Unique Forgot Password
Hello everyone, UrbanTwitch here. Before I go on this is my FIRST script from scratch that I have created so I am very proud. Anywho, its was also my my hardest. xD
I would like to thank Diablo, MOD-Shadow, and ilyas for their help when I asked for it. (I'm still learning!) Ok so here we go!
First, SQL time!
Code
CREATE TABLE `verify` (
`username` VARCHAR( 255 ) NOT NULL,
`code` VARCHAR( 255 ) NOT NULL,
);
Now, let's call this
forgotpass.php
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
//checks if there trying to veriy there account
if(isset($_GET['verify'])) { //your on the form verify
$code = addslashes($_GET['code']); //gets the url and adds to verify
$getcode = mysql_query("SELECT * FROM `verify` WHERE code = '$code'"); //grabs the data from the code you clicked in the email
$p = mysql_fetch_array($getcode); //arrays it the info
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; //here is the available characters it will choose from for your new password
$coded = substr(str_shuffle($alphanum), 0, 7); //then it takes the characters listed above and shuffles it around and picks the first 7
$newpassword = sha1(md5(md5(sha1(md5(sha1(sha1(md5($coded)))))))); //this makes the passwors secure so you can login
$update_pass = mysql_query("UPDATE `members` SET `password` = '$newpassword' WHERE `username` = '$p[username]';") or die(mysql_error());
//updates the password with the newpassword
echo "<style>
#np {
background: #D7F9C6;
border: 1px solid #649A49;
padding: 4px;
color: #388014;
}
</style>
<div id=np>Hello $p[username], your new password is: <b>$coded</b>. Copy and paste the your new password when you <a href=http://sodadome.com/login.php>login</a>. If it doesn't work. Type it out - remember its cAsE sEnSiTiVe.</div><br><hr><br><br>";
//the echo is where it shows your
$delete = mysql_query("DELETE FROM `verify` WHERE code = '$code'"); //then deletes the verifaction you clicked so its unique and the pass is reset by you only
} //just a curely bracket on line 24 that ends the what it started on line 3
if(isset($_GET['true'])) { //when you send the form
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; //available characters for your verification code
$code = substr(str_shuffle($alphanum), 0, 16);//shuffles it around and takes first 16 characters
$username = $_POST['username']; //takes the username and gives variable
mysql_query("INSERT INTO `jsfdan_cnews`.`verify` (`username` ,`code`) VALUES ('$username', '$code');") or die(mysql_error());
//inserts verification code and username
$fetch = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'"); //grabs the data on the username you entered
$user = mysql_fetch_array($fetch); //puts it into more shorter variable
$mail = mail("$user[email]", "Password Recovery from sodaDome.com", "Hello $username, it seems you have forgotten your password. To get a new one, please click the link below
http://sodadome.com/forgotpass.php?verify&code=$code
Thanks and have a nice day.", "From: bot@sodadome.com");
echo "Please check your email, $username.";//emails the user
}else{
if(!$_POST['fpas']){ //form not submitted
echo "<form action='?true' method='post'>Forgot Your password?<br><br>
Enter your Username: <input type='text' name='username' size='30' maxlength='15'><br><br>
<input type='submit' value='Submit!' name='fpas'>";
}
}
?>
I've put comments in lines to help you understand. But, you may be wondering.. what makes this so unique than the others? Well when you ask for password change it doesn't change your password JUST yet. You will get an email asking you to go to an url. The url has a code which if you go to it, will reset your password. Then after you go the site, the verification deletes from database so you can't go to the same url twice.
See it in action: http://sodadome.com/forgotpass.php