API tools faq
paste
Guest User

Untitled

a guest
Jun 14th, 2018
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 7.75 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //signin.php
  3. session_start();
  4. include 'includes/mysqli_connect.php';
  5. include 'includes/functions.php';
  6. //Loading up the security library
  7. set_include_path(get_include_path().PATH_SEPARATOR."includes/secure/src");
  8. spl_autoload_register('spl_autoload');
  9. //Fireup the blowfish algorithm
  10. $gen = new org\codeangel\security\passwords\DefaultPasswordGenerator;
  11. $title = "Forgot password";
  12. ?>
  13. <?php include 'includes/template/header.php' ?>
  14. <script type='text/javascript'>
  15.     function alldone() {
  16.         $().toastmessage('showToast', {
  17.             text     : 'Your password has been reset and mailed to you.',
  18.             sticky   : true,
  19.             position : 'middle-center',
  20.             type     : 'error',
  21.             closeText: '',
  22.             close    : function () {
  23.                 console.log("toast is closed ...");
  24.             }
  25.         });
  26.  
  27.     }
  28.    
  29.         function mailerror() {
  30.         $().toastmessage('showToast', {
  31.             text     : 'An unexpected error occured: Your password could not be mailed to you',
  32.             sticky   : true,
  33.             position : 'middle-center',
  34.             type     : 'error',
  35.             closeText: '',
  36.             close    : function () {
  37.                 console.log("toast is closed ...");
  38.             }
  39.         });
  40.  
  41.     }
  42.    
  43.             function sqlerror() {
  44.         $().toastmessage('showToast', {
  45.             text     : 'An unexpected error occured: Your password could not be reset',
  46.             sticky   : true,
  47.             position : 'middle-center',
  48.             type     : 'error',
  49.             closeText: '',
  50.             close    : function () {
  51.                 console.log("toast is closed ...");
  52.             }
  53.         });
  54.  
  55.     }
  56.    
  57.                 function wrongans() {
  58.         $().toastmessage('showToast', {
  59.             text     : 'The security answer you entered is wrong, please go back and type in the right answer',
  60.             sticky   : true,
  61.             position : 'middle-center',
  62.             type     : 'error',
  63.             closeText: '',
  64.             close    : function () {
  65.                 console.log("toast is closed ...");
  66.             }
  67.         });
  68.  
  69.     }
  70.    
  71.                     function emptyuser() {
  72.         $().toastmessage('showToast', {
  73.             text     : 'Please type in your username',
  74.             sticky   : true,
  75.             position : 'middle-center',
  76.             type     : 'error',
  77.             closeText: '',
  78.             close    : function () {
  79.                 console.log("toast is closed ...");
  80.             }
  81.         });
  82.  
  83.     }
  84.    
  85.                         function emptyanswer() {
  86.         $().toastmessage('showToast', {
  87.             text     : 'Please type in the security answer',
  88.             sticky   : true,
  89.             position : 'middle-center',
  90.             type     : 'error',
  91.             closeText: '',
  92.             close    : function () {
  93.                 console.log("toast is closed ...");
  94.             }
  95.         });
  96.  
  97.     }
  98.     </script>
  99. <center>
  100. <div id="wrap">
  101. <br>
  102. <?php include 'includes/template/navbar.php' ?>
  103. <?php include 'includes/template/updates.php' ?>
  104.  
  105. <div class="wrapbg">
  106. <span class="corners-top"><span></span></span>
  107. <div id="content"><br/>
  108. Forgot password
  109. <hr class='hr1'>
  110. <?php
  111. if($_SERVER['REQUEST_METHOD'] == 'POST'){
  112.     if(isset($_POST['username'])){
  113.         if(empty($_POST['username_txt'])) { echo "<script type='text/javascript'> emptyuser(); </script>
  114.            
  115. <form action ='' method='POST'><br>
  116.    Username:<input type='text' name='username_txt'><br>
  117.    <button name='username' class='action greenbtn'><span class='label'>Go</span></button>
  118. </form>
  119. "; } else {
  120.     $username = mysqli_real_escape_string($link, $_POST['username_txt']);
  121.  
  122.     $sql = "SELECT * from users where username = '$username'";
  123.     $runsql = mysqli_query($link, $sql);
  124.     if(mysqli_num_rows($runsql) == 0){ echo "The user could not be found"; } else {
  125.             $result = mysqli_fetch_assoc($runsql);
  126.             $question = $result['security_question'];
  127.             ?>
  128. <h4><?php echo $question ?></hr>
  129.     <form action="" method="POST">
  130.         <table>
  131.         <tr><td><input type='text' name="my_answer"></td></tr>
  132.         <tr><td><input type='hidden' name='hidden_user' value='<?php echo $username ?>'></td></tr>
  133.         <tr><td><input type='hidden' name='hidden_question' value='<?php echo $question ?>'></td></tr>
  134.         <tr><td><button name='answer' class='action greenbtn'><span class='label'>Reset password</span></button></td></tr>
  135.         </table>
  136.     </form>
  137.         <?php
  138.     }
  139.     }
  140.     }
  141.     //query and show question and wait for answer    
  142.  if(isset($_POST['answer'])){
  143.      
  144.              if(empty($_POST['my_answer'])) {
  145.                             $hidden_question = mysqli_real_escape_string($link, $_POST['hidden_question']);
  146.      echo "<script type='text/javascript'> emptyanswer(); </script>
  147.     <h4> $hidden_question </h4>      
  148.    <form action='' method='POST'>
  149.        <table>
  150.        <tr><td><input type='text' name='my_answer'></td></tr>
  151.        <tr><td><input type='hidden' name='hidden_user' value='<?php echo $username ?>'></td></tr>
  152.        <tr><td><input type='hidden' name='hidden_question' value='<?php echo $hidden_question ?>'></td></tr>
  153.        <tr><td><button name='answer' class='action greenbtn'><span class='label'>Reset password</span></button></td></tr>
  154.        </table>
  155.    </form>
  156. "; } else {
  157.      
  158.     $my_answer = $_POST['my_answer'];
  159.     $hidden_user = $_POST['hidden_user'];
  160.    
  161.     $sql = "SELECT * from users where username = '$hidden_user'";
  162.    
  163.     $runsql = mysqli_query($link, $sql);
  164.     $result = mysqli_fetch_assoc($runsql);
  165.    
  166.     $answer = $result['security_answer'];
  167.     $email = $result['email'];
  168.  
  169.     if($gen->checkPassword($my_answer, $answer)){
  170.        
  171. $password_length = 15;
  172. function make_seed() {
  173.   list($usec, $sec) = explode(' ', microtime());
  174.   return (float) $sec + ((float) $usec * 100000);
  175. }
  176.  
  177. srand(make_seed());
  178.  
  179. $alfa = "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM";
  180. $token = "";
  181. $pass = "";
  182. for($i = 0; $i < $password_length; $i ++) {
  183.   $pass .= $alfa[rand(0, strlen($alfa)-1)];
  184.   }
  185.    
  186.  
  187.   $new_password = $gen->genPassword($pass);
  188.   echo $pass;
  189.   $update = "UPDATE users SET password = '$new_password' WHERE username = '$hidden_user'";
  190.   $runupdate = mysqli_query($link, $update);
  191.     if($runupdate){
  192.        
  193.         $to      = $result['email'];
  194. // subject
  195. $subject = 'Retrieve Password';
  196.  
  197. // message
  198. $message = '
  199. <html>
  200. <head>
  201.  <title>Like A Geek - Password Reset</title>
  202. </head>
  203. <body>
  204. <p>Your password is <?php echo "$pass"; ?>. Do change it after logging in!</p>
  205. <b>Like A Geek Administration</b>
  206. </body>
  207. </html>
  208. ';
  209.  
  210. // To send HTML mail, the Content-type header must be set
  211. $headers  = 'MIME-Version: 1.0' . "\r\n";
  212. $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
  213.  
  214. // Additional headers
  215. $headers .= 'To: $row[name]; <$row[email];>' . "\r\n";
  216. $headers .= 'From: Password Reset <reset@likeageek.net>' . "\r\n";
  217.  
  218. if (mail($to, $subject, $message, $headers)) {
  219.   echo "<script type='text/javascript'> alldone(); </script>";
  220. }
  221. else {
  222.   echo "<script type='text/javascript'> mailerror(); </script>";
  223. }
  224.  
  225.        
  226.     } else { echo "<script type='text/javascript'> sqlerror(); </script>"; }
  227.    
  228.     } else {
  229.         echo "<script type='text/javascript'> wrongans(); </script>";
  230.     }
  231.    
  232.    
  233.     } }
  234.    
  235. } else { ?>
  236. <form action ="" method="POST"><br>
  237.     Username:<input type='text' name='username_txt'><br>
  238.     <button name='username' class='action greenbtn'><span class='label'>Go</span></button>
  239. </form>
  240.     <?php } ?>
  241. </div>
  242. <span class="corners-bottom"><span></span></span>
  243. </div>
  244. </div>
  245. <br />
  246. <?php include 'includes/template/footer.php'; ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!