- echo "Hmm, you forgot your passwort...nothing I can do at the moment:( ";
- echo " you need to email Arun for now... in the future it will be all automated and an ";
- echo "email with a new password will go to $email.";
+ /* check how many entries in recovery table */
+ $number = DB_get_number_of_passwords_recovery($uid);
+
+ /* if less than N recent ones, add a new one and send out email */
+ if( $number < 5 )
+ {
+ echo "Ok, I send you a new password. <br />";
+ if($number >1)
+ echo "N.B. You tried this already $number times during the last day and it will only work ".
+ " 5 times during a day.<br />";
+ echo "The new password will be valid for one day, make sure you reset it to something else.<br />";
+ echo "Back to the <a href=\"$host\">main page</a>.";
+
+ $TIME = (string) time(); /* to avoid collisions */
+ $hash = md5("Anewpassword".$email.$TIME);
+ $newpw = substr($hash,1,8);
+
+ $message = "Someone (hopefully you) requested a new password. \n".
+ "You can use this email and the following password: \n".
+ " $newpw \n".
+ "to log into the server. The new password is valid for 24h, so make\n".
+ "sure you reset your password to something new. Your old password will\n".
+ " also still be valid until you set a new one\n";
+ mymail($email,$EmailName."recovery ",$message);
+
+ DB_set_recovery_password($uid,md5($newpw));
+ }
+ else
+ {
+ echo "Sorry you already tried 5 times during the last 24h.<br />".
+ "You need to use one of those passwords or wait to get a new one.<br />";
+ echo "Back to the <a href=\"$host\">main page</a>.";
+ }