electricbeat
Account Closed
- Impact
- 0
PHP:
<?php
include("config.php");
?>
<form method="post">
Forgot your password?
Email address<input type="text" name="email">
<input type="submit" name="lostpass" value="Recover Password">
<?php
if(isset($_POST['lostpass'])) {
$email = $_POST['email'];
$select = mysql_query("SELECT * FROM users WHERE email='$email'") or die(mysql_error());
$checkmail = mysql_num_rows($select) or die(mysql_error());
$query = mysql_fetch_object($select) or die(mysql_error());
if(empty($email)) {
echo "<tr><td colspan='2'>You need to fill in an email</td></tr>";
}elseif(!ereg("^[_a-zA-Z0-9-]+(\.[*@([a-zA-Z0-9-]+)*@([a-zA-Z0-9-]+\.)+([a-zA-Z]{2,4})$", $email)) {
echo "<tr><td colspan='2'>Your email has to be valid</td></tr>";
}elseif($checkmail == 0) {
echo "<tr><td colspan='2'>This email address was not found in our database</td></tr>";
}else{
$username = $query->username;
$password = createcode($len)
{
$nps = "";
mt_srand ((double) microtime() * 1000000);
while (strlen($nps)<$len) {
$c = chr(mt_rand (0,255));
if (eregi("^[a-z0-9]$", $c)) $nps = $nps.$c;
}
return ($nps);
}
$hash = md5($password);
mysql_query("UPDATE users SET password = '$hash' WHERE username = '$username'");
mail($email, "New Password", "
Hi $username,
Here is your password you requested
Username: ".$username."
Password: ".$password."
");
echo "<tr><td colspan='2'>Your new password has been send to you</td></tr>";
}
}
?>I have that - it doesn't work. It send the user an thats about it. it doesn't generate or update a new password in the mysql database. Can anyone either make it so it sends the users current password to the users email or can anyone generate a random password, update the mysql db and send it to the user?
