ok i followed a tutorial on youtube to make these i edited them a bit to work with the user log in system that jacek made.
but the error i am having is that...
forgotpass.php = it changed the password but it wont allow me to login...
resetpass.php = it keeps saying wrong password when i put it in so is there anyway you can help me fix this?
Also i need this to work with jaceks login tutorials
here is the sources for those 2 pages.
forgotpass.php:
[syntax=php]<?php
include('core/init.inc.php');
$userid = $_SESSION['user_id'];
$username = $_SESSION['user_username'];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Forgot Password - Zerk-Xile</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="SHORTCUT ICON" href="ext/images/favicon.ico">
<link href="ext/css/stylesheet.css" rel="stylesheet" type="text/css">
</head>
<body>
<img src="ext/images/background.jpg" class="background" />
<!-- TemplateBeginEditable name="header" -->
<center>
<div class="header" id="header">
<p><font size="10">Zerk-Xile</font></p>
</div></center><!-- TemplateEndEditable -->
<!-- TemplateBeginEditable name="content" -->
<center>
<div align="center" class="content" id="content">
<?php
if (!$username && !$userid){
if ($_POST['resetbtn']){
// get data from form
$user = $_POST['user'];
$email = $_POST['email'];
if ($user){
if ($email){
if ( (strlen($email) > 7) && (strstr($email, "@")) && (strstr($email, ".")) ){
$query = mysql_query("SELECT * FROM users WHERE user_username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
// get info for account from database
$row = mysql_fetch_assoc($query);
$dbemail = $row['user_email'];
// make sure email is correct
if ($email == $dbemail){
// generate random password
$pass = rand();
$pass = md5($pass);
$pass = substr($pass, 0, 15);
$password = md5(md5("kjfiufj".$pass."Fj56fj"));
// update db with new pass
mysql_query("UPDATE users SET user_password='$password' WHERE user_username='$user'");
// make sure that the password was changed
$query = mysql_query("SELECT * FROM users WHERE user_username='$user' AND user_password='$password'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
// create email vars
$webmaster = "admin@zerk-xile.info";
$headers = "From: Smg<$webmaster>";
$subject = "Your New Password";
$message = "Hello, Your password has been reset. Your new password is below.\n";
$message .= "Password: $pass\n";
echo $pass."<br />";
if ( mail($email, $subject, $message, $headers) ){
echo "Your password has been reset and a email has been sent with your new password.";
} else
echo "An error has occured and your email was not sent containing your new password.";
} else
echo "An error has occured and the password was not reset.";
} else
echo "The email entered was the wrong email address.";
} else
echo "The username was not found.";
mysql_close();
} else
echo "Please enter a valid Email Address.";
} else
echo "Please enter your Email.";
} else
echo "Please enter your Username.";
}
echo "<form action='./forgotpass.php' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='user' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetbtn' value='Reset Password' /></td>
</tr>
</table>
</form>";
} else
echo "Please logout to view this page.";
?>
</div></center><!-- TemplateEndEditable -->
</body>
</html>
[/syntax]
resetpass.php:
[syntax=php]<?php
include('core/init.inc.php');
$userid = $_SESSION['user_id'];
$username = $_SESSION['user_username'];
?>
<html>
<head>
<title></title>
</head>
<body>
<?php
if ($_POST['resetpass']){
// get form data
$pass = $_POST['pass'];
$newpass = $_POST['newpass'];
$confirmpass = $_POST['confirmpass'];
// make sure all data was entered
if ($pass){
if ($newpass){
if ($confirmpass){
if ($newpass === $confirmpass){
$password = md5(md5("kjfiufj".$pass."Fj56fj"));
// make sure pass is correct.
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
//new password
$newpassword = md5(md5("kjfiufj".$newpass."Fj56fj"));
// update the db with new pass
mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username'");
// make sure new password was changed
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$newpassword'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
echo "Your password has been reset.";
} else
echo "a error occured and your password was not reset";
} else
echo "Your current password is incorrect.";
mysql_close();
} else
echo "Your new passwords did not match.";
} else
echo "You must confirm your new password.";
} else
echo "You must enter your new password.";
} else
echo "You must enter your current password.";
}
echo "<form action='./resetpass.php' method='post'>
<table>
<tr>
<td>Current Password:</td>
<td><input type='password' name='pass'></td>
</tr>
<tr>
<td>New Password:</td>
<td><input type='password' name='newpass'></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetpass' value='Reset Password'></td>
</tr>
</table>
</form>";
?>
</body>
</html>
[/syntax]
Forgot password and Reset Password Help
Re: Forgot password and Reset Password Help
You should use functions, you should not echo huge chunks of HTML and you lookup what sql injection is, you should avoid insane nesting of if statements, you should keep the logic and output parts of your separate.
There are also far too many queries here. Maybe look for a better tutorial, or try having a go yourself.
The reason it is not working is most likely that you are not finding the user in the table, which error message do you get ? If none try adding the
[syntax=php]echo mysql_error();[/syntax]
after the query.
There are also far too many queries here. Maybe look for a better tutorial, or try having a go yourself.
The reason it is not working is most likely that you are not finding the user in the table, which error message do you get ? If none try adding the
[syntax=php]echo mysql_error();[/syntax]
after the query.
-
janvier123
- Posts: 23
- Joined: Tue Apr 17, 2012 6:25 am
Re: Forgot password and Reset Password Help
ALWAYS use [syntax=php]mysql_real_escape_string[/syntax] to clean your user's input, or you will be hacked!
http://php.net/manual/en/function.mysql ... string.php
http://php.net/manual/en/function.mysql ... string.php
Re: Forgot password and Reset Password Help
ok i followed another tutorial i think is better and its not sending the email so what did i do wrong in the code to not make it send the email?
forgotpass.php:
[syntax=php]<?php
include('core/init.inc.php');
function error($msg) {
?>
<html>
<head>
<script language="JavaScript">
<!--
alert("<?=$msg?>");
history.back();
//-->
</script>
</head>
<body>
</body>
</html>
<?
exit;
}
function check_email_address($email) {
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
return false;
}
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false;
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
if (isset($_POST['submit'])) {
if ($_POST['forgotpassword']=='') {
error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
}
else {
$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
if (!check_email_address($_POST['forgotpassword'])) {
error('Email Not Valid - Must be in format of name@domain.tld');
}
$sql = "SELECT COUNT(*) FROM users WHERE user_email = '$forgotpassword'";
$result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
if (!mysql_result($result,0,0)>0) {
error('Email Not Found!');
}
$random_password=sha1(uniqid(rand()));
$emailpassword=substr($random_password, 0, 8);
$newpassword = sha1($emailpassword);
$query = sprintf("UPDATE `users` SET `user_password` = '%s' WHERE `user_email` = '$forgotpassword'",
mysql_real_escape_string($newpassword));
mysql_query($query)or die('Could not update members: ' . mysql_error());
$subject = "Your New Password";
$message = "Your new password is as follows:
----------------------------
Password: $emailpassword
----------------------------
Please make note this information has been encrypted into our database
This email was automatically generated.";
if(!mail($forgotpassword, $subject, $message, 'FROM: Zerk-Xile <admin@zerk-xile.info>')){
die ("Sending Email Failed, Please Contact Site Admin!");
}else{
mail($forgotpassword, $subject, $message, 'FROM: Zerk-Xile <admin@zerk-xile.info>');
error('New Password Sent!.');
}
}
else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Forgot Password - Zerk-Xile</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="SHORTCUT ICON" href="ext/images/favicon.ico">
<link href="ext/css/stylesheet.css" rel="stylesheet" type="text/css">
</head>
<body>
<img src="ext/images/background.jpg" class="background" />
<!-- TemplateBeginEditable name="header" -->
<center>
<div class="header" id="header">
<p><font size="10">Zerk-Xile</font></p>
</div></center><!-- TemplateEndEditable -->
<!-- TemplateBeginEditable name="content" -->
<center>
<div align="center" class="content" id="content">
<form name="forgotpasswordform" action="" method="post">
<table border="1">
<tr>
<td colspan="2"><label>Forgot Password</label></td>
</tr>
<tr>
<td>Email Address:</td>
<td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td>
</tr>
<tr>
<td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td>
</tr>
</table>
</form>
</div></center><!-- TemplateEndEditable -->
</body>
</html>
<? } ?>
[/syntax]
EDIT I FIXED IT.
forgotpass.php:
[syntax=php]<?php
include('core/init.inc.php');
function error($msg) {
?>
<html>
<head>
<script language="JavaScript">
<!--
alert("<?=$msg?>");
history.back();
//-->
</script>
</head>
<body>
</body>
</html>
<?
exit;
}
function check_email_address($email) {
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
return false;
}
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false;
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
if (isset($_POST['submit'])) {
if ($_POST['forgotpassword']=='') {
error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
}
else {
$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
if (!check_email_address($_POST['forgotpassword'])) {
error('Email Not Valid - Must be in format of name@domain.tld');
}
$sql = "SELECT COUNT(*) FROM users WHERE user_email = '$forgotpassword'";
$result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
if (!mysql_result($result,0,0)>0) {
error('Email Not Found!');
}
$random_password=sha1(uniqid(rand()));
$emailpassword=substr($random_password, 0, 8);
$newpassword = sha1($emailpassword);
$query = sprintf("UPDATE `users` SET `user_password` = '%s' WHERE `user_email` = '$forgotpassword'",
mysql_real_escape_string($newpassword));
mysql_query($query)or die('Could not update members: ' . mysql_error());
$subject = "Your New Password";
$message = "Your new password is as follows:
----------------------------
Password: $emailpassword
----------------------------
Please make note this information has been encrypted into our database
This email was automatically generated.";
if(!mail($forgotpassword, $subject, $message, 'FROM: Zerk-Xile <admin@zerk-xile.info>')){
die ("Sending Email Failed, Please Contact Site Admin!");
}else{
mail($forgotpassword, $subject, $message, 'FROM: Zerk-Xile <admin@zerk-xile.info>');
error('New Password Sent!.');
}
}
else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Forgot Password - Zerk-Xile</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="SHORTCUT ICON" href="ext/images/favicon.ico">
<link href="ext/css/stylesheet.css" rel="stylesheet" type="text/css">
</head>
<body>
<img src="ext/images/background.jpg" class="background" />
<!-- TemplateBeginEditable name="header" -->
<center>
<div class="header" id="header">
<p><font size="10">Zerk-Xile</font></p>
</div></center><!-- TemplateEndEditable -->
<!-- TemplateBeginEditable name="content" -->
<center>
<div align="center" class="content" id="content">
<form name="forgotpasswordform" action="" method="post">
<table border="1">
<tr>
<td colspan="2"><label>Forgot Password</label></td>
</tr>
<tr>
<td>Email Address:</td>
<td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td>
</tr>
<tr>
<td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td>
</tr>
</table>
</form>
</div></center><!-- TemplateEndEditable -->
</body>
</html>
<? } ?>
[/syntax]
EDIT I FIXED IT.