Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //signin.php
- session_start();
- include 'includes/mysqli_connect.php';
- include 'includes/functions.php';
- //Loading up the security library
- set_include_path(get_include_path().PATH_SEPARATOR."includes/secure/src");
- spl_autoload_register('spl_autoload');
- //Fireup the blowfish algorithm
- $gen = new org\codeangel\security\passwords\DefaultPasswordGenerator;
- $title = "Forgot password";
- ?>
- <?php include 'includes/template/header.php' ?>
- <script type='text/javascript'>
- function alldone() {
- $().toastmessage('showToast', {
- text : 'Your password has been reset and mailed to you.',
- sticky : true,
- position : 'middle-center',
- type : 'error',
- closeText: '',
- close : function () {
- console.log("toast is closed ...");
- }
- });
- }
- function mailerror() {
- $().toastmessage('showToast', {
- text : 'An unexpected error occured: Your password could not be mailed to you',
- sticky : true,
- position : 'middle-center',
- type : 'error',
- closeText: '',
- close : function () {
- console.log("toast is closed ...");
- }
- });
- }
- function sqlerror() {
- $().toastmessage('showToast', {
- text : 'An unexpected error occured: Your password could not be reset',
- sticky : true,
- position : 'middle-center',
- type : 'error',
- closeText: '',
- close : function () {
- console.log("toast is closed ...");
- }
- });
- }
- function wrongans() {
- $().toastmessage('showToast', {
- text : 'The security answer you entered is wrong, please go back and type in the right answer',
- sticky : true,
- position : 'middle-center',
- type : 'error',
- closeText: '',
- close : function () {
- console.log("toast is closed ...");
- }
- });
- }
- function emptyuser() {
- $().toastmessage('showToast', {
- text : 'Please type in your username',
- sticky : true,
- position : 'middle-center',
- type : 'error',
- closeText: '',
- close : function () {
- console.log("toast is closed ...");
- }
- });
- }
- function emptyanswer() {
- $().toastmessage('showToast', {
- text : 'Please type in the security answer',
- sticky : true,
- position : 'middle-center',
- type : 'error',
- closeText: '',
- close : function () {
- console.log("toast is closed ...");
- }
- });
- }
- </script>
- <center>
- <div id="wrap">
- <br>
- <?php include 'includes/template/navbar.php' ?>
- <?php include 'includes/template/updates.php' ?>
- <div class="wrapbg">
- <span class="corners-top"><span></span></span>
- <div id="content"><br/>
- Forgot password
- <hr class='hr1'>
- <?php
- if($_SERVER['REQUEST_METHOD'] == 'POST'){
- if(isset($_POST['username'])){
- if(empty($_POST['username_txt'])) { echo "<script type='text/javascript'> emptyuser(); </script>
- <form action ='' method='POST'><br>
- Username:<input type='text' name='username_txt'><br>
- <button name='username' class='action greenbtn'><span class='label'>Go</span></button>
- </form>
- "; } else {
- $username = mysqli_real_escape_string($link, $_POST['username_txt']);
- $sql = "SELECT * from users where username = '$username'";
- $runsql = mysqli_query($link, $sql);
- if(mysqli_num_rows($runsql) == 0){ echo "The user could not be found"; } else {
- $result = mysqli_fetch_assoc($runsql);
- $question = $result['security_question'];
- ?>
- <h4><?php echo $question ?></hr>
- <form action="" method="POST">
- <table>
- <tr><td><input type='text' name="my_answer"></td></tr>
- <tr><td><input type='hidden' name='hidden_user' value='<?php echo $username ?>'></td></tr>
- <tr><td><input type='hidden' name='hidden_question' value='<?php echo $question ?>'></td></tr>
- <tr><td><button name='answer' class='action greenbtn'><span class='label'>Reset password</span></button></td></tr>
- </table>
- </form>
- <?php
- }
- }
- }
- //query and show question and wait for answer
- if(isset($_POST['answer'])){
- if(empty($_POST['my_answer'])) {
- $hidden_question = mysqli_real_escape_string($link, $_POST['hidden_question']);
- echo "<script type='text/javascript'> emptyanswer(); </script>
- <h4> $hidden_question </h4>
- <form action='' method='POST'>
- <table>
- <tr><td><input type='text' name='my_answer'></td></tr>
- <tr><td><input type='hidden' name='hidden_user' value='<?php echo $username ?>'></td></tr>
- <tr><td><input type='hidden' name='hidden_question' value='<?php echo $hidden_question ?>'></td></tr>
- <tr><td><button name='answer' class='action greenbtn'><span class='label'>Reset password</span></button></td></tr>
- </table>
- </form>
- "; } else {
- $my_answer = $_POST['my_answer'];
- $hidden_user = $_POST['hidden_user'];
- $sql = "SELECT * from users where username = '$hidden_user'";
- $runsql = mysqli_query($link, $sql);
- $result = mysqli_fetch_assoc($runsql);
- $answer = $result['security_answer'];
- $email = $result['email'];
- if($gen->checkPassword($my_answer, $answer)){
- $password_length = 15;
- function make_seed() {
- list($usec, $sec) = explode(' ', microtime());
- return (float) $sec + ((float) $usec * 100000);
- }
- srand(make_seed());
- $alfa = "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM";
- $token = "";
- $pass = "";
- for($i = 0; $i < $password_length; $i ++) {
- $pass .= $alfa[rand(0, strlen($alfa)-1)];
- }
- $new_password = $gen->genPassword($pass);
- echo $pass;
- $update = "UPDATE users SET password = '$new_password' WHERE username = '$hidden_user'";
- $runupdate = mysqli_query($link, $update);
- if($runupdate){
- $to = $result['email'];
- // subject
- $subject = 'Retrieve Password';
- // message
- $message = '
- <html>
- <head>
- <title>Like A Geek - Password Reset</title>
- </head>
- <body>
- <p>Your password is <?php echo "$pass"; ?>. Do change it after logging in!</p>
- <b>Like A Geek Administration</b>
- </body>
- </html>
- ';
- // To send HTML mail, the Content-type header must be set
- $headers = 'MIME-Version: 1.0' . "\r\n";
- $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
- // Additional headers
- $headers .= 'To: $row[name]; <$row[email];>' . "\r\n";
- $headers .= 'From: Password Reset <reset@likeageek.net>' . "\r\n";
- if (mail($to, $subject, $message, $headers)) {
- echo "<script type='text/javascript'> alldone(); </script>";
- }
- else {
- echo "<script type='text/javascript'> mailerror(); </script>";
- }
- } else { echo "<script type='text/javascript'> sqlerror(); </script>"; }
- } else {
- echo "<script type='text/javascript'> wrongans(); </script>";
- }
- } }
- } else { ?>
- <form action ="" method="POST"><br>
- Username:<input type='text' name='username_txt'><br>
- <button name='username' class='action greenbtn'><span class='label'>Go</span></button>
- </form>
- <?php } ?>
- </div>
- <span class="corners-bottom"><span></span></span>
- </div>
- </div>
- <br />
- <?php include 'includes/template/footer.php'; ?>
Add Comment
Please, Sign In to add comment