What I would like to do is have it check against the email and a secure field, which is encrypted into the database. I'm not sure where or how to add the check for the secure field into the below process..
if (isset($_POST['submitPassword']))
{
// check for valid email address
$email = $_POST['remail'];
$pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
if (!preg_match($pattern, trim($email))) {
$error[] = 'Please enter a valid email address';
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST[] = addslashes($_POST['remail']);
}
$usercheck = $_POST['remail'];
$check = mysql_query("SELECT Email FROM Membership WHERE Email = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 == 0) {
$error[] = 'Sorry, we cannot find your account details please try another email address.';
}
// if no errors then carry on
if (!$error) {
$email = $_POST['remail'];
$query = "SELECT PlayerName, Password FROM Membership WHERE Email = '$email' ";
$result = mysql_query($query) or die ('Can\t get requested info because : '. mysql_error());
$Rows = mysql_num_rows($result);
$i = 0;
while ($i < $Rows){
$username = mysql_result($result, $i, "PlayerName");
$password = mysql_result($result, $i, "Password");
//create a new random password
$password = substr(md5(uniqid(rand(),1)),3,10);
$pass = md5($password);
//send email
$to = "$email";
$subject = "Account Details Recovery for site name";
$body = "Hi $username, \n\n you or someone else have requested your account details. \n\n Here is your account information please keep this as you may need this at a later stage. \n\nYour username is $username \n\n your password is $password \n\n Your password has been reset please login and change your password to something more rememberable.\n\n Regards Site Admin \n\n $dir"."admin \n\n";
$additionalheaders = "From: <email@domain.com>\r\n";
$additionalheaders .= "Replt-To: email@domain.com";
if(mail($to, $subject, $body, $additionalheaders)){}
//update database
$sql = "UPDATE Membership SET Password='$pass' WHERE Email = '$email'";
$result2 = mysql_query($sql) or die ('Coult not reset password: '. mysql_error());
$rsent = true;
$i++;}
}// close errors
}// close if form sent
//dispaly any errors
if (!empty($error))
{
$i = 0;
echo "<blockquote>\n";
while ($i < count($error)){
echo "<p><span class=\"warning\">".$error[$i]."</span></p>\n";
$i ++;}
echo "</blockquote>\n";
}// close if empty errors
if ($rsent == true){
echo "<p>You have been sent an email with your account details to $email</p>\n";
} else {
echo "<p>Please enter your e-mail address. You will receive a new password via e-mail.</p>\n";
}
