electricbeat
Account Closed
- Impact
- 0
PHP:
<?php
include("opendb.php");
?>
<form method="post">
Forgot your password?
Email address<input type="text" name="email">
<input type="submit" name="lostpass" value="Recover Password">
<?php
if(isset($_POST['lostpass'])) {
$email = $_POST['email'];
$select = mysql_query("SELECT * FROM users WHERE email='$email'") or die(mysql_error());
$checkmail = mysql_num_rows($select) or die(mysql_error());
$query = mysql_fetch_object($select) or die(mysql_error());
if(empty($email)) {
echo "<tr><td colspan='2'>You need to fill in an email</td></tr>";
}elseif(!ereg("^[_a-zA-Z0-9-]+(\.[*@([a-zA-Z0-9-]+)*@([a-zA-Z0-9-]+\.)+([a-zA-Z]{2,4})$", $email)) {
echo "<tr><td colspan='2'>Your email has to be valid</td></tr>";
}elseif($checkmail == 0) {
echo "<tr><td colspan='2'>This email address was not found in our database</td></tr>";
}else{
$username = $query->username;
function createcode($len=6)
{
$nps = "";
mt_srand ((double) microtime() * 1000000);
while (strlen($nps)<$len) {
$c = chr(mt_rand (0,255));
if (eregi("^[a-z0-9]$", $c)) $nps = $nps.$c;
}
return ($nps);
}
$password = createcode();
$hash = md5($password);
mysql_query("UPDATE users SET password = '$hash' WHERE username = '$username'");
mail($email, "New Password", "
Hi $username,
Here is your password you requested
Username: ".$username."
Password: ".$password."
");
echo "<tr><td colspan='2'>Your new password has been send to you</td></tr>";
}
}
?>So, if a user enters his email, the password new password will be sent to him.
I was wondering if anyone can add a little bit onto the script, so the user is emailed with a link to reset their password, then when they click the link they are shown a page asking them to 'click here to send a new password'
This way only the owner of the email can get a password change instead of everyone.
