Hi guys,
I'm trying to make a system that sends a forgotten password to a certain user.
Now, it works from time to time, but most of the time it don't.
So, I was wondering what the bug could be in this script?
forgotpasswordck.php:
<?php
include "include/session.php";
include "config.php"; // database connection details stored here
//////////////////////////////
$email=$_POST['email'];
// Change the URL below to match your site
$site_url="http://www.plus2net.com/demo/signup/";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 transitional //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Paswoord vergeten</title>
</head>
<body>
<?php
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<br/>";
$status= "NOTOK";}
echo "<br/><br/>";
if($status=="OK"){ $query="SELECT email,userid FROM plus_signup WHERE plus_signup.email = '$email'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { echo "<strong>No Password</strong><br/> Sorry Your address is not there in our database .
You can signup and login to use our site. <br/><br/><a href='signup.php'> Sign UP </a>"; exit;}
/// check if activation is pending /////
$tm=time() - 86400;
if(mysql_num_rows(mysql_query("SELECT userid FROM plus_key WHERE userid = '$row->userid' and time > $tm and status='pending'"))){
echo "<strong>Your password activation Key is already posted to your email address, please check your Email address & bulk mail folder.</strong> ";
exit;
}
/////////////// Let us send the email with key /////////////
/// function to generate random number ///////////////
function random_generator($digits){
srand ((double) microtime() * 10000000);
//Array of alphabets
$input = array ("A", "B", "C", "D", "E","F","G","H","I","J","K","L","M","N","O","P","Q",
"R","S","T","U","V","W","X","Y","Z");
$random_generator="";// Initialize the string to store random numbers
for($i=1;$i<$digits+1;$i++){ // Loop the number of times of required digits
if(rand(1,2) == 1){// to decide the digit should be numeric or alphabet
// Add one random alphabet
$rand_index = array_rand($input);
$random_generator .=$input[$rand_index]; // One char is added
}else{
// Add one numeric digit between 1 and 10
$random_generator .=rand(1,10); // one number is added
} // end of if else
} // end of for loop
return $random_generator;
} // end of function
$key=random_generator(10);
$key=md5($key);
$tm=time();
$rt=mysql_query("insert into plus_key(userid, pkey,time,status) values('$row->userid','$key','$tm','pending')");
echo mysql_error();
$headers4="admin@sitename.com"; ///// Change this address within quotes to your address ///
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;// for html mail un-comment this line
$site_url=$site_url."activepassword.php?ak=$key&userid=$row->userid";
if(mail("$em","Your Request for login details","This is in response to your request for login detailst at site_name \n
\nLogin ID: $row->userid \n To reset your password, please visit this link( or copy and paste this link in your browser window )\n\n
\n\n
$site_url
\n\n
<a href='$site_url'>$site_url</a>
\n\n Thank You \n \n siteadmin","$headers")){echo "<strong>Thank you</strong> <br/>Your password is posted to your email address . Please check your mail after some time. ";}
else{ echo "There is some system problem in sending login details to your address.
Please contact site-admin. <br/><br/>
<input type='button' value='Retry' onClick='history.go(-1)'>";}
}
else {echo "$msg <br/><br/><input type='button' value='Retry' onClick='history.go(-1)'>";}
?>
</body>
</html>
Thank you,
