Password Reset Script (With confirmation)
Although I based it around a Phoenix database, I'm sure you can use it for something else.
If you're using this on a VPS, you will have to set up a mail server. (Use Google)
Please note if it might make your server lag a bit if your traffic is a lot.
If you're going to use this on a hotel, you're going to have to replace
Code:
include('config.php');
to
Code:
include('../config.php');
And you'll also need to add this to your config file:
Code:
$theemail="YourEmail@YourEmail.com";
And
Code:
$theurl="something.com";
You don't need to add http://
What does this do?
It sends an email to you telling you that you have requested a password change with a URL. You click that URL and it sends a random password to you and drops the confirmation code from the pass_reset table.
Download: reset.rar
Credits to: SkeetEmUp(Michael), Rusty, DesCode for testing this.
Add what you want to it. I don't mind.
OH, you also need to run this for it to work:
PHP Code:
CREATE TABLE `pass_reset` (
`confirm_code` varchar(65) NOT NULL default '',
`email` varchar(65) NOT NULL default ''
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
Mirror: Multiupload.com - upload your files to multiple file hosting sites!
Re: Password Reset Script (With confirmation)
Thanks for this, Ill be sure to test it out!
Re: Password Reset Script (With confirmation)
Quote:
Originally Posted by
*****
Thanks for this, Ill be sure to test it out!
Great. Please note I tested this on a hosting site not a VPS.
1 Attachment(s)
Re: Password Reset Script (With confirmation)
Ok so i INSTALLED this, but when it goes too ' Done.php ', i get this ERROR. Why, can anyone please help me. I am hosting this on a VPS - XAMPP - Folder (Reset) ?
Picture Error:
Re: Password Reset Script (With confirmation)
No offense but I will stop visiting this forum soon because its full of php-morons with no security skills,
Look :
$confirmation=$_GET['code'];
$selectkey="SELECT * FROM $table1 WHERE confirm_code ='$confirmation'";
Its so injectable so i piss my phants, watch this video and u will understand and please google php security ...
Video :
‪Joe McCray - Advanced SQL Injection - LayerOne 2009‬‏ - YouTube
Good job though, its a basic script and good for beginners but this is not really a site to release script with security leaks.
Re: Password Reset Script (With confirmation)
Quote:
Originally Posted by
skunken1
No offense but I will stop visiting this forum soon because its full of php-morons with no security skills,
Look :
$confirmation=$_GET['code'];
$selectkey="SELECT * FROM $table1 WHERE confirm_code ='$confirmation'";
Its so injectable so i piss my phants, watch this video and u will understand and please google php security ...
Video :
‪Joe McCray - Advanced SQL Injection - LayerOne 2009‬‏ - YouTube
Good job though, its a basic script and good for beginners but this is not really a site to release script with security leaks.
Leave then. Because quite frankly, I don't think anyone cares.
Re: Password Reset Script (With confirmation)
I don't think people would appreciate you making scripts that are at what is probably the lowest level of security possible, and them causing people to be able to wreak havoc in the databases... Clean that shit up.
Re: Password Reset Script (With confirmation)
Quote:
Originally Posted by
Fustigate
Leave then. Because quite frankly, I don't think anyone cares.
We all care. Security is the most important part of a script.
If you can't see that, leave, now.
