Hello guys I do not like to be a leetcher anymore so i will share some work developed in my server LegiaOSRO =)
Here it is how we reset the password in our server, We do not ask for any secret question and also it's not possible to change the email ... to prevent account selling because i really thinks that's stupid and only people who don't think too much would create an account with a fake email.
$titulo is the title of the page
$conteudo is the content
theme.php is the theme used in the page
You wont need any addicional table in the database because the link is maked with the old password, and it's valid until it's changed.
//this is username and password encripted to md5 that will be used to verify if the link is valid or not
$ump=md5("$username|$passwordemmd5");
$bbb=base64_encode("$ump");
//this is the username only to know what username will be reseted because it's possible to register accounts with same email.
$aaa=base64_encode("$username");
And i'm using a captcha system mind that too if you want to adopt this script
Regards! SeiS ^__^
PHP Code:<?php
session_start();
require_once("./modules/include/Config.php");
require_once("./modules/include/sqlConn.php");
require_once("./modules/include/Security.php");
function isValidEmail($email){
return eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email);
}
//create a random password with n characters
//edit ($i <= 9) here the 9 to another number to change the number of characters
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 9) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
mssql_select_db($dbName1, $dbConn) or die ("Couln't select database $dbName1");
//if is set a form submit by post
if(isset($_POST["submit"])){
$check = new security();
$message = null;
if($check->is_secure($_POST['username']) == false) $message[] = "";
if(count($message) > 0) {
$erro="<font color='red'>You have written invalid characters!</font>";
}else if($_POST["captcha"]!=$_SESSION["secretword"]){
$erro="<font color='red'>Wrong image code!</font>";
}else if(!isValidEmail($_POST['email'])){
$erro="<font color='red'>Invalid email format!</font>";
}else{
$username=$_POST['username'];
$email=$_POST['email'];
$verifyAccount = mssql_num_rows(mssql_query("select * from TB_User where StrUserID = '$username' and email='$email'"));
if($verifyAccount > 0) {
$getidepw = mssql_query("select * from TB_User where StrUserID = '$username' and email='$email'");
while ($row = mssql_fetch_array($getidepw)) {
$passwordemmd5=$row['password'];
}
$ump=md5("$username|$passwordemmd5");
$bbb=base64_encode("$ump");
$aaa=base64_encode("$username");
//define the receiver of the email
$to = $email;
//define the subject of the email
$subject = 'LegiaOSRO reset password step 1';
//define the message to be sent. Each line should be separated with \n
$message = "Hello dear LegiaOSRO player!\n\n____________________\n\nUsername: $username\nTo reset your password follow this link\nhttp://lsro.us.to/resetpwv2.php?a=$aaa&b=$bbb\n____________________\n\nRegards, LegiaOSRO Team";
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: reset@lsro.us.to\r\nReply-To: legiaopthome@hotmail.com";
//send the email
$mail_sent = @mail( $to, $subject, $message, $headers );
//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"
//echo $mail_sent ? "Mail sent" : "Mail failed";*/
$erro="<font color='#2ed900'>To reset your password check your email</font>";
}else{
$erro="<font color='red'>There is no account with such email!</font>";
}
}
}else if((isset($_GET["a"])) && (isset($_GET["b"]))){
$userreset=base64_decode($_GET["a"]);
$pwcheckreset=base64_decode($_GET["b"]);
$check = new security();
$message = null;
if($check->is_secure($userreset) == false) $message[] = "";
if(count($message) > 0) {
$erro="<font color='red'>You have written invalid characters!</font>";
}else{
$passwordemmd5="";
$getidepw = mssql_query("select * from TB_User where StrUserID = '$userreset'");
while ($row = mssql_fetch_array($getidepw)) {
$passwordemmd5=$row['password'];
$email2=$row['Email'];
}
$checkcode=md5("$userreset|$passwordemmd5");
if($checkcode==$pwcheckreset){
//criar uma password nova
$newpw = createRandomPassword();
//md5
$md5newpw=md5($newpw);
//update da password
$sql="UPDATE TB_User SET password='$md5newpw' WHERE StrUserID='$userreset'";
mssql_query($sql);
//define the receiver of the email
$to = $email2;
//define the subject of the email
$subject = 'LegiaOSRO new password';
//define the message to be sent. Each line should be separated with \n
$message = "Hello dear LegiaOSRO player!\n\n____________________\n\nUsername: $userreset\nPassword: $newpw\n____________________\n\nRegards, LegiaOSRO Team";
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: reset@lsro.us.to\r\nReply-To: legiaopthome@hotmail.com";
//send the email
$mail_sent = @mail( $to, $subject, $message, $headers );
//if the message is sent successfully print "Mail sent". Otherwise print "Mail failed"
//echo $mail_sent ? "Mail sent" : "Mail failed";
$titulo="Reset Password - Done";
$conteudo="<br><br><p align='center'><font color='#2ed900'>Check your new password in your email</font></p>";
include("theme.php");
die;
}else{
$titulo="Reset Password - Ops!";
$conteudo="<br><br><p align='center'><font color='red'>This link is not valid</font></p>";
include("theme.php");
die;
}
}
}
$titulo="Reset Password - Step 1";
$conteudo=$conteudo."<font face='verdana' size='2'><br /><b>   <img src='styles/img/title-shield.png' border='0' /> Reset Password:</b></font>";
$conteudo=$conteudo."
<div class='reg-form' style=\"width:250px; top:-150px;\">
<div style=\"text-align:center; width:100%;height:1px;position:relative; top:-20px;color:red;\">$erro</div>
<form action='resetpwv2.php' method='POST'>
Username:<br />
<input type='text' name='username' maxlength='16' value='".$_POST["username"]."'><br />
Email:<br />
<input type='text' name='email' maxlength='32' value='".$_POST["email"]."'><br /><br />
<img src='./captcha/captcha.php' width='97px' height='40px' > <input type='text' value='image' name='captcha' style='position:relative;top:-17px;width:99px;height:20px;' onfocus='clearText(this);' />
<input style='margin-top:10px;cursor:pointer;width: 60px;height:20px;font-size:10px;font-weight: bold; font-family: Tahoma;text-transform: uppercase;' type='submit' name='submit' value='Reset'>
</form>
</div>";
include("theme.php");
?>
