Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*-## DB CONNECTION ##-*/
- mysql_pconnect($host, $user, $pass) OR die("Could Not connect to the server");
- mysql_select_db($dbacc);
- // Check if ?id= is set
- if(empty($_GET['id'])){ ?>
- <form action="" method="POST">
- <input type="text" value="Username" name="txtUsername"/></br>
- <input type="text" value="Email" name="txtEmail"/></br>
- <input type="submit" value="Submit" name="btnSubmit"/></br>
- </form>
- <?php
- }else{
- //Get the acc id
- $b64 = $_GET['id'];
- //Get email and transform it to UPPERCASE
- $toa = strtoupper($_GET['email']);
- //Create a random password
- $newpass = createRandomPassword();
- //Get the account id
- $dc = explode(':', base64_decode($b64));
- $accid = $dc[0];
- //Get some account info with the selected id
- $select_q = @mysql_query("SELECT username, email FROM account WHERE id='".$accid."'") or die("Failed to execute query R28");
- $select_row = @mysql_fetch_assoc($select_q);
- //If THe mail gotten from the link is not equal to the mail in the db then the link has been manipulated and a hack is captured
- if(strtoupper($toa) != strtoupper($select_row['email'])){
- die("LINK MANIPULATED Log Captured!");
- }
- //Transform username into UPPERCASE
- $u = strtoupper($select_row['username']);
- //Create the sha1 encrypted password
- $passe = sha1(strtoupper($u.":".$newpass));
- //Update the Database info
- mysql_query("UPDATE account SET sha_pass_hash='$passe' WHERE username = '$u'") or die("Cant update new password");
- mysql_query("UPDATE account SET `v`='0' AND `s`='0' WHERE `username`='$u'") or die("Cant change password correctly");
- //Send mail to user that pass has been changed to
- $messagea = "Your new password is: \n".$newpass;
- echo maila($messagea, $toa, $subject);
- }
- if(isset($_POST['btnSubmit'])){
- $selectacc = @mysql_query("SELECT email, username, id FROM account WHERE username = '".strtoupper(mysql_real_escape_string($_POST['txtUsername']))."'") or die("Could not execute query");
- $acc = @mysql_fetch_assoc($selectacc);
- if(strtoupper($acc['email']) != strtoupper($_POST['txtEmail'])){
- echo 'Email is not correct';
- echo '<br/>';
- echo $acc['email'];
- }else{
- $toa = mysql_real_escape_string($_POST['txtEmail']);
- $id = base64_encode($acc['id'].':'.$_POST['username']);
- $link = $linkadress."?id=".$id."&email=".$toa;
- $messagea = "You have requested a password reset from ip:".$_SERVER['REMOTE_ADDR']." \n
- Please click following link to generate a new pass.\n
- ".$link;
- global $subject;
- echo maila($messagea, $toa, $subject);
- }
- }
- function maila($message, $to, $subject){
- global $sendera;
- $headers = 'From: '.$sendera."\r\n" .
- 'Reply-To: '.$sendera."\r\n" .
- 'X-Mailer: PHP/' . phpversion();
- mail($to, $subject, $message, $headers);
- return "Mail Has been send Please check your inbox";
- }
- //Generate a random password
- function createRandomPassword() {
- $chars = "abcdefghijkmnopqrstuvwxyz023456789";
- srand((double)microtime()*1000000);
- $i = 0;
- $pass = '' ;
- while ($i <= 7) {
- $num = rand() % 33;
- $tmp = substr($chars, $num, 1);
- $pass = $pass . $tmp;
- $i++;
- }
- return $pass;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement