Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_POST['username']))
- {
- $name = $_POST['username'];
- $name = stripslashes($name);
- $name = mysql_real_escape_string($name);
- $sql1="SELECT * FROM users WHERE username='$name'";
- $check=mysql_query($sql1) or die('Query failed: ' . mysql_error() . "<br />\n$sql1");
- if(mysql_num_rows($check) != 1)
- {
- echo "Your details aren't found!";
- }
- else
- {
- $_SESSION['uname'] = $_POST['username'];
- $uname = $_SESSION['uname'];
- //echo $uname."<br>";
- $row=mysql_fetch_array($check);
- $question=$row["descr"];
- echo"Your question: $question <br>";
- echo"Your answer:
- <form action='' method='post'>
- <input type='text' name='answer' />
- <input type='submit' name='submit' value='Submit!' />
- </form>";
- }
- }
- elseif(isset($_POST['answer']))
- {
- $answer = $_POST['answer'];
- $uname = $_SESSION['uname'];
- //echo $uname."<br>";
- $result = mysql_query("SELECT * FROM users WHERE username='$uname'") or die(mysql_error());
- $query=mysql_fetch_array($result);
- //echo $_POST['answer']."<-- post answer<br>";
- if($query["lname"] == $answer) {
- //echo 'Your Password has been reset and sent to your registered email.';
- $uname = $_SESSION['uname'];
- $chars = array_merge(range('a', 'z'), range(0, 9));
- $len = 10;
- $output = '';
- for ($x = 0; $x < $len; $x++)
- $output .= $chars[array_rand($chars)];
- //$output;
- //$newpasstoecho = rand();
- //$newpassmd5 = $newpasstoecho;
- mysql_query("UPDATE users SET password='$output' WHERE username='$uname'");
- $pass = $output;
- $mail = $query["email"];
- $subject ="Your password!";
- $message = "Your password is: $pass";
- $mail_from="noreply@goverscape.com";
- $header="from: me";
- $to = $mail;
- $send_contact=mail($to,$subject,$message,$header);
- if($send_contact){
- echo 'Your Password has been reset and sent to your registered email.';
- }
- else {
- echo "Error sending the email, please try again.";
- }
- //echo $query["lname"]."<--result";
- }
- else {
- echo 'Your answer was not correct, please try again.';
- //echo $query["lname"]."<--result";
- }
- }
- else
- {
- echo "<form action='' method='post'>
- Your name: <input type='text' name='username' />
- <input type='submit' name='submit' value='Send!' />
- </form>";
- }
- ?>
Add Comment
Please, Sign In to add comment