Unique Forgot Password

Name: Unique Forgot Password
Rating: 1 (1 reviews)
Author: UrbanTwitch

Hello everyone, UrbanTwitch here. Before I go on this is my FIRST script from scratch that I have created so I am very proud. Anywho, its was also my my hardest. xD

I would like to thank Diablo, MOD-Shadow, and ilyas for their help when I asked for it. (I'm still learning!) Ok so here we go!

First, SQL time!

PHP Code

CREATE TABLE `verify` (
`username` VARCHAR( 255 ) NOT NULL,
`code` VARCHAR( 255 ) NOT NULL,
);

Now, let's call this forgotpass.php

PHP Code

<?php 
//checks if there trying to veriy there account
if(isset($_GET['verify'])) { //your on the form verify
$code = addslashes($_GET['code']); //gets the url and adds to verify
$getcode = mysql_query("SELECT * FROM `verify` WHERE code = '$code'"); //grabs the data from the code you clicked in the email
$p = mysql_fetch_array($getcode); //arrays it the info
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; //here is the available characters it will choose from for your new password
$coded = substr(str_shuffle($alphanum), 0, 7); //then it takes the characters listed above and shuffles it around and picks the first 7
$newpassword = sha1(md5(md5(sha1(md5(sha1(sha1(md5($coded)))))))); //this makes the passwors secure so you can login
$update_pass = mysql_query("UPDATE `members` SET `password` = '$newpassword' WHERE `username` = '$p[username]';") or die(mysql_error()); 
//updates the password with the newpassword
echo "<style>
#np {
background: #D7F9C6;
border: 1px solid #649A49;
padding: 4px;
color: #388014;
}
</style>
 
<div id=np>Hello $p[username], your new password is: <b>$coded</b>. Copy and paste the your new password when you <a href=https://sodadome.com/login.php>login</a>. If it doesn't work. Type it out - remember its cAsE sEnSiTiVe.</div><br><hr><br><br>";
//the echo is where it shows your 
$delete = mysql_query("DELETE FROM `verify` WHERE code = '$code'"); //then deletes the verifaction you clicked so its unique and the pass is reset by you only
} //just a curely bracket on line 24 that ends the what it started on line 3 
if(isset($_GET['true'])) { //when you send the form
$alphanum  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; //available characters for your verification code
$code = substr(str_shuffle($alphanum), 0, 16);//shuffles it around and takes first 16 characters
$username = $_POST['username']; //takes the username and gives variable
mysql_query("INSERT INTO `jsfdan_cnews`.`verify` (`username` ,`code`) VALUES ('$username', '$code');") or die(mysql_error()); 
//inserts verification code and username
$fetch = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'"); //grabs the data on the username you entered
$user = mysql_fetch_array($fetch); //puts it into more shorter variable 
$mail = mail("$user[email]", "Password Recovery from sodaDome.com", "Hello $username, it seems you have forgotten your password. To get a new one, please click the link below
 
 https://sodadome.com/forgotpass.php?verify&code=$code
 
 Thanks and have a nice day.", "From: bot@sodadome.com");
 
echo "Please check your email, $username.";//emails the user
}else{
 
if(!$_POST['fpas']){ //form not submitted
echo "<form action='?true' method='post'>Forgot Your password?<br><br>
 
Enter your Username: <input type='text' name='username' size='30' maxlength='15'><br><br>
 
<input type='submit' value='Submit!' name='fpas'>";
}
}
?>

I've put comments in lines to help you understand. But, you may be wondering.. what makes this so unique than the others? Well when you ask for password change it doesn't change your password JUST yet. You will get an email asking you to go to an url. The url has a code which if you go to it, will reset your password. Then after you go the site, the verification deletes from database so you can't go to the same url twice.

See it in action: https://sodadome.com/forgotpass.php

Author:

UrbanTwitch

Views:

3,890

Rating:

Posted on Thursday 31^st July 2008 at 08:55 PM

Diablosblizz
Diablosblizz's Avatar

Matt, fetch_array get's the actual text from the database. Normally, if you echo the select query, then you will get array, while the fetch_array actually gets the correct text from the database.

Posted on Thursday 31^st July 2008 at 07:57 PM

ShadowMage
ShadowMage's Avatar

Thats why you READ THE COMMENTS IN THE SCRIPT.

Posted on Thursday 31^st July 2008 at 05:32 PM

UrbanTwitch
UrbanTwitch's Avatar

That doesn't make sense. I did post a tutorial.

I did explain codes.

Posted on Thursday 31^st July 2008 at 05:18 PM

Matt

$p = mysql_fetch_array($getcode); //arrays it the info

if your not going to post a tutorial at least explain what your codes to a little better.

Posted on Wednesday 30^th July 2008 at 11:25 PM

UrbanTwitch
UrbanTwitch's Avatar

None taken. What I mean is that the URL has a lot of letters/numbers.

Posted on Wednesday 30^th July 2008 at 11:04 PM

Diablosblizz
Diablosblizz's Avatar

Urban, it's not unique, go to any forgot password script and it doesn't change your password automatically.

No offence.

Posted on Wednesday 30^th July 2008 at 08:09 PM

UrbanTwitch
UrbanTwitch's Avatar

Thanks. OH I forgot to mention that you're going to need to edit it to your site. Like who its from and message title and whatnot.

Posted on Wednesday 30^th July 2008 at 07:04 PM

ilyas-shezad
ilyas-shezad's Avatar

lol chill out i was kidding xD

Posted on Wednesday 30^th July 2008 at 04:54 PM

jambomb

We understand dude, just dont let them get to you.

Posted on Wednesday 30^th July 2008 at 04:47 PM

UrbanTwitch
UrbanTwitch's Avatar

Gah. I've been having a bad week with all these bad things happening to me... :(

Its just that I don't like it when people accuse me of for something I didn't do without evidence. Sure I looked at the Adv Forgot Pass sript but I didn't copy and paste anything. I just look at it for refrence for like the inserts and deletes.

I did do this from scratch with a bit of help of PHP placement. Thats all.