I need some help to finish this hack please!
 

I have added an option for our members to add a secret word to their profile so if they forget their password and their email address has changed they can still change their email address to have the password reset email sent to their new address.

I have it working somewhat with:

if ($action=="resetemail") {
include("./global.php");

if ($bbuserinfo[userid]==0 or $permissions['canmodifyprofile']==0) {
show_nopermission();
}

if ($email=="" or $secret=="") {
eval("standarderror(\"".gettemplate("error_fieldmi ssing")."\");");
exit;
}

$user=$DB_site->query_first("SELECT email,userid,secret FROM user WHERE secret='".addslashes(htmlspecialchars($secret))."' ");

if ($user['secret']==$secret) {

$DB_site->query("UPDATE user SET email='".addslashes(htmlspecialchars($email))."' WHERE userid='$userid'");

$url = str_replace("\"", "", $url);
eval("standarderror(\"".gettemplate("redirect_emai lupdated")."\");");

} else {

$url = str_replace("\"", "", $url);
eval("standarderror(\"".gettemplate("error_infoinv alid")."\");");

}
}

This ofcourse only changes the first secret word that the database runs into and changes the email address for that userid but if you have more than one person with the same secret word it will change the first one that it runs into and not the one that needs to be changed.

I know I need to run an while array here but I am not sure how to code it. Also, I need it to check to see that the userid and username of the person matches the secret code so it isn't changing another member's email address.

Thanks for any suggestions.

Parker

Chen:

As usual that works like a champ.

Thanks again,
Parker

You're welcome. :)

That looks sweet Chen...

What file would you add this to?

member.php?

Satan

Heh, I dunno, ask Parker. :) I just fixed his code.

I just PMed you Parker...

Thanks Chen:)

Satan