Parker Clack
06-17-2002, 06:56 AM
I have added an option for our members to add a secret word to their profile so if they forget their password and their email address has changed they can still change their email address to have the password reset email sent to their new address.
I have it working somewhat with:
if ($action=="resetemail") {
include("./global.php");
if ($bbuserinfo[userid]==0 or $permissions['canmodifyprofile']==0) {
show_nopermission();
}
if ($email=="" or $secret=="") {
eval("standarderror(\"".gettemplate("error_fieldmissing")."\");");
exit;
}
$user=$DB_site->query_first("SELECT email,userid,secret FROM user WHERE secret='".addslashes(htmlspecialchars($secret))."'");
if ($user['secret']==$secret) {
$DB_site->query("UPDATE user SET email='".addslashes(htmlspecialchars($email))."' WHERE userid='$userid'");
$url = str_replace("\"", "", $url);
eval("standarderror(\"".gettemplate("redirect_emailupdated")."\");");
} else {
$url = str_replace("\"", "", $url);
eval("standarderror(\"".gettemplate("error_infoinvalid")."\");");
}
}
This ofcourse only changes the first secret word that the database runs into and changes the email address for that userid but if you have more than one person with the same secret word it will change the first one that it runs into and not the one that needs to be changed.
I know I need to run an while array here but I am not sure how to code it. Also, I need it to check to see that the userid and username of the person matches the secret code so it isn't changing another member's email address.
Thanks for any suggestions.
Parker
I have it working somewhat with:
if ($action=="resetemail") {
include("./global.php");
if ($bbuserinfo[userid]==0 or $permissions['canmodifyprofile']==0) {
show_nopermission();
}
if ($email=="" or $secret=="") {
eval("standarderror(\"".gettemplate("error_fieldmissing")."\");");
exit;
}
$user=$DB_site->query_first("SELECT email,userid,secret FROM user WHERE secret='".addslashes(htmlspecialchars($secret))."'");
if ($user['secret']==$secret) {
$DB_site->query("UPDATE user SET email='".addslashes(htmlspecialchars($email))."' WHERE userid='$userid'");
$url = str_replace("\"", "", $url);
eval("standarderror(\"".gettemplate("redirect_emailupdated")."\");");
} else {
$url = str_replace("\"", "", $url);
eval("standarderror(\"".gettemplate("error_infoinvalid")."\");");
}
}
This ofcourse only changes the first secret word that the database runs into and changes the email address for that userid but if you have more than one person with the same secret word it will change the first one that it runs into and not the one that needs to be changed.
I know I need to run an while array here but I am not sure how to code it. Also, I need it to check to see that the userid and username of the person matches the secret code so it isn't changing another member's email address.
Thanks for any suggestions.
Parker