there it is. maybe you can reset your password
This commit is contained in:
Thies Mueller
parent
99a5cbda77
commit
1dce630341
81
forgotpass.php
Normal file
81
forgotpass.php
Normal file
@ -0,0 +1,81 @@
|
||||
<?php
|
||||
$pdo = new PDO('mysql:host=localhost;dbname=usertable', 'usertable', 'password');
|
||||
|
||||
function random_string() {
|
||||
if(function_exists('random_bytes')) {
|
||||
$bytes = random_bytes(16);
|
||||
$str = bin2hex($bytes);
|
||||
} else if(function_exists('openssl_random_pseudo_bytes')) {
|
||||
$bytes = openssl_random_pseudo_bytes(16);
|
||||
$str = bin2hex($bytes);
|
||||
} else if(function_exists('mcrypt_create_iv')) {
|
||||
$bytes = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
|
||||
$str = bin2hex($bytes);
|
||||
} else {
|
||||
//this should be a unique string. if we use this in prod we should change this.
|
||||
$str = md5(uniqid('thisisnotreallyrandombutthisstringheresomakethislongandmaybewith12345numberskthxbye', true));
|
||||
}
|
||||
return $str;
|
||||
}
|
||||
|
||||
|
||||
$showForm = true;
|
||||
|
||||
if(isset($_GET['send']) ) {
|
||||
if(!isset($_POST['email']) || empty($_POST['email'])) {
|
||||
$error = "<b>Enter your email address</b>";
|
||||
} else {
|
||||
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
|
||||
$result = $statement->execute(array('email' => $_POST['email']));
|
||||
$user = $statement->fetch();
|
||||
|
||||
if($user === false) {
|
||||
$error = "<b>no user found</b>";
|
||||
} else {
|
||||
//check if theres a code already
|
||||
$passwordcode = random_string();
|
||||
$statement = $pdo->prepare("UPDATE users SET passwordcode = :passwordcode, passwordcode_time = NOW() WHERE id = :userid");
|
||||
$result = $statement->execute(array('passwordcode' => sha1($passwordcode), 'userid' => $user['id']));
|
||||
|
||||
$mailrcpt = $user['email'];
|
||||
$mailsubject = "New password for your User";
|
||||
$from = "From: Password Reset Service <resetmypw@invalid.example.com>"; //place a real address if we use this in production
|
||||
$url_passwordcode = 'https://loginpagefoo.td00.de/forgotpass.php?userid='.$user['id'].'&code='.$passwordcode; //this shouldnt be my domain in prod..
|
||||
$text = 'Hallo '.$user['username'].',
|
||||
please use the following URL to change your password in the next 24h:
|
||||
'.$url_passwordcode.'
|
||||
|
||||
If this mail comes unsolicited, please just ignore the mail.
|
||||
|
||||
cheers
|
||||
loginpagefoo script';
|
||||
|
||||
mail($mailrcpt, $mailsubject, $text, $from);
|
||||
|
||||
echo "Link send.";
|
||||
$showForm = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($showForm):
|
||||
?>
|
||||
|
||||
<h1>Forgot Password</h1>
|
||||
Please enter your email so we can send you a link to reset your password.<br><br>
|
||||
|
||||
<?php
|
||||
if(isset($error) && !empty($error)) {
|
||||
echo $error;
|
||||
}
|
||||
?>
|
||||
|
||||
<form action="?send=1" method="post">
|
||||
E-Mail:<br>
|
||||
<input type="email" name="email" value="<?php echo isset($_POST['email']) ? htmlentities($_POST['email']) : ''; ?>"><br>
|
||||
<input type="submit" value="New Password">
|
||||
</form>
|
||||
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
Loading…
x
Reference in New Issue
Block a user