Location: PHPKode > projects > top serious project > bco/reset_password.php
<?php

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

include("include.php");

if ($_POST['submit'] == "get password") {
    
    if (($_POST['username'] == "") || ($_POST['email'] == "")) {
        bco_error("Username or email was blank.");
    }

    $query = "select id from users where lower(username)=lower('$_POST[username]') and email_signup='$_POST[email]' and security_answer='" . md5($_POST['security_answer']) . "'";
    if (!$result = pg_query($query)) {
        bco_error("Verification failed.");
    }

    if (pg_num_rows($result) != 1) {
        bco_error("There is either no account with that name, the email is not correct or the security answer is incorrect.");
    } else {
        $row = pg_fetch_assoc($result);
        // Generate a new password here.
        $password = bco_randompassword(8);
        // md5 the password.
        $md5_password = md5($password);

        $userid = pg_fetch_result($result, 0);

        if ($userid != "") {
            // Update the users password
            $update_query = "update users set password='$md5_password' where id=$userid";
            if (!pg_query($update_query)) {
                bco_error("Password update failed.</br >" . pg_last_error());
            }
        } else {
            bco_error("Something went wrong. Sorry.");
        }

        $mail_msg  = "Hey forgetful! Here's your username and password.\n\n";
        $mail_msg .= "Username: $_POST[username]\n";
        $mail_msg .= "Password: $password\n\n";
        $mail_msg .= "Please don't lose/delete/forget me!\n" . ADMIN_NAME . "\n\n";

        if (!mail($_POST['email'], "Your lost password.", $mail_msg, "From: " . ADMIN_EMAIL)) {
            bco_error("Mail could not be sent");
        }

        bco_html_header("Password mailed");
        bco_index_menu("Password mailed");

echo <<< END
\n<br />
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
    <tr>
        <td align="center" class="tr1">Email sent to $_POST[email]!
        <br />
        <br />
        <a href="index.php" class="tr1">Go back to the index.</a>
        </td>
    </tr>
</table>
END;

        bco_html_footer(); 
    }
    exit;
}

bco_html_header("Reset your password");
bco_index_menu("Reset your password");

echo <<< END
\n<br />
<form method="post" action="$PHP_SELF">
If you happen to lose your password, you can have a new one generated and emailed to you at the address you signed up with.
<table width="100%" cellpadding="2" cellspacing="0" class="replytable">
    <tr>
        <td width="170" align="right">username:</td>
        <td align="left"><input type="text" name="username" maxlength="25" size="25" class="textfield" /></td>
    </tr>
    <tr>
        <td width="170" align="right">email registered with:</td>
        <td align="left"><input type="text" name="email" size="25" class="textfield" /></td>
    </tr>
    <tr>
        <td width="170" align="right">Mother's maiden name:</td>
        <td align="left" valign="top"><input type="text" name="security_answer" size="25" class="textfield" /></td>
    </tr>
    <tr>
        <td width="170" align="right">&nbsp;</td>
        <td align="left"><input type="submit" name="submit" value="get password" class="button" /></td>
    </tr>
</table>
<input type="hidden" name="refer" value="index.php" />
</form>
END;

bco_html_footer();

?>
Return current item: top serious project