This little script replaces and emails out a new password to a user dumb enough to lose theirs. I have NEVER done this (yeah, right!).
So make your user's lives easier by allowing them to do this, just place a 'lost password' link to a page with this script and thats it. It also flags the account with a temporary password marker that would force the user to change their password when they next log on. Keep that or lose it, its up to you.
<?
//ep.php
/*
resets and mails out a new temp password to the user
*/
session_start();
if (!isset($_SESSION['logged_in'])){
$_SESSION['logged_in'] = "";
}
//declarations
require("conn.php");
require("common.php");
global $err_msg;
$err_msg = "";
//control code
if (isset($_POST['cbSend'])){
mail_password();
}else{
show_form();
}//end if
//---------------------------------------------------------------------------------------
// mail password function
//---------------------------------------------------------------------------------------
function mail_password()
{
global $err_msg;
//get the variables from the form
if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){
$email = $_POST['email'];
$mid = $_POST['lg_name'];
$date_cookie = $_COOKIE['last_time'];
}else{
$err_msg = "<b>Please enter both your email address and your username. Thank you.</b>";
show_form();
die();
}//end if
//create the sql and run the query
$sql = "SELECT * FROM users WHERE user_email='$email' and user_name = '$mid'";
$result = connect($sql);
//check the query results
if (mysql_num_rows($result)!=1){
$err_msg = "<font color=red>No results found. Please re-enter your username and email address to try again.</font>";
show_form();
//call the change password function and pass it the information related to the record to create the temp password
$new_pass = change_password($mid, $pass);
if (!mail($sendto, $subject, $message, $headers)){
echo "Mail failed to send";
}else{
header("location:confirm1.htm");
}//end if
}//end if
}//end function
//---------------------------------------------------------------------------------------
// change password function
//---------------------------------------------------------------------------------------
function change_password($id, $password)
{
//generate a random password
$pass = "";
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
//change the password in the db
$sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'";
$result = connect($sql);
if ($result){
return $pass;
}else{
change_password($id, $password);
}
}//end function
//---------------------------------------------------------------------------------------
// show_form function
//---------------------------------------------------------------------------------------
function show_form()
{
global $err_msg;
html_header();
?>
