Unique Forgot Password
Hello everyone, UrbanTwitch here. Before I go on this is my FIRST script from scratch that I have created so I am very proud. Anywho, its was also my my hardest. xDI would like to thank Diablo, MOD-Shadow, and ilyas for their help when I asked for it. (I'm still learning!) Ok so here we go!
First, SQL time!
Code
CREATE TABLE `verify` (
`username` VARCHAR( 255 ) NOT NULL,
`code` VARCHAR( 255 ) NOT NULL,
);
Now, let's call this forgotpass.php
PHP Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
<?php
//checks if there trying to veriy there account
if(isset($_GET['verify'])) { //your on the form verify
$code = addslashes($_GET['code']); //gets the url and adds to verify
$getcode = mysql_query("SELECT * FROM `verify` WHERE code = '$code'"); //grabs the data from the code you clicked in the email
$p = mysql_fetch_array($getcode); //arrays it the info
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; //here is the available characters it will choose from for your new password
$coded = substr(str_shuffle($alphanum), 0, 7); //then it takes the characters listed above and shuffles it around and picks the first 7
$newpassword = sha1(md5(md5(sha1(md5(sha1(sha1(md5($coded)))))))); //this makes the passwors secure so you can login
$update_pass = mysql_query("UPDATE `members` SET `password` = '$newpassword' WHERE `username` = '$p[username]';") or die(mysql_error());
//updates the password with the newpassword
echo "<style>
#np {
background: #D7F9C6;
border: 1px solid #649A49;
padding: 4px;
color: #388014;
}
</style>
<div id=np>Hello $p[username], your new password is: <b>$coded</b>. Copy and paste the your new password when you <a href=http://sodadome.com/login.php>login</a>. If it doesn't work. Type it out - remember its cAsE sEnSiTiVe.</div><br><hr><br><br>";
//the echo is where it shows your
$delete = mysql_query("DELETE FROM `verify` WHERE code = '$code'"); //then deletes the verifaction you clicked so its unique and the pass is reset by you only
} //just a curely bracket on line 24 that ends the what it started on line 3
if(isset($_GET['true'])) { //when you send the form
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; //available characters for your verification code
$code = substr(str_shuffle($alphanum), 0, 16);//shuffles it around and takes first 16 characters
$username = $_POST['username']; //takes the username and gives variable
mysql_query("INSERT INTO `jsfdan_cnews`.`verify` (`username` ,`code`) VALUES ('$username', '$code');") or die(mysql_error());
//inserts verification code and username
$fetch = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'"); //grabs the data on the username you entered
$user = mysql_fetch_array($fetch); //puts it into more shorter variable
$mail = mail("$user[email]", "Password Recovery from sodaDome.com", "Hello $username, it seems you have forgotten your password. To get a new one, please click the link below
http://sodadome.com/forgotpass.php?verify&code=$code
Thanks and have a nice day.", "From: bot@sodadome.com");
echo "Please check your email, $username.";//emails the user
}else{
if(!$_POST['fpas']){ //form not submitted
echo "<form action='?true' method='post'>Forgot Your password?<br><br>
Enter your Username: <input type='text' name='username' size='30' maxlength='15'><br><br>
<input type='submit' value='Submit!' name='fpas'>";
}
}
?>
I've put comments in lines to help you understand. But, you may be wondering.. what makes this so unique than the others? Well when you ask for password change it doesn't change your password JUST yet. You will get an email asking you to go to an url. The url has a code which if you go to it, will reset your password. Then after you go the site, the verification deletes from database so you can't go to the same url twice.
See it in action: http://sodadome.com/forgotpass.php
Posted on Thursday 31st July 2008 at 08:55 PM
Matt, fetch_array get's the actual text from the database. Normally, if you echo the select query, then you will get array, while the fetch_array actually gets the correct text from the database.
Posted on Thursday 31st July 2008 at 07:57 PM
Thats why you READ THE COMMENTS IN THE SCRIPT.
Posted on Thursday 31st July 2008 at 05:32 PM
That doesn't make sense. I did post a tutorial.
I did explain codes.
I did explain codes.
Posted on Thursday 31st July 2008 at 05:18 PM
$p = mysql_fetch_array($getcode); //arrays it the info
if your not going to post a tutorial at least explain what your codes to a little better.
if your not going to post a tutorial at least explain what your codes to a little better.
Posted on Wednesday 30th July 2008 at 11:25 PM
None taken. What I mean is that the URL has a lot of letters/numbers.
Posted on Wednesday 30th July 2008 at 11:04 PM
Urban, it's not unique, go to any forgot password script and it doesn't change your password automatically.
No offence.
No offence.
Posted on Wednesday 30th July 2008 at 08:09 PM
Thanks. OH I forgot to mention that you're going to need to edit it to your site. Like who its from and message title and whatnot.
Posted on Wednesday 30th July 2008 at 07:04 PM
lol chill out i was kidding xD
Posted on Wednesday 30th July 2008 at 04:54 PM
We understand dude, just dont let them get to you.
Posted on Wednesday 30th July 2008 at 04:47 PM
Gah. I've been having a bad week with all these bad things happening to me... :(
Its just that I don't like it when people accuse me of for something I didn't do without evidence. Sure I looked at the Adv Forgot Pass sript but I didn't copy and paste anything. I just look at it for refrence for like the inserts and deletes.
I did do this from scratch with a bit of help of PHP placement. Thats all.
Its just that I don't like it when people accuse me of for something I didn't do without evidence. Sure I looked at the Adv Forgot Pass sript but I didn't copy and paste anything. I just look at it for refrence for like the inserts and deletes.
I did do this from scratch with a bit of help of PHP placement. Thats all.