there, but the newly generated password didnt work. (yes, i went to the activation page)

Is there anything wrong with this?

                // Generate a new password and a new password activation code
                $new_password = random_pass(8);
                $new_password_key = random_pass(8);

                $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.pun_hash($new_password).'\', activate_key=\''.$new_password_key.'\' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());

                // Do the user specific replacements to the template
                $cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
                $cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'].'/profile.php?id='.$cur_hit['id'].'&action=change_pass&key='.$new_password_key, $cur_mail_message);
                $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);

                pun_mail($email, $mail_subject, $cur_mail_message);
            }

            message($lang_login['Forget mail'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
        }
        else
            message($lang_login['No e-mail match'].' '.htmlspecialchars($email).'.');
    }

And if i get the admin password from the db, is there a way i can decode it?

thankyou

  • Registered: 2006-06-05
  • Posts: 410

Re: "New password request" not working

matt54311 wrote:

And if i get the admin password from the db, is there a way i can decode it?

No. However, you could encrypt a new password yourself and put that value in the db.