reset password

Beginners - Learning PHP
#1

$dbhandle = mssql_connect("$myServer", “$myUser”, “$myPass”)or die(“cannot connect to server”);
$selected = mssql_select_db($myDB, $dbhandle)or die(“cannot select DB”);
/**

  • ShuttleCMS - A basic CMS coded in PHP.
  • Password Reset - Used for allowing a user to reset password
  • @author Dan [email protected]
  • @version 0.0.1
  • @package ShuttleCMS
    */
    define(‘IN_SCRIPT’, true);
    // Start a session
    session_start();

//Connect to the mssql Database
//this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info
//use error(‘foobar’);
function error($msg) {
?>







<?
exit;
}

//This functions checks and makes sure the email address that is being added to database is valid in format.
function check_email_address($email) {
// First, we check that there’s one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&’*+/=?^_{|}~-][A-Za-z0-9!#$%&'*+/=?^_{|}~.-]{0,63})|("[^(\|")]{0,62}"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^[?[0-9.]+]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}

if (isset($_POST[‘submit’])) {

if ($_POST['email_to']=='') {
	error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
	$email_to = htmlspecialchars(stripslashes($_POST['email_to']));
} 
else {
	$email_to = htmlspecialchars($_POST['email_to']);
}
//Make sure it's a valid email address, last thing we want is some sort of exploit!
if (!check_email_address($_POST['email_to'])) {
	error('Email Not Valid - Must be in format of [email protected]');
}
// Lets see if the email exists
$sql = "SELECT COUNT(*) FROM evtb_users WHERE email = '$email_to'";
$result = mssql_query($sql)or die('Could not find member: ');
if (!mssql_result($result,0,0)>0) {
    error('Email Not Found!');
}

//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, 8);

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

    // Make a safe query

$query = sprintf(“UPDATE evtb_users SET passwd = ‘%s’
WHERE email = ‘$email_to’”, addslashes($newpassword));
$result1 = mssql_query($query);

//Email out the infromation
$subject = “your password”;
$message = "your new password is:

Password: ‘$emailpassword’

cant get reset on server please help :slight_smile:

Sponsor our Newsletter | Privacy Policy | Terms of Service