Indie-Resource.com

Were Back!
http://www.indie-resource.com/forums/

Help with forgot_password

http://www.indie-resource.com/forums/viewtopic.php?t=4598

Page 1 of 1

Help with forgot_password

Posted: Fri Mar 16, 2012 8:13 pm
by c4warrior
I bought this script about 3 weeks ago, and have been trying to get them to work. Iv been able to get through the send email stage. But once I click on the email link, and it takes me back to the new password page. I enter the new pass, and then confirm and click submit. Its pulling all 4 if statements, starting with invalid password stoop! then pass changed success then to re enter new pass and confirm then to re-enter what user you are trying to reset. All these screens post with my div behinf them. I cannot figure out why it is happening. I'm definatly a noob, just starting to learn. Could someone show me where I went wrong. Iv changed alot in these, and havent been able to get anything to work. I think it has something to do with the mis placement of "{ }" brackets. And or I need to put elseif statements in. Thank you in advance.

Code: Select all

session_start();
include "config.php";
global $_CONFIG;
define("MONO_ON", 1);
require "class/class_db_{$_CONFIG['driver']}.php";
$db=new database;
$db->configure($_CONFIG['hostname'],
 $_CONFIG['username'],
 $_CONFIG['password'],
 $_CONFIG['database'],
 $_CONFIG['persistent']);
$db->connect();
$c=$db->connection_id;
$set=array();
$settq=$db->query("SELECT * FROM settings");
while($r=$db->fetch_row($settq))
{
$set[$r['conf_name']]=$r['conf_value'];
}

$ips = $db->query("SELECT * FROM `ban_ip` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."'");

if(mysql_num_rows($ips) >= 1){

die("<br /><br /><center><br /><br /><br /><br /><br /><br /><b><font color='red' size='3'>Your IP has been banned from this game!!</font></b></center></body></html>");

}

print <<<EOF
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
 
<head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
  <meta name="description" content=""/>
  <meta name="keywords" content="" />
  <meta name="author" content="" />
 
  <link rel="stylesheet" type="text/css" href="css/login_register.css" media="screen" />
  
 
  <title>{$set['game_name']}</title>
<link rel="icon" type="image/png" href="images/other/Favicon.png">
 
</head>
 
<body>
EOF;
$IP = ($_SERVER['HTTP_X_FORWARDED_FOR'])
    ?  $_SERVER['HTTP_X_FORWARDED_FOR']
    :  $_SERVER['REMOTE_ADDR'];

$year=date('Y');
$ponum2 = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `laston` > unix_timestamp()-15*60 AND `force_logout` = 0"));
$ponum = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `laston` > unix_timestamp()-1440*60 AND `force_logout` = 0"));
$pnum = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `userid` > 0"));

$time = time () ;

 $year= date("Y",$time) . "";

print <<<EOF
    <div id="header" class="row">
            <a href="register.php" class="register"></a>
           
EOF;
if(isset($_POST['new_pass']) AND isset($_POST['passcode']) AND isset($_POST['password']) AND isset($_POST['password2'])):
{

 $_POST['passcode'] = $db->escape($_POST['passcode']);
 $_POST['password'] = $db->escape($_POST['password']);
 $_POST['password2'] = $db->escape($_POST['password2']);

if($_POST['password'] != $_POST['password2']):

     {

      print <<<EOF
            <div id="bot-content"></div>
        <div id="content-container" class= "resetpasspanel">                       
        <h2><font color="#ff0000">Password Reset</h2>Passwords do not match.</font>                       
        </div>
          <div id="footer-container" class="wrap">
   
     </div>             
     </body>
     </html>
EOF;
     };
endif;
 
    
if (strlen($_POST['password']) < 5):
     {

   print <<<EOF
            <div id="bot-content"></div>
        <div id="content-container" class= "resetpasspanel">
        <h2><font color="#ff0000">Password Reset</h2>Password needs to be 5 characters or more.</font>                      
        </div>
         <div id="footer-container" class="wrap">
   
      </div>                      
      </body>
      </html>
EOF;
     };
 endif;

  $valid = $db->query("SELECT * FROM `users` WHERE `password_reset` = '".$_POST['passcode']."'");

     If(!mysql_num_rows($valid)):
     {


       print <<<EOF

             <div id="bot-content"></div>
        <div id="content-container" class= "resetpasspanel">                       
        <h2><font color="#ff0000">Password Reset</h2>Invalid. Stoop! </font>                       
        </div>
         <div id="footer-container" class="wrap">
   
         </div>                                  
      </body>
      </html>
EOF;
     
      }; 
     endif; 
$pass = md5($_POST['password']);

$db->query("UPDATE `users` SET `password` = '".$pass."', `password_reset` = '' WHERE `password_reset` = '".$_POST['passcode']."'");
mysql_query("UPDATE `log_reset_password` SET `result` = 1 WHERE `code` = '".$_POST['passcode']."'");
print <<<EOF

             <div id="bot-content"></div>
               <div id="content-container" class= "resetpasspanel">
              <h2><font color="#ff0000">Password Reset</h2>Password changed succesfully.,</font><br />
               <a href='login.php'><b><font color='brown'>Back</font></b></a>
                </div>
                 <div id="footer-container" class="wrap">
   
  </div>                          
  body>
  </html>
EOF;

 


}
endif;

If(isset($_GET['passcode'])):
{


$_GET['passcode'] = $db->escape($_GET['passcode']);

$valid = $db->query("SELECT * FROM `users` WHERE `password_reset` = '".$_GET['passcode']."'");

       If(!mysql_num_rows($valid)):
      {


         print <<<EOF
            <div id="bot-content"></div>
        <div id="content-container" class= "resetpasspanel">                       
          <h2><font color="#ff0000">Password Reset</h2>Invalid.    </font>                   
        </div>
        <div id="footer-container" class="wrap">
       
   
         </div>
        </body>
       </html>
EOF;


     };

    endif; 



print <<<EOF
            <div id="bot-content"></div>
          <div id="content-container" class= "resetpasspanel">
        <h2><font color="#ff0000">Password Reset</h2>
                   To reset your password, please fill in all the fields then click "Submit".<br />
                   <form method="POST">
                   <input type="hidden" name="passcode" value='$_GET[passcode].' />
                    New Password: <input type="password" name="password" /><br />
                    Confirm Password: <input type="password" name="password2" /><br />
                   <input type="submit" name="new_pass" value="Submit" />
                        </font></form>
              </div>
              <div id="footer-container" class="wrap">
       
   
    </div>
             
    </body>
    </html>
EOF;
    
}
endif;

If(isset($_POST['submit']) AND isset($_POST['user']))
{

$_POST['user'] = $db->escape($_POST['user']);

$check = $db->query("SELECT * FROM `users` WHERE `userid` = '".$_POST['user']."' OR `username` = '".$_POST['user']."' OR `email` = '".$_POST['user']."'");
If(!mysql_num_rows($check)):
{


print <<<EOF
         <div id="bot-content"></div>
            <div id="content-container" class= "resetpasspanel">
            <h2><font color="#ff0000">Password Reset</h2>No such user.</font>
                 <a href='login.php'><b><font color='brown'>Back</font></b></a>
        </div>
        <div id="footer-container" class="wrap">
       
   
</div>
       
</body>
</html>
EOF;

};
endif;


$user = mysql_fetch_assoc($check);

$random_code = "";

$possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";
$maxlength = strlen($possible);

$i = 0;

While($i < 12) {

$char = substr($possible, mt_rand(0, $maxlength-1), 1);

If(!strstr($random_code, $char)) {
$random_code .= $char;

$i++;

}
}

$db->query("UPDATE `users` SET `password_reset` = '".$random_code."' WHERE `userid` = ".$user['userid']);



$subject = "[game name]";

$message = "You have asked to reset your password.
If it was you who asked to get a reset link please visit the link below and follow the instructions. If you have recieved this email and did not ask to have your password reset delete this mail and contact us by using the contact us link on the game and tell us about it. We will then be able to figure out who tried to get your password.

This is the link to visit if you want to reset your password:
http://www.[game name]/reset_password.php?passcode=$random_code



";
$from = "From: **************@*******";
 
mail($user['email'], $subject, $message, $from);

print <<<EOF
            <div id="bot-content"></div>
        <div id="content-container" class= "resetpasspanel">                       
          <h2><font color="#ff0000">Password Reset</h2>Please check your email for a confirmation link.</font><br />
                    <a href='login.php'><b><font color='brown'>Back</font></b></a>                   
        </div>
        <div id="footer-container" class="wrap">
       
   
</div>
</body>
</html>
EOF;

$IP = $db->escape($_SERVER['REMOTE_ADDR']);

$db->query("INSERT INTO `log_reset_password` VALUES('', {$user['userid']}, '{$random_code}', unix_timestamp(), 0, '$IP')");


}else{






print <<<EOF
          <div id="bot-content"></div> 
           
        <div id="content-container" class= "resetpasspanel">                       
          <h2><b><font color="#ff0000">Password Reset</font><b></h2>
                  <form method="POST">
          <b><font color="#ff0000">To reset your password type in your username, email address or userid:</font><b><br /><input type="text" name="user" /><br />
          <input type="submit" name="submit" value="Submit" />
           <b><font color="#ff0000">All attempted password resets are logged.</font><b>
           </form>                       
        </div>

<div id="footer-container" class="wrap">
   
</div>


       
</body>
</html>

EOF;
}

?>

P.S The password never changes after I submit it!

Re: Help with forgot_password

Posted: Sun Mar 18, 2012 6:02 pm
by c4warrior
Anyone have any thoughts or tips? Please help.

Re: Help with forgot_password

Posted: Mon Mar 19, 2012 9:11 pm
by Jackolantern
You bought this script? Is there any support or tutorials to get it working? I ask because there are tons of free scripts and tutorials out there that do what I believe are the same thing. Does it do anything special? It is very long with no comments and it is hard to follow, at least at first glance.

Can you explain the problem you are having again? I couldn't quite understand what you meant.

Re: Help with forgot_password

Posted: Tue Mar 20, 2012 6:10 pm
by c4warrior
Basically, once I get the email with passcode link. I click on that. It takes me to the actual change password screen where you must enter twice the new password, and click submit. After that it should either tell you the passcode was invalid, the passwords do not match, the password must be over 4 characters, or successful. Well its sending all 4. It should only send one of them, whichever if statement is true. No matter what I do all 4 statements come up, if I do it correct or incorrect it doesn't change.

Re: Help with forgot_password

Posted: Fri Mar 30, 2012 7:18 am
by dust1031
i made this same script awhile back ago (but way easier to read) then my computer crashed and i need to code it out again. whenever i feel like coding it out again ill put it in the code section and you can get my version. how much did you pay for that script?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited