i have this script to reset a user password after he types his email add. it seems to work since i receive an email that my password was set with a new password and looking at the sql database, it was changed but i still cannot login, what could be the problem with this script?
$email = $HTTP_POST_VARS['email'];
$sql_check = mysql_query("SELECT username FROM users
WHERE email='$email'");
$sql_check_num = mysql_num_rows($sql_check);
if($sql_check_num == '0'){
echo "No records found matching your email address. Go back and retry.<br/>";
exit();
}
?>
<?
mt_srand((double)microtime() * 1000000);
$charlist = "qwertyuiopasdfghjklzxcvbnm1234567890";
$newpass = '';
$max = strlen($charlist) - 1;
for ($i = 0; $i < 10; $i++) {
$randnum = mt_rand(0, $max);
$newpass .= $charlist{$randnum};
}
$newpass2= md5($newpass);
$sql = "UPDATE users SET
password='$newpass2'
WHERE email='$email'";
if ($result = mysql_query($sql)) {
$femail= 'me <me@me.org>';
$temail= $email;
$message="Hi there, as requested please find your new password below:\n\nPassword: $newpass\n\nPlease login and change your pass immediately";
if(mail($temail,":: Password Reminder ::",$message,"From: $femail\n")) {
echo "We have sent an email including your new pass to $email";
} else {
echo "Sorry, there was a problem sending your reminder. Please try again letter or contact an admin.";
}
