Page 1 of 1

Re: php forgot password script issue

Posted: Sat Jun 27, 2015 1:39 pm
by Celauran
[text] /**
* New password was generated for user and sent to user's
* email address.
*/[/text]
Ouch. Sending passwords by email? Not a great idea.

That aside,

Code: Select all

         /* Make sure email is in database */
         $subemail = stripslashes($subemail);
         if(!$subemail || strlen($subemail = trim($subemail)) == 0){
            $form->setError($field, "* Email does not exist<br>");
         }
Nowhere does that actually query the database. Compare this against the unmodified version of the function.