<?php
$pagetitle = 'Password Recovery';
require 'common.php';
if (!$HGM)
{
$tpl->message = 'You must be a High Game Master to view this page.';
$tpl->Execute(null);
exit;
}
if (!$logged)
{
$tpl->message = 'You must be logged in to view this page.';
$tpl->Execute(null);
exit;
}
if (isset($_POST['username']))
{
if (!empty($_POST['newpassword']) && !empty($_POST['repeatpassword']))
{
if (!isset($tpl->message))
{
$tpl->message = '';
}
else
{
$tpl->message = $tpl->message . '<br>';
}
if ($_POST['newpassword'] != $_POST['repeatpassword'])
{
$tpl->message = $tpl->message . "Passwords did not match.";
}
else
{
$username = strtolower($_POST['username']);
$newpassword = hash('sha256',$salt.strtolower($_POST['username']).substr($_POST['newpassword'],0,12));
$db->SQL("UPDATE accounts SET password = '$' WHERE username = '$'", $newpassword, $username);
if ($db->AffectedRows() != 1)
{
$tpl->message = $tpl->message . "Failed to update password.";
}
else
{
$tpl->message = $tpl->message . "Password updated.";
}
}
}
}
$tpl->Execute('pwordrecovery');