Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Very important! You need to run SQL update!
- ALTER TABLE `account` ADD `reset_password` VARCHAR( 50 ) NOT NULL;
- */
- /*Config*/
- $realmd = array(
- 'db_host'=> 'localhost', //ip of db realm
- 'db_username' => 'mangos',//realm user
- 'db_password' => '',//realm password
- 'db_name'=> 'realmd',//realm db name
- );
- $config = array(
- 'path_to_thisfile' => 'http://mysite.com/lol/ownage/wow/pass_recovery.php', // Example: http://mysite.com/lol/ownage/wow/
- 'email_from' => 'mysite@wow.com', // Who should the email be sent from ?
- 'email_subject' => 'Password recovery for our site!', // Subject of the mail ??
- );
- function sha_password($user,$pass){
- $user = strtoupper($user);
- $pass = strtoupper($pass);
- return SHA1($user.':'.$pass);
- }
- function random_string($counts){
- $str = "abcdefghijklmnopqrstuvwxyz";//Count 0-25
- for($i=0;$i<$counts;$i++){
- if ($o == 1){
- $output .= rand(0,9);
- $o = 0;
- }else{
- $o++;
- $output .= $str[rand(0,25)];
- }
- }
- return $output;
- }
- $realmd_bc_new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);
- $selectdb = mysql_select_db($realmd[db_name],$realmd_bc_new_connect);
- if ($_GET[h] && $_GET[h] != '' && $_GET[h] != '0'){
- $output_random_pass = random_string(10);
- $query = mysql_query("SELECT username FROM `account` WHERE reset_password='$_GET[h]'");
- $res = mysql_fetch_array($query);
- if (mysql_num_rows($query) == 1){
- echo "Hi $res[username], Your password is: $output_random_pass. Please change your password fast as possible.";
- $pass_hash = sha_password($res[username],$output_random_pass);
- mysql_query("UPDATE `account` SET sha_pass_hash='$pass_hash' WHERE reset_password='$_GET[h]'");
- mysql_query("UPDATE `account` SET reset_password='' WHERE username='$res[username]'");
- }else{
- echo "Error.";
- }
- }else{
- ?>
- <?php
- //this is where user fill in and send by email
- if ($_POST[password_takeback]){
- $check_security = mysql_query("SELECT id FROM `account` WHERE username='$_POST[username]' AND email='$_POST[email]'");
- if (isset($_POST['username']) && isset($_POST['email']) && mysql_num_rows($check_security) == 1){
- $rand = random_string(40);
- mysql_query("UPDATE `account` SET reset_password='$rand' WHERE username='$_POST[username]'");
- $to = $_POST["email"];
- $from = "From: $config[email_from]";
- $subject = $config[email_subject];
- $message= "Hi $_POST[username], you have submitted a password recovery on our site. IF YOU DIDNT SUBMIT A PASSWORD REQUEST JUST DELETE THIS MAIL!. Please follow this link to complete the operation: $config[path_to_thisfile]?h=$rand";
- mail($to, $subject, $message, $from); // This work if you have configured your php.ini file to send email, !on linux its default.
- echo "An Email has been sent to you, please follow the email to complete the process.";
- }else{
- echo "Incorrect details, Please be sure that you submitted right Email and Username to your account";
- }
- }else{
- ?>
- <form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">
- Your Email: <input type="text" name="email">
- Your Username: <input type="text" name="username">
- <input type="submit" name="password_takeback">
- </form>
- <?php
- }
- }// End GET
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement