<?php
if(strlen($_POST["user"])>9){
if(strpos(' '.$_POST["user"], '+')<1){
$number='+'.(int)$_POST["user"];
}else{
$number=$_POST["user"];
}
}else{
echo 0;exit;
}
$new_code=ss_sql("select sms_text from `sms_codes` where sms_number='".$number."' or sms_number='".(int)$number."' order by id_sms_code DESC limit 0,1");
$myuser=ss_sql("select user_id from `user` where (phone='".$number."' or phone="'.(int)$number."' ) and phone_verify=1 order by user_id DESC limit 0,1");
if($new_code<10){echo 0;exit;}
if($myuser<10){echo 0;exit;}
$pass=hash('sha256', $new_code);
mysql_query("update `user` set pass='".$pass."' where user_id=".(int)$myuser);
$text=get_text("sms_pass").$new_code;
send_sms($number, "timebooka.com: ".$text, $smsapi);
echo 1;
?>