FirefighterKyle
I am Kyle!!
- Sep 14, 2012
- 162
- 7
Okay I am trying to make a forgot password thing so if one of my lovley users forgets their passwords they can recover it, since it is all hashed I really can't just give be like umm here have the hashed version of it haha. I tired to make a forgot password php but I am getting some errors, it changes the password in the db but when I enter the pass what I receive it just says incorrect password. There is already a thing to set up a forgot password but I really don't know how to set it up around this
So I made my own type of thing which used instead of hashed it used md5 which obviously didn't work.
If someone could help me make a page or show me how I could fix my errors in my forgotpass.php that would be great just make the stuff in red and tell me what I should change it too.
PHP:
/*-------------------------------Loggin forgotten-------------------------------------*/
final public function forgotten()
{
global $template, $_CONFIG, $core;
if(isset($_POST['forgot']))
{
$template->form->setData();
unset($template->form->error);
if($this->nameTaken($template->form->for_username))
{
if(strlen($template->form->for_password) > 6)
{
if($this->getInfo($this->getID($template->form->for_username), 'seckey') == $core->hashed($template->form->for_key))
{
$this->updateUser($this->getID($template->form->for_username), 'password', $core->hashed($template->form->for_password));
$template->form->error = 'Account recovered! Go <b><a href="index">here</a></b> to login!';
return;
}
else
{
$template->form->error = 'Secret key is incorrect';
return;
}
}
else
{
$template->form->error = 'Password must have more than 6 characters.';
return;
}
}
else
{
$template->form->error = 'Username does not exist';
return;
}
}
}
PHP:
<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['id'];
$username = $_SESSION['user'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>{hotelname}-Forgot Password</title>
</head>
<body>
<?php
If (!$username && !$userid){
// get the user data
if ($_POST['forgot']){
$user = $_POST['user'];
$email = $_POST['email'];
// make sure info provided
if ($user){
if ($email){
if ( (strlen($email) > 7) && (strstr($email, "@")) && (strstr($email, ".")) ){
// connect
global $_CONFIG;
$query = mysql_query("SELECT * FROM users WHERE name='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
// get info about account
$row = mysql_fetch_assoc($query);
$dbemail = $row['email'];
// make sure email is correct
if ($email == $dbemail){
// generate password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("kjfiufj".$pass."Fj56fj"));
// update db with new pass
mysql_query("UPDATE users SET password='$password' WHERE name='$user'");
// make sure the password was change
$query = mysql_query("SELECT * FROM users WHERE name='$user' AND password='$password'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
// create email vars
$webmaster = "[email protected]";
$headers = "From: $webmaster";
$subject = "Your new password";
$message = "Hello I see that you requested a new password you can fined your password below. If you did not request a new password please contact an Administrator!\n";
$message .= "Password: $pass\n";
echo $pass."<br />";
if( mail($email, $subject, $message, $headers) ){
echo "Your password has been reset, please check your email.";
}
else
echo "An error has occured and your email was not sent containing your new password";
}
else
echo "An error has occured and the password was not reset.";
}
else
echo "You have entered the wrong email address.";
}
else
echo "Username does not exist.";
mysql_close();
}
else
echo "Please enter a valid email address.";
}
else
echo "Please enter your email.";
}
else
echo "Please enter your username.";
}
echo "<form action='./forgotpass' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='user' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='forgot' value='Reset Password' /></td>
</tr>
</form>";
}
else
echo "Your account is already logged in. If someone has hacked you please contact an Administrator at ";
?>
</body>
</html>
