\r\n"; $headers .= "Reply-To: Wettmeister-Webmaster <$Webmaster>\r\n"; $headers .= "Content-Type: text/plain; charset=utf-8\r\n"; $headers .= "Content-Transfer-Encoding: 8bit"; $text = << EOF; #echo "

".htmlescape($email)."\n".htmlescape($headers)."\n".htmlescape($text)."

"; die; $res = mail($email, "Wettmeister-Kennwortwiederherstellung", $text, $headers); #var_dump($res); #echo "

$text

"; Leave('index', 'recovery'); } else { /*********************************************************************/ ///// FINISH RECOVERY ///// $uid = intval($_POST['uid']); $akey = $_POST['akey']; $user = Query("SELECT * FROM wm_users WHERE id=$uid"); if (!$user) Leave('index', 'mouid'); $user = $user[0]; if ($user['akey'] != $akey) Leave('index', 'wrongcode'); $newpass1 = stripslashes($_POST['newpass1']); $newpass2 = stripslashes($_POST['newpass2']); if (!$newpass1) { redirect("recover.php?uid=$uid&akey=$akey&reason=nopass"); die; } if ($newpass1 != $newpass2) { redirect("recover.php?uid=$uid&akey=$akey&reason=mismatch"); die; } $pass = MakePassword($newpass1); Query("UPDATE wm_users SET akey=NULL, pass='$pass' WHERE id=$uid"); Leave('index', 'recovered'); } CloseDB(); ?>