Password reset not working on site

#1

Hi Guys,

Just came across this page, and looking for help.

If I post my code, would someone be able to say why it’s not working?

#2

Maybe, I suggest you try - it’s worth a shot :smiley:

1 Like
#3
<?php                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ?><?php
require_once("/*********************");
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form2")) {
	if ($_POST['PasswordAnswer'] == $_POST['ReminderAnswer']) {
		$GLOBALS['dbMYWCC']->connect();
		$user_id = $_POST['ID'];
		$data = array(
			'Password' => md5(md5($_POST['RandomPassword']))
			);
		$rows = $GLOBALS['dbMYWCC']->update_array('wcc_admin', $data, "ID = $user_id");
		if (!$rows) $GLOBALS['dbMYWCC']->print_last_error(false);

		$Result['0']['Name'] = "PASSWORDCHANGE";
		$Result['0']['Type'] = "UPDATED";
		$Result['0']['Result'] = $Result1;
		$_SESSION['RESULT'] = $Result;

		$updateGoTo = $websiteSettings['MyWCCLink'] . "login.php?REASON=PASSWORDRESET";
		require_once($websiteSettings['MailDirectory'] . 'mail_forgotpassword.php');
	
	}else {
		$Result['0']['Name'] = "PASSWORDCHANGE";
		$Result['0']['Type'] = "FAILURE";
		$Result['0']['Result'] = $Result1;
		$_SESSION['RESULT'] = $Result;
		$updateGoTo = "?RESET=Y&REASON=UNABLE";
		header(sprintf("Location: %s", $updateGoTo));
	}
}else if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
	$https_SESSION_VARS["TEMP"] = $_POST["EMail"];
	$colname_Admin = $https_SESSION_VARS["TEMP"];
	$GLOBALS['dbMYWCC']->connect();
	
	$select2 = "SELECT * FROM wcc_admin WHERE EMail = '" . $colname_Admin . "'";
	echo "Select2 = " . $select2 . " | ";
	$r2 = $GLOBALS['dbMYWCC']->select($select2);
	$row_Credits=$GLOBALS['dbMYWCC']->get_row($r2, 'MYSQL_ASSOC');
	if ($GLOBALS['dbMYWCC']->row_count > 0 ) {
		$updateGoTo = "?RESET=Y";
		//header(sprintf("Location: %s", $updateGoTo));
	}else {
		$updateGoTo = "?RESET=N";
		//header(sprintf("Location: %s", $updateGoTo));
	}
}

$GLOBALS['templateVersion'] = "5.0";

//Change The Page Title Here:
$GLOBALS['pageTitle'] = "Forgot Your Password";

//Change the Last Updated By Here:
$GLOBALS['lastUpdatedBy'] = "Capt(A) Flynn, Bradley";

/*
The following lines of code are used to gather the names that appear
underneath the page title.
You can add as many as you wish. If you choose too have none, just comment out the line
by adding two backslashes (//) infront of the line
See Example below
Example:
$positions['A'] = getPosition("Position Name", "Department", "A");
where A is a integer value starting with 0
*/
//$GLOBALS['positions']['0'] = getPosition(" Officers Academy CO", "Training", "0");
//$GLOBALS['positions']['1'] = getPosition("Assistant Site Maintenance Officer", "Site Maintenance", "1");

display_header();
$GLOBALS['dbMYWCC']->connect();

$colname_Password = $https_SESSION_VARS["TEMP"];
$select2 = "SELECT * FROM wcc_admin WHERE EMail = '" . $colname_Password . "'";
echo "Select Script: " . $select2 . " | ";
$r2 = $GLOBALS['dbMYWCC']->select($select2);
$row_Password=$GLOBALS['dbMYWCC']->get_row($r2, 'MYSQL_ASSOC');
?>
<!-- DO NOT DELETE OR REMOVE ANY OF THE ABOVE CODE -->
<!-- ALTER ONLY WHERE TOLD TO -->
<!-- You may add all the html code you want except for the following tags -->
<!-- <html>, <body>, <meta tags>, and there respective closing tags -->
<!-- ALTER BELOW THIS COMMENT -->
<!-- The default alignment of the page is centered -->
	<?php eval('?>' . print_template("forgotpassword") . '<?php '); ?>
    <!-- END OF ACTUAL PAGE CODE                   -->
    <!-- EDIT ABOVE THESE COMMENTS                 -->
    <!-- DO NOT EDIT BELOW THIS LINE               -->
    <!-- REMEMBER YOUR PAGE SHOULD NOT CONTAIN ANY -->
    <!-- BODY TAGS, HEAD TAGS, HTML TAGS ONLY TAGS -->
    <!-- THAT WOULD BE FOUND WITHIN THE BODY TAGS  -->
    <!-- ARE ALLOWED                                -->
<?php
display_footer();
?>
#4

I assume no one wants to blindly go through your code looking for some error (which may not even be in the code, might be the environment etc).

So please add something about what’s going on. Preferably including any error message(s).

1 Like
#5

This code looks like something from the 90’s. It is way outdated, insecure and vulnerable to an XSS Attack. You need to do a complete re-write using current coding practices.

1 Like
#6

Thank you. I did start to think a re write would be easier. Asked to do this site but it was written years ago.

Thanks for your reply

#7

I’m with Kevin, this is so useless, rewrite is far more effective use of time.

'Password' => md5(md5($_POST['RandomPassword']))

A great example of what’s wrong with it…