Forgot Password |
Forgot Password |
<?php
// request for lost password
$pass_confirm = '';
$pass = '';
$url = '';
$con = '';
$from = 'sperlt@star.lcc.edu'; // use your email address
// the following five POST variables come from forms within this script
$what = isset($_POST['what']) ? $_POST['what'] : null;
$email = isset($_POST['email']) ? $_POST['email'] : null;
$id = isset($_POST['u']) ? $_POST['u'] : null;
$pass = isset($_POST['pass']) ? $_POST['pass'] : null;
$pass_confirm = isset($_POST['pass_confirm']) ? $_POST['pass_confirm'] : null;
// the following two variables come in from a GET via a link provided by the request change email
$temp_token = isset($_GET['t']) ? $_GET['t'] : null;
if ($temp_token != null) // if this in not null, then assume it's a request change email
{
$id = isset($_GET['u']) ? $_GET['u'] : null;
$what = 'return';
}
include("../includes/open-db.php");
// $what is either "send", "return", "final", or null -- null falls through
switch ($what)
{
case "send": // send email to the user to reset the user's password
// --- is there one email address for this user in the user's table?
$query = "SELECT * FROM users WHERE email = '$email' ";
$result = mysqli_query($con, $query) or die();
$row = mysqli_fetch_array($result);
$id = $row['id']; // get the user's ID record tied to their email address
// now create a temporary token and email a link back to this form
if (($email == true) && ($id > 0))
{
$comps = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
$lgth = strlen($comps);
$temp_token = "";
srand((double)microtime() * 1000000);
for ($x = 0; $x < 8; $x++)
{
$n = rand($x, $lgth);
$temp_token .= $comps[$n];
}
$query = "UPDATE users SET temp_token = '$temp_token' WHERE id = '$id'";
$result = mysqli_query($con, $query) or die();
// start of email
$mail_sent = '';
$subject = "Lost Password Request";
$from_address = 'sperlt@star.lcc.edu';
$from_name = 'Tedd';
$eol = "\r\n";
// Common Headers
$headers = "From: " . $from_name . "<" . $from_address . ">" . $eol;
$headers .= "Reply-To: " . $from_name . "<" . $from_address . ">" . $eol;
$headers .= "Return-Path: " . $from_name . "<" . $from_address . ">" . $eol;
$headers .= "Message-ID: <" . time() . "-" . $from_address . ">" . $eol;
$headers .= "X-Mailer: PHP v" . phpversion() . $eol;
// HTML Version
$headers .= "Content-Type: text/html; charset=utf-8" . $eol;
$headers .= "Content-Transfer-Encoding: 8bit" . $eol . $eol;
ini_set('sendmail_from', $from_address);
$url = $_SERVER['SCRIPT_URI'];
// start of email
$body = "It appears that you recently requested another password.
<br>
<br>
To configure a new password, please click the following link:
<br>
<br>
$url?t=$temp_token&u=$id
<br>
<br>
If this wasn't you, then please disregard this email.
<br>
<br>
Thank you,
";
// end of email
$message = $body . $eol . $eol;
$to = $email;
$mail_sent = mail($to, $subject, $message, $headers);
ini_restore('sendmail_from');
if ($mail_sent)
{
echo("Successfully sent an email to: $to");
}
else
{
echo('Sending email failed.');
}
}
break;
case "return": // received a reply back from a user with id and temp token
$query = "SELECT * FROM users WHERE id = '$id' AND temp_token = '$temp_token' ";
$result = mysqli_query($con, $query) or die();
if (!mysqli_num_rows($result) == 1)
{
$error = "Validation Failed, please try again.";
}
break;
case "final": // user has entered and confirmed a new password
if ($pass == $pass_confirm)
{
// $pass = md5($pass);
$query = "UPDATE users
SET temp_token='',
password='$pass'
WHERE id='$id' ";
$result = mysqli_query($con, $query) or die();
}
else
{
$error = "Passwords do not match";
}
break;
}
include("../includes/close-db.php");
include('../includes/header4.php');
?>
<table class="full">
<tr> <!-- CONTENT -->
<td colspan="2" id="context">
<h1 class="title">
Forgot Password
</h1>
<?php
if ($error) // if there are any errors, show them here
{
echo("<p>$error</p>");
$error = "";
if ($what == "final") // special case where user's password did not match the second password, try again
{
$what = 'return';
}
else
{
$what = "";
}
}
switch ($what)
{
case 'send': // notify the user that an email has been sent to the email address given
?>
<p>
Email Sent to:<?php echo($email); ?>
</p>
<p>
Check your email for instructions on completing your new password request.
</p>
<?php
break;
case 'return': /* user has responded via an email query
now the user picks new a password */
?>
<form action="forgot-password.php" method="post">
<table>
<tr>
<td>
<p>
You have requested a new password, please enter:
</p>
</td>
</tr>
<tr>
<td class="aright">
New Password:
</td>
<td class="aleft">
<input type="password" name="pass" size="20">
</td>
</tr>
<tr>
<td class="aright">
Confirm Password:
</td>
<td class="aleft">
<input type="password" name="pass_confirm" size="20">
</td>
</tr>
<tr>
<td>
<br/>
</td>
</tr>
<tr>
<td>
</td>
<td class="aleft">
<input type="hidden" name="what" value="final">
<input type="hidden" name="u" value="<?php echo($id); ?>">
<input type="submit" value="Set New Password">
</td>
</tr>
</table>
</form>
<?php
break;
case 'final': // let the user know that the new password has been registered -- all done.
?>
<p>
Your password has been changed!
</p>
<?php
break;
default: // start of process
?>
<form action="forgot-password.php" method="post">
<p>
Please enter your email address below, you will receive an email explaining how to
reset your password.
</p>
<p>
<input type="text" name="email" size="40">
<input type="hidden" name="what" value="send">
<br><br>
<input type="submit" value="Send Email">
</p>
</form>
<?php
break;
}
?>
</td>
</tr> <!-- end of CONTENT -->
</table>
<?php include("../includes/footer4.php"); ?>
<?php //-----------=========== functions ===========--------------
function report($error, $query, $line, $file)
{
echo($error . '<br>' . $query . '<br>' . $line . '<br>' . $file . '<br>');
}
?>
Last modified: October 18 2022
Line Count: 287