script to recovery password

[quenio]

<style type="text/css">
<!--
body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
-->
</style><table background="_img/top_paginas_04.jpg" border="0" cellpadding="0" cellspacing="0" width="540">
<tbody>
<tr>
<td height="68" valign="bottom" width="535"><img src="_img/titulo_recuperarsenha.jpg" height="52" width="160"></td>
</tr>
<tr>
<td height="58">&nbsp;</td>
</tr>
</tbody>
</table>
<br>
<table border="0" cellpadding="0" cellspacing="0" width="540">
<tr>
<td bgcolor="#73422f" height="3"></td>
</tr>
<tr>
<td bgcolor="#c39d7b" height="1"></td>
</tr>
<tr>
<td valign="top"><table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td><table border="0" cellpadding="10" cellspacing="0" width="540">
<tbody>
<tr align="center" valign="middle">
<td height="39" align="left" valign="top" bgcolor="#fde6bd"><?
if (!$act) {
echo "<table width='344' border='0' align='center' cellpadding='0' cellspacing='0'>
<tr>
<td>
<p align='center'><b>1º Passo</b></p>
<form name='form_recuperarsenha1' method='post' action='?i=1f1c03efbf0&act=c940b61c49f'>
<br><center>Login de usuário:
<input name='recu_login' class='input03' type='text' id='recu_login'></center>
<br><div align='center'><input name='submit' src='_img/bt_prosseguir.jpg' border='0' type='image'></div>
</form></td></tr></table>";

}
if ($act == 'c940b61c49f') {
$recu_login = $_POST['recu_login'];

$r=mssql_query('select count (*) from '.acc.'.dbo.cabal_auth_table where ID='$recu_login'");
$login = mssql_fetch_array($select_login_q);
$login_check = mssql_num_rows($select_login_q);

if ((eregi("[^0-9a-zA-Z._-]", $recu_login)))
inject();
elseif (empty($recu_login)) {
echo "<div align='center'>O campo Login está em branco!.</div><br>";
} elseif ($login_check <= 0) {
echo "<div align='center'>Esse login não existe.</div><br>";
} else {
echo "<div align='center'><b>2º Passo</b><br><br>
<b>&nbsp;Login de usuário:</b> $recu_login<br><br></div>
<form name='form_recuperarsenha2' method='post' action='?i=1f1c03efbf0&act=1608641cdaf'>
<center><b>Pergunta Secreta: </b>$login[fpas_ques]<br><br><center><b>Resposta Secreta:</b></center>
<input name='recu_resposta' class='input03' type='text' id='recu_resposta'>
<input name='recu_login' class='input03' type='hidden' id='recu_login' value='$recu_login'></center>
<span class='style4'><center>Sua Resposta Secreta!</center></span><br><br>
<div align='center'><input name='submit' src='_img/bt_prosseguir.jpg' border='0' type='image'></div></form>";
}
}
if ($act == '1608641cdaf') {
$recu_resposta = $_POST['recu_resposta'];
$recu_login = $_POST['recu_login'];

$r=mssql_query("insert into ".acc.".dbo.cabal_auth_pchave values (".$unum.",'".$pchave."')");
$dados_login = mssql_fetch_array($select_login_q);

$r=mssql_query('select count (*) from '.acc.'.dbo.cabal_auth_table where ID='$recu_login' AND fpas_answ='$recu_resposta'");
$answ_check = mssql_num_rows($answ_check_query);

if ((eregi("[^0-9a-zA-Z]", $recu_resposta)))
inject();
elseif (empty($recu_resposta)) {
echo "<div align='center'>O Campo do Codigo Secreto está em branco!.</div><br>";
} elseif ($answ_check <= 0) {
echo "<script>alert('Resposta Secreta Incorreta.')</script>";
echo "<script>window.location='?i=1f1c03efbf0'</script>";
} else {
$novasenha = substr(md5(uniqid(time())), 0, 8);

if ($md5 == 1) {
mssql_query("exec Encripta '".$novasenha."','".$recu_login."'");
} else {
mssql_query("UPDATE MEMB_INFO SET memb__pwd='$novasenha' WHERE memb___id='$recu_login'");
}

echo "<div align='center'><b>Ultimo Passo</b><br><br></div>
<center>Operação Concluida com Sucesso.</center><br><br>
<center><b>A sua Nova Senha é:</b><font color='red'> $novasenha</font><div><center>
<br><center><b><font color='red'>OBS.:</b> Para sua segurança, Altere sua Senha após Recupera-la.</font><div><center>";
}
}
?></td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td align="right" valign="top"><table border="0" cellpadding="0" cellspacing="0" width="540">
<tbody>
<tr>
<td><table border="0" cellpadding="0" cellspacing="0" width="540">
<tbody>
<tr>
<td bgcolor="#c39d7b" height="3"></td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td height="19">&nbsp;</td>
</tr>
</tbody>
</table></td>
</tr>
</tbody>

</table>



I come here to ask for some ideas to fix this script still not working

[MentaL]

[chumpywumpy]

It doesn't work because it is not for Cabal:

mssql_query("UPDATE MEMB_INFO SET memb__pwd='$novasenha' WHERE memb___id='$recu_login'");

There is no MEMB_INFO table in our database. I have only had a very quick look but there are other things in there that won't work right either. It would be quicker to write one from scratch than alter this one to work. Database changes would be needed to incorporate the "secret question" though.

EDIT: Reading it through again it is for Cabal but it has extra database tables. I can see a stored procedure in there ("exec Encripta '".$novasenha."','".$recu_login."'") and a function (inject()) that isn't in the code there either. It would still be easier to write one from scratch than add all the missing stuff from this one :/