<?php
+require_once('include/email.php');
function lostpass_post(&$a) {
$new_password = autoname(12) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);
- $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
+ $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d",
dbesc($new_password_encoded),
intval($uid)
);
'$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password
));
- $res = mail($email, sprintf( t('Password reset requested at %s'),$a->config['sitename']),
+ $res = mail($email, email_header_encode(sprintf( t('Password reset requested at %s'),$a->config['sitename']),'UTF-8'),
$email_tpl,
- 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
+ 'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n"
. 'Content-type: text/plain; charset=UTF-8' . "\n"
. 'Content-transfer-encoding: 8bit' );
$new_password = autoname(6) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);
- $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1",
+ $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d",
dbesc($new_password_encoded),
intval($uid)
);
'$new_password' => $new_password,
'$uid' => $newuid ));
- $res = mail($email,"Your password has changed at {$a->config['sitename']}",$email_tpl,
- 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
+ $subject = sprintf( t('Your password has been changed at %s'), $a->config['sitename']);
+
+ $res = mail($email, email_header_encode( $subject, 'UTF-8'), $email_tpl,
+ 'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n"
. 'Content-type: text/plain; charset=UTF-8' . "\n"
. 'Content-transfer-encoding: 8bit' );