[php+mysql] password recovery via mail

C

Costas

Administrator
Staff member
login_forgot.php
JavaScript: 
//login_forgot.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />

<link href="assets/bootstrap.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Roboto:400,300,700&subset=latin,greek' rel='stylesheet' type='text/css']

<script type='text/javascript' src='assets/jquery-1.11.0.min.js']</script>
</head>
<body>
<div class="container-fluid">
	<div class="row" style="overflow: auto;background-color: #af156b;border-bottom:2px #eee solid">
		<div class="container" style="padding-top: 3px;">
			[img]assets/img/facebook.png[/img]
			[img]assets/img/google.png[/img]
			[img]assets/img/in.png[/img]
			[img]assets/img/twitter.png[/img]
			[img]assets/img/youtube.png[/img]
		</div>
	</div>
</div><br/><br/>
	
	<div class="container">

<?php
@session_start();

include('config.php');

$db=connect();
	
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
	$boundary = urlencode(uniqid(rand(), true));
	$user_mail = mysql_escape_string($_POST["email"]);
	
	$member_id=getScalar($db, "select member_id from members where email=?",array($user_mail));
	
	if ($member_id)
	{
		$id=intval($member_id);
		
		if ($id>0)
		{
			executeSQL($db, "update members set password_recovery_key=? where member_id=?",array($boundary, $member_id));

			$user_mail="x@x.com";
			if (sendMail($user_mail,"PipisCrew Password Reset","<a href='http://www.x.com/login_forgot.php?l=".$boundary."&action=reset' target='_bl']Click here to reset your password</a>"))
			{	echo "<div class='alert alert-success']An email sent to {$user_mail}</div>";
				exit;
			}
			else
				echo "<div class='alert alert-danger']An error occured when tried to send an email to {$user_mail}, please try again</div>" ;
		}
	}
	else 
		echo "<br/><div class='alert alert-danger']Could not find any user with email {$user_mail}, please try again!</div><br/>" ;
} elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
	
	if (isset($_GET["l"]) && !empty($_GET["l"]) && isset($_GET["action"]) && !empty($_GET["action"]))
	{
		if (!getScalar($db, "select member_id from members where password_recovery_key=?",array($_GET["l"])))
		{
			unset($_SESSION["pass_boundary"]); //if any?
			
			die("<div class='container']<div class='alert alert-danger']An error occured! 0x3s45</div></div>");
		}


	$_SESSION["pass_boundary"] = $_GET["l"];	
	?>

		<form id="form_forgot" method="post" action="login_reset.php" onsubmit="if (document.getElementsByName('password1')[0].value != document.getElementsByName('password2')[0].value) alert('password fields not match'); return document.getElementsByName('password1')[0].value == document.getElementsByName('password2')[0].value;">
		
				<div class="form-group">
					<label>Enter new password :</label>
					<input name="password1" maxlength="60" type="text" class="form-control" placeholder="password" required>
				</div>
				
				<div class="form-group">
					<label>Re-type new password :</label>
					<input name="password2" maxlength="60" type="text" class="form-control" placeholder="Re-type new password" required>
				</div>
				
				<center><button class="btn btn-primary btn-sm" type="submit">Save new password</button></center>
		</form>
	
				
<?php
	exit;}
}

function sendMail($recipient_mail, $subject, $body)
{
	$headers = "From: report@x.com\r\n";
	$headers .= "MIME-Version: 1.0\r\n";
	$headers .= "Content-Type: text/html; charset=utf-8\r\n";
	
	$message = '<html><body>';
	$message .= $body;
	$message .= '</body></html>';

	// line with trick - http://www.xpertdeveloper.com/2013/05/set-unicode-character-in-email-subject-php/
	$updated_subject = "=?UTF-8?B?" . base64_encode($subject) . "?=";

    if (mail($recipient_mail, $updated_subject, $message, $headers)) {
      return true;
    } else {
      return false;
    }
}
?>
    
		<form id="form_forgot" method="post">
		
				<div class="form-group">
					<label>Email :</label>
					<input name="email" maxlength="100" type="email" class="form-control" placeholder="Email" required>
				</div>
				
				<center><button class="btn btn-primary btn-sm" type="submit">Send Password Reset</button></center>
		</form>
	</div>
</body>
</html>

login_reset.php
JavaScript: 
//login_reset.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />

<link href="assets/bootstrap.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Roboto:400,300,700&subset=latin,greek' rel='stylesheet' type='text/css']

<script type='text/javascript' src='assets/jquery-1.11.0.min.js']</script>
</head>
<body>
<div class="container-fluid">
	<div class="row" style="overflow: auto;background-color: #af156b;border-bottom:2px #5d5d5d solid">
		<div class="container" style="padding-top: 3px;">
			[img]assets/img/facebook.png[/img]
			[img]assets/img/google.png[/img]
			[img]assets/img/in.png[/img]
			[img]assets/img/twitter.png[/img]
			[img]assets/img/youtube.png[/img]
		</div>
	</div>
</div><br/><br/>

	<div class="container">
	
<?php
@session_start();

if (!isset($_SESSION["pass_boundary"]) || !isset($_POST["password1"])  || !isset($_POST["password2"])) {
	header("Location: index.php");
	exit ;
}

include('config.php');

$db=connect();

$boundary=$_SESSION["pass_boundary"];

$member_id=getScalar($db, "select member_id from members where password_recovery_key=?",array($boundary));

if($member_id){
	$password_string = md5(mysql_escape_string($_POST["password1"]));
	
	executeSQL($db, "update members set password=?, password_recovery_key=null where member_id=?",array($password_string , $member_id));
	
	echo "<div class='container']<div class='alert alert-success']The password changed! Please try to login now!</div></div>";
}
else 
	echo "<br/><div class='container']<div class='alert alert-danger']Could not find the user defined!, please try again!</div></div><br/>" ;
	
 unset($_SESSION["pass_boundary"]);
?>
</div>
</body>
</html>
 
 
JavaScript: 
CREATE TABLE members (
  member_id int(11) NOT NULL AUTO_INCREMENT,
  email varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
  password varchar(60) COLLATE utf8_unicode_ci DEFAULT NULL,
  password_recovery_key varchar(35) CHARACTER SET utf8 DEFAULT '',
  PRIMARY KEY (member_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
You must log in or register to reply here.
Top