-
Notifications
You must be signed in to change notification settings - Fork 1
/
forgot.php
100 lines (86 loc) · 4.61 KB
/
forgot.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION["userid"];
$username = $_SESSION["username"];
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Forgot Password?</title>
</head>
<body>
<?php
if (!$username) {
echo "
<form action='forgot.php' method='POST'>
<table>
<tr>
<td><input type='text' placeholder='Username' name='user'></td>
</tr>
<tr>
<td><input type='email' placeholder='Email' name='email'></td>
</tr>
<tr>
<td><input type='submit' name='getnewpass' value='Get password'></td>
</tr>
<tr>
<td><a href='login.php'>Back</a></td>
</tr>
</table>
</form>
";
if ($_POST["getnewpass"]) {
$user = $_POST["user"];
$email = $_POST["email"];
if ($user) {
if ($email) {
if ((strlen($email) >= 6) && (strstr($email, "@")) && (strstr($email, "."))) {
require("connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbemail = $row["email"];
if ($email === $dbemail) {
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$pass = md5(md5("w4lkrh5kgq".$pass."4p967iujhn"));
mysql_query("UPDATE users SET password='$pass' WHERE username='$user'");
$query = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$webmaster = "[email protected]";
$header = "From: Login System <$webmaster>";
$subject = "Password Reset";
$message = "You requested a password reset. Your password is now: $pass.";
if (mail($email, $subject, $message, $header)) {
echo "Success!";
} else {
echo "ABC - 500 Internal Server Error | Please Try Again Later";
}
} else {
echo "XYZ - 500 Internal Server Error | Please Try Again Later";
}
} else {
echo "Incorrect email. $form";
}
mysql_close();
}
} else {
echo "Invalid email. $form";
}
} else {
echo "Missing email.";
}
} else {
echo "Missing username.";
}
}
} else {
echo "<a href='logout.php'>Logout</a> to access this page.";
}
?>
</body>
</html>