<? php

if(. defined ( ‘DATALIFEENGINE’ ) ) <

die( «Hacking attempt!» );

if( $is_logged ) <

msgbox ( $lang [ ‘all_info’ ], $lang [ ‘user_logged’ ] );

> elseif( intval ( $_GET [ ‘douser’ ] ) ) <

$douser = intval ( $_GET [ ‘douser’ ] );

$lostid = $_GET [ ‘lostid’ ];

$row = $db -> super_query ( «SELECT lostid FROM «. USERPREFIX. «_lostdb WHERE lostname=’ $douser ‘» );

if( $row [ ‘lostid’ ] == $lostid ) <

$row = $db -> super_query ( «SELECT name FROM «. USERPREFIX. «_users WHERE user_id=’ $douser ‘ LIMIT 0,1» );

$username = $row [ ‘name’ ];

$salt = «012» ;

srand ( ( double ) microtime () * 1000000 );

for( $i = 0 ; $i < 9 ; $i ++) <

$new_pass .= $salt < rand ( 0. 33 )>;

$db -> query ( «UPDATE «. USERPREFIX. «_users set password='». md5 ( md5 ( $new_pass ) ). «‘, allowed_ip = » WHERE user_id=’ $douser ‘» );

$db -> query ( «DELETE FROM «. USERPREFIX. «_lostdb WHERE lostname=’ $douser ‘» );

msgbox ( $lang [ ‘lost_gen’ ], » $lang [ lost_npass ] <br /><br /> $lang [ lost_login ] &nbsp;&nbsp;<b> $username </b><br /> $lang [ lost_pass ] <b> $new_pass </b><br /><br /> $lang [ lost_info ] » );

> else <

$db -> query ( «DELETE FROM «. USERPREFIX. «_lostdb WHERE lostname=’ $douser ‘» );

msgbox ( $lang [ ‘all_err_1’ ], $lang [ ‘lost_err’ ] );

> elseif( isset( $_POST [ ‘submit_lost’ ] ) ) <

if( $_POST [ ‘sec_code’ ] != $_SESSION [ ‘sec_code_session’ ] or. $_SESSION [ ‘sec_code_session’ ] ) <

msgbox ( $lang [ ‘all_err_1’ ], $lang [ ‘reg_err_19’ ]. «<br /><br /><a href=\»javascript:history. go(-1)\»> $lang [ all_prev ] </a>» );

> else <

$_SESSION [ ‘sec_code_session’ ] = false ;

$lostname = $db -> safesql ( $_POST [ ‘lostname’ ] );

if( ereg ( ‘^[-!#$%&\’*+\\./0-9=?A-Z^_`a-z<|>

]+’. ‘@’. ‘[-!#$%&\’*+\\/0-9=?A-Z^_`a-z<|>

]+\.’. ‘[-!#$%&\’*+\\./0-9=?A-Z^_`a-z<|>

]+$’. $lostname ) ) $search = «email = ‘». $lostname. «‘» ;

else $search = «name = ‘». $lostname. «‘» ;

$db -> query ( «SELECT user_id, email, name FROM «. USERPREFIX. «_users where < $search > LIMIT 0,1″ );

if( $db -> num_rows () > 0 ) <

include_once ENGINE_DIR. ‘/classes/mail. class. php’ ;

$mail = new dle_mail ( $config );

$row = $db -> get_row ();

$db -> free ();

$lostmail = $row [ ’email’ ];

$userid = $row [ ‘user_id’ ];

$lostname = $row [ ‘name’ ];

$row = $db -> super_query ( «SELECT template FROM «. PREFIX. «_email where name=’lost_mail’ LIMIT 0,1» );

$row [ ‘template’ ] = stripslashes ( $row [ ‘template’ ] );

$salt = «012» ;

srand ( ( double ) microtime () * 1000000 );

for( $i = 0 ; $i < 15 ; $i ++) <

$rand_lost .= $salt < rand ( 0. 33 )>;

$lostid = sha1 ( md5 ( $lostname. $lostmail ). time (). $rand_lost );

if ( strlen ( $lostid ) != 40 ) die ( «US Secure Hash Algorithm 1 (SHA1) disabled by Hosting» );

$lostlink = $config [ ‘http_home_url’ ]. «index. php? do=lostpassword&douser=». $userid. «&lostid=». $lostid ;

$db -> query ( «DELETE FROM «. USERPREFIX. «_lostdb WHERE lostname=’ $userid ‘» );

$db -> query ( «INSERT INTO «. USERPREFIX. «_lostdb (lostname, lostid) values (‘ $userid ‘, ‘ $lostid ‘)» );

$row [ ‘template’ ] = str_replace ( «<%username%>«. $lostname. $row [ ‘template’ ] );

$row [ ‘template’ ] = str_replace ( «<%lostlink%>«. $lostlink. $row [ ‘template’ ] );

$row [ ‘template’ ] = str_replace ( «<%ip%>«. $_SERVER [ ‘REMOTE_ADDR’ ], $row [ ‘template’ ] );

$mail -> send ( $lostmail. $lang [ ‘lost_subj’ ], $row [ ‘template’ ] );

if( $mail -> send_error ) msgbox ( $lang [ ‘all_info’ ], $mail -> smtp_msg );

else msgbox ( $lang [ ‘lost_ms’ ], $lang [ ‘lost_ms_1’ ] );

> else <

msgbox ( $lang [ ‘all_err_1’ ], $lang [ ‘lost_err_1’ ] );

> else <

$tpl -> load_template ( ‘lostpassword. tpl’ );

$tpl -> set ( ‘'. "<span id=\"dle-captcha\"><img src=\"". $path [ 'path' ]. "engine/modules/antibot. php\" alt=\" < $lang [ 'sec_image' ]> \" border=\"0\" /><br /><a onclick=\"reload(); return false;\" href=\"#\"> < $lang [ 'reload_code' ]> </a></span>" );