Try my Nehalem code..should work for you.
Code:
<?
/*recover.php modified by kp380lv*/
require "include/bittorrent.php";
dbconn();
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$email = trim($_POST["email"]);
if (!$email)
stderr($tracker_lang['error'], "You must enter an email address");
$res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or stderr($tracker_lang['error'], "The email address was not found in the database.\n");
$sec = mksecret();
sql_query("UPDATE users SET editsecret=" . sqlesc($sec) . " WHERE id=" . $arr["id"]) or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows())
stderr($tracker_lang['error'], "Database error. Please contact an administrator about this.");
$hash = md5($sec . $email . $arr["passhash"] . $sec);
$body = <<<EOD
Someone, hopefully you, requested that the password for the account
associated with this email address ($email) be reset.
If you did not do this ignore this email. Please do not reply.
Should you wish to confirm this request, please follow this link:
$DEFAULTBASEURL/recover.php?confirm&id={$arr["id"]}&secret=$hash
After you do this, your password will be reset and emailed back to you.
--
$SITENAME
EOD;
mail($arr["email"], "$DEFAULTBASEURL password reset confirmation from", $body, "From: $SITEEMAIL");
stderr($tracker_lang['success'], "A confirmation email has been mailed.\n" .
" Please allow a few minutes for the mail to arrive.");
}
elseif(isset($_GET['confirm']))
{
// if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches))
// httperr();
// $id = 0 + $matches[1];
// $md5 = $matches[2];
if (!is_valid_id($_GET["id"]))
stderr($tracker_lang['error'], $tracker_lang['invalid_id']);
$id = 0 + $_GET["id"];
$md5 = $_GET["secret"];
$res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = $id");
$arr = mysql_fetch_array($res) or stderr($tracker_lang['error'],"??? ???????????? ? ????? ID");
$email = $arr["email"];
$sec = hash_pad($arr["editsecret"]);
if (preg_match('/^ *$/s', $sec))
stderr($tracker_lang['error'],"Error");
if ($md5 != md5($sec . $email . $arr["passhash"] . $sec))
stderr($tracker_lang['error'],"Error");
// generate new password;
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$newpassword = "";
for ($i = 0; $i < 10; $i++)
$newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];
$sec = mksecret();
$newpasshash = md5($sec . $newpassword . $sec);
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" . sqlesc($arr["editsecret"]));
if (!mysql_affected_rows())
stderr($tracker_lang['error'], "Unable to update user data. Please contact an administrator about this error.");
$body = <<<EOD
As per your request we have generated a new password for your account.
Here is the information we now have on file for this account:
User name: {$arr["username"]}
Password: $newpassword
You may login at: $DEFAULTBASEURL/login.php
--
$SITENAME
EOD;
mail($email, "$DEFAULTBASEURL account details", $body, "From: $SITEEMAIL");
stderr($tracker_lang['success'], "The new account details have been mailed to <b>$email</b>.\n" .
"Please allow a few minutes for the mail to arrive.");
}
else
{
stdhead("Recover lost user name or password");
?>
<form method="post" action="recover.php">
<table border="1" cellspacing="0" cellpadding="5">
<tr><td class="colhead" colspan="2">Recover user name or password</td></tr>
<tr><td colspan="2">Use the form below to have your password reset and<br /> your account details mailed back to you.<br /><br />
You will have to reply to a confirmation email.</td></tr>
<tr><td class="rowhead">Registered email</td>
<td><input type="text" size="40" name="email"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" value="Recover!"></td></tr>
</table>
<?
stdfoot();
}
/*recover.php modified by kp380lv*/
?>