lost password script
Posted: Fri Oct 28, 2005 11:05 pm
hi. i have a strange problem with my lost password script. it is suppose to ask the user to input their email add, then the script randomly produces a new password and send them an email. it seems to work fine because when i input the email, i receive the note and the email with the new password. looking at the database via phpMyAdmin i noticed that the password was actually changed, but when i try to login with the new password, i could not. what could be worng?
Code: Select all
<?
//check if username and email exists
$email = $HTTP_POST_VARS['email'];
$sql_check = mysql_query("SELECT username FROM users
WHERE email='$email'");
$sql_check_num = mysql_num_rows($sql_check);
if($sql_check_num == '0'){
echo "No records found matching your email address. Go back and retry.<br/>";
exit();
}
?>
<?
mt_srand((double)microtime() * 1000000);
$charlist = "qwertyuiopasdfghjklzxcvbnm1234567890";
$newpass = '';
$max = strlen($charlist) - 1;
for ($i = 0; $i < 10; $i++) {
$randnum = mt_rand(0, $max);
$newpass .= $charlist{$randnum};
}
$newpass2= md5($newpass);
$sql = "UPDATE users SET
password='$newpass2'
WHERE email='$email'";
if ($result = mysql_query($sql)) {
$femail= 'me <me@mydomain.org>';
$temail= $email;
$message="Hi there, as requested please find your new password below:\n\nPassword: $newpass\n\nPlease login and change your pass immediately";
if(mail($temail,":: Password Reminder ::",$message,"From: $femail\n")) {
echo "We have sent an email including your new pass to $email";
} else {
echo "Sorry, there was a problem sending your reminder. Please try again letter or contact an admin.";
}
}
?>