I am having a problem where the Lost Password reset changes the password in the database, but instead of e-mailing the user a new password, it e-mails them a link to Verify their Registration (which if they do, it just tells them that they are already Registered). Below is the lostpass.php file that I think is supposed to provide the user with a new password. Any help here would be appreciated. We had the original Registration process modified because we want people to do both the "Verification Text", to avoid automatic computer registrations and possible "flooding" and then also "E-mail Confirmation" to make sure the people were legitimate.


$xoopsOption['pagetype'] = 'user';
$xoopsOption['page_style'] = 8;

include_once("mainfile.php");

if ( !isset($email) || $email == "" ) {
redirect_header("user.php", 2, _US_SORRYNOTFOUND);
exit();
}

$getuser = XoopsUser::getAllUsers(array("email='".$myts->oopsAddSlashesGPC($email)."'"), true);

if ( empty($getuser) ) {
redirect_header("user.php", 2, _US_SORRYNOTFOUND);
exit();
} else {
$areyou = substr($getuser[0]->getVar("pass"), 0, 5);
if ( isset($code) && $areyou == $code ) {
$newpass = makepass();
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate("lostpass2.tpl");
$xoopsMailer->assign("SITENAME", $meta['title']);
$xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
$xoopsMailer->assign("SITEURL", XOOPS_URL."/");
$xoopsMailer->assign("IP", _REMOTE_ADDR);
$xoopsMailer->assign("NEWPWD", $newpass);
$xoopsMailer->setToUsers($getuser[0]->getVar("uid"));
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($meta['title']);
$xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, XOOPS_URL));
if ( !$xoopsMailer->send() ) {
echo $xoopsMailer->getErrors();
}

// Next step: add the new password to the database
$cryptpass = md5($newpass);
$query = "UPDATE ".$db->prefix("users")." SET pass='$cryptpass' WHERE uid=".$getuser[0]->getVar("uid")."";

if ( !$db->query($query) ) {
include_once("header.php");
echo _US_MAILPWDNG;
include_once("footer.php");
exit();
}

redirect_header("user.php", 3, sprintf(_US_PWDMAILED, $getuser[0]->getVar("uname")));
exit();

// If no Code, send it
} else {
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
if (!empty($HTTP_POST_VARS['actkey'])) {
$xoopsMailer->setTemplate("actkey.tpl");
$xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $uname));
} else {
$xoopsMailer->setTemplate("lostpass1.tpl");
$xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
$xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ, $meta['title']));
}
$xoopsMailer->assign("SITENAME", $meta['title']);
$xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
$xoopsMailer->assign("SITEURL", XOOPS_URL."/");
$xoopsMailer->assign("IP", _REMOTE_ADDR);
$xoopsMailer->setToUsers($getuser[0]->getVar("uid"));
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($meta['title']);
include_once("header.php");
if ( !$xoopsMailer->send() ) {
echo $xoopsMailer->getErrors();
}
echo "

";
printf(_US_CONFMAIL, $getuser[0]->getVar("uname"));
echo "

";
include_once("footer.php");
}

}
?>

I have noticed this as well even with the new version. Once you recieve the new password and use it to log in with, the site decides to go into a loop trying to access the lost password file. I figured out that you can hit stop. Go back to the main page and you are logged in. Any have an idea?