include_once($_SERVER['DOCUMENT_ROOT'] . 'inc/mysql_connect.inc');
include_once($_SERVER['DOCUMENT_ROOT'] . 'inc/subs.inc');
if($task == "forgot") {
$sql = "select u.*,c.EMAIL from user u join contact c on u.contact_id = c.contact_id where u.login=" . strnull($login);
$res = mysql_query($sql,$mysql_conn);
$user_row = mysql_fetch_assoc($res);
if(!empty($user_row)) {
$password = make_password();
$sql = "update user set md5_password=" . strnull(md5($password)) . " where user_id=" . $user_row["USER_ID"];
if(!$res = mysql_query($sql,$mysql_conn)) {
$msg .= "Failed to update user record
$sql
";
$error = 'Y';
} else {
$subject = "Iridex Physician Portal Password Reset";
$headers = "From: info@iridex.com\r\n";
$email_content = "Your Iridex Physician Portal password has been reset.
User Name: " . $user_row['LOGIN'] . "
Password: $password
";
mail($user_row['EMAIL'],$subject,$email_content,$headers);
$msg = "An email has been sent to " . $user_row['EMAIL'] . " with your new password.";
}
} else {
$msg = "Invalid username. Please try again or contact Iridex for help.";
}
header('Location: login.html?msg=' . urlencode($msg));
exit;
}
?>
} ?>