Hello!
I’m coding my first php website right now and I have a small problem…
In this code:
[php]
<?php include_once("php_includes/check_login_status.php"); ini_set('display_errors',1); // If user is already logged in, header him/her away if($user_ok == true){ header("location: user.php?u=".$_SESSION["username"]); exit(); } ?><?php// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST[“e”])){
$e = mysqli_real_escape_string($db_conx, $_POST[‘e’]);
$sql = “SELECT id, username FROM users WHERE email=’$e’ AND activated=‘1’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$id = $row[“id”];
$u = $row[“username”];
}
$emailcut = substr($e, 0, 4);
$randNum = rand(10000,99999);
$tempPass = “$emailcut$randNum”;
$hashTempPass = hash(“SHA512”, $tempPass);
$validate = md5($_POST[‘username’] + microtime());
$sql = “UPDATE useroptions SET temp_pass=’$hashTempPass’ WHERE username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$to = “$e”;
$from = "[email protected]";
$headers =“From: $from\n”;
$headers .= “MIME-Version: 1.0\n”;
$headers .= “Content-type: text/html; charset=iso-8859-1 \n”;
$subject =“Busarna4.net78.net Temporary Password”;
$msg = ‘
Hello ‘.$u.‘
This is an automated message from Busarna4.net78.net. If you did not recently initiate the Forgot Password process, please disregard this email.
You indicated that you forgot your login password. We can generate a temporary password for you to log in with, then once logged in you have to change your password to anything you like.
After you click the link below your password to login will be:
’.$tempPass.‘
Click here now to apply the temporary password shown below to your account
If you do not click the link in this email, no changes will be made to your account. In order to set your login password to the temporary password you must click the link above.
’;if(mail($to,$subject,$msg,$headers)) {
echo “success”;
exit();
} else {
echo “email_send_failed”;
exit();
}
} else {
echo “no_exist”;
}
exit();
}
?><?php
// EMAIL LINK CLICK CALLS THIS CODE TO EXECUTE
if(isset($_GET[‘u’]) && isset($_GET[‘e’])){
$u = preg_replace(’#[^a-z0-9]#i’, ‘’, $_GET[‘u’]);
$temppasshash = $hashTempPass;
if(strlen($temppasshash) < 10){
exit();
}
$sql = “SELECT id FROM useroptions WHERE username=’$u’ AND temp_pass=’$temppasshash’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows == 0){
header(“location: message.php?msg=There is no match for that username with that temporary password in the system. We cannot proceed.”);
exit();
} else {
$row = mysqli_fetch_row($query);
$id = $row[0];
$sql = “UPDATE users SET password=’$temppasshash’ WHERE id=’$id’ AND username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$sql = “UPDATE useroptions SET temp_pass=’’ WHERE username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
header(“location: login.php”);
exit();
}
}
?> Forgot Password #forgotpassform{ margin-top:24px; } #forgotpassform > div { margin-top: 12px; } #forgotpassform > input { width: 250px; padding: 3px; background: #F3F9DD; } #forgotpassbtn { font-size:15px; padding: 10px; } <?php include_once("template_pageTop.php"); ?>
Generate a temorary log in password
Generate Temporary Log In Password
Does anyone know what I should do?
Thanks in advance // Busarna4