Password Reset Script (With confirmation)

[Nathan]

Although I based it around a Phoenix database, I'm sure you can use it for something else.

If you're using this on a VPS, you will have to set up a mail server. (Use Google)
Please note if it might make your server lag a bit if your traffic is a lot.

If you're going to use this on a hotel, you're going to have to replace

Code:

include('config.php');

to

Code:

include('../config.php');

And you'll also need to add this to your config file:

Code:

$theemail="YourEmail@YourEmail.com";

And

Code:

$theurl="something.com";

You don't need to add http://

What does this do?
It sends an email to you telling you that you have requested a password change with a URL. You click that URL and it sends a random password to you and drops the confirmation code from the pass_reset table.

Download: reset.rar

Credits to: SkeetEmUp(Michael), Rusty, DesCode for testing this.

Add what you want to it. I don't mind.

OH, you also need to run this for it to work:

PHP Code:

CREATE TABLE `pass_reset` (
`confirm_code` varchar(65) NOT NULL default '',
`email` varchar(65) NOT NULL default ''
) ENGINE=MyISAM DEFAULT CHARSET=latin1; 


Mirror: Multiupload.com - upload your files to multiple file hosting sites!

[MentaL]

[c0mma]

Thanks for this, Ill be sure to test it out!

[Nathan]

Thanks for this, Ill be sure to test it out!

Great. Please note I tested this on a hosting site not a VPS.

[ChrisDaniel]

Ok so i INSTALLED this, but when it goes too ' Done.php ', i get this ERROR. Why, can anyone please help me. I am hosting this on a VPS - XAMPP - Folder (Reset) ?

Picture Error:

ERROR

[skunken1]

No offense but I will stop visiting this forum soon because its full of php-morons with no security skills,

Look :

$confirmation=$_GET['code'];

$selectkey="SELECT * FROM $table1 WHERE confirm_code ='$confirmation'";

Its so injectable so i piss my phants, watch this video and u will understand and please google php security ...

Video :
‪Joe McCray - Advanced SQL Injection - LayerOne 2009‬‏ - YouTube


Good job though, its a basic script and good for beginners but this is not really a site to release script with security leaks.

[Nathan]

No offense but I will stop visiting this forum soon because its full of php-morons with no security skills,

Look :

$confirmation=$_GET['code'];

$selectkey="SELECT * FROM $table1 WHERE confirm_code ='$confirmation'";

Its so injectable so i piss my phants, watch this video and u will understand and please google php security ...

Video :
‪Joe McCray - Advanced SQL Injection - LayerOne 2009‬‏ - YouTube


Good job though, its a basic script and good for beginners but this is not really a site to release script with security leaks.

Leave then. Because quite frankly, I don't think anyone cares.

[EliteGM]

I don't think people would appreciate you making scripts that are at what is probably the lowest level of security possible, and them causing people to be able to wreak havoc in the databases... Clean that shit up.

[MattehCarter]

Leave then. Because quite frankly, I don't think anyone cares.

We all care. Security is the most important part of a script.
If you can't see that, leave, now.