Advanced Forgoten Password Script
Ok In this script we are making a forgot password script. that is easily editibale and pretty advanced.It Works Because I Use It Myself.
Any Problems Let Me Know
PHP Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
<?php
require "config.php"; //Depending on what system you use you may need to change the config to connect.
if (!$_POST['lost_pass']) {//the form hasn't been submitted, we make it
echo ("<strong>Forgot your password?</strong><br \>\n
In order to recover your password need need your email address.\n
Please type the email address you used upon registration\n<br \>
E-Mail Address<form method=post><input type=text name=email><br \>\n
<input type=\"submit\" name=\"lost_pass\" value=\"Recover Password\">\n
</form>"); //all that is just the form methord. the bit you see to enter your email and all that. i dont think ill need to explain it.
}else{
$email = $_POST['email']; //this is making the $email the input into the email part in the form
$sql = "SELECT * FROM users WHERE email='$email'"; //this is checking the emails in the database looking for the one posted in the form
$checkmail = mysql_query($sql)
or die(mysql_error());
//the above lines look for the email address in the member table
if (mysql_num_rows($checkmail) == "0") {
exit("We can't find that email address in our member database,
please make sure you entered the correct address");
}//if the email doesn't exist, tell the user it doesn't
$checkmail = mysql_fetch_array($checkmail);
$user = $checkmail['user'];
// *************************
// Random Password Generator
// *************************
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
//shuffles the letters around to create a 16 long code
$code = substr(str_shuffle($alphanum), 0, 7);
$newpassword = sha1(md5(md5(sha1(md5(sha1(sha1(md5($code))))))));
$update = "UPDATE `members` SET `password` = '" . $newpassword . "' WHERE `username` = '" . $user . "'";
mysql_query($update)
or die(mysql_error());
//change the member's password to the new generated one
$subject = "Password Recovery from SITE NAME HERE"; //here is the subject of the email
$message = ("$user, after submitting the password recovery form you this message has been
generated for you. A new password has been generated for you and is included below.\n
Your new password is " . $newpassword . "\n
Thank you for using the password recovery service, have a nice day"); //this is what is displayed in the email
$sender = "no.rely@YOURSITE.COM"; //change this to your site
mail($email, $subject, $message, $sender);//send an email to our user
echo ("Thank you, a new password has been generated. It has been sent to your inbox.
While this service is usually instantanious it can take up to 10 minutes, please be patient"); //this is displayed and the email is sent!
}
?>
Posted on Friday 18th July 2008 at 11:35 PM
Email doesn't send and I can still login with my old password.
Posted on Monday 2nd June 2008 at 11:33 PM
This does work just a small flaw in the email that is sent. See it simply sends the MD5 password therefore its obviously going to be deny your login. All you do is find in the email where is send $newpassword and swap that with $code and then you are good.
Posted on Sunday 2nd March 2008 at 11:27 AM
This stil dont work Dan?
Posted on Monday 24th December 2007 at 10:40 PM
Try that I update it.
Posted on Monday 24th December 2007 at 10:21 PM
Doesn't work. You have to change the "user" parts to members. Anyway, when you do that it sends an email to you, but it says your new password is .
Although it doesn't change your password to anything.
Good luck :D
Although it doesn't change your password to anything.
Good luck :D