Hello.
I just wrote a simple code about Forgot Pass problem...
http://evolt.org/PHP-Login-System-with-Admin-Features?from=1150&comments_per_page=50
I ll copy all my code Here.....
CHANGE PASSWORD CONFIRMATION
1)constans.php
2)process.php
change to......
3) in mailer.php add ...
4)in confirmreg.php this is the new page that you have to create....
5) in forgotpass.php ....just add thisbefore...
PLS HELP ME TO MAKE IT PERFECT.....
I just wrote a simple code about Forgot Pass problem...
http://evolt.org/PHP-Login-System-with-Admin-Features?from=1150&comments_per_page=50
I ll copy all my code Here.....
CHANGE PASSWORD CONFIRMATION
1)constans.php
- Code:
define("TBL_USERS_FORGOT", "users_forgot");
2)process.php
change to......
- Code:
function procLogin(){
global $session, $form;
/* Login attempt */
$retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
/* Login successful */
if($retval){
//#### DELETE USER FROM users_forgot IF IS THERE ......
$qdelfromusers_forg="DELETE FROM users_forgot WHERE username='$session->username' "; //////ADDED 3 lines to delete the user from users_forgot
$resultdelfromusers_forg = mysql_query($qdelfromusers_forg) or die("Error in qdelfromusers_forg: ".mysql_error()); //////and to uset SESSION['passinprogress']
unset ($_SESSION['passinprogress']);
header("Location: ".$session->referrer);
}
/* Login failed */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}
- Code:
* procForgotPass - Validates the given username then if
* everything is fine, a new password is generated and
* emailed to the address the user gave on sign up.
*/
function procForgotPass(){
global $database, $session, $mailer, $form;
/* Username error checking */
$subuser = $_POST['user'];
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered<br>");
}
else{
/* Make sure username is in database */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
!eregi("^([0-9a-z])+$", $subuser) ||
(!$database->usernameTaken($subuser))){
$form->setError($field, "* Username does not exist<br>");
}
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
}
/* Generate new password and email it to user */### Insert To users_forgot the RANDOM KEY AN mail user asking for confirmation
else
{
//### GENERATE RANDOM FORGOT_PASS CODE
function randomkeys($length)
{
$pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
for($i=0;$i<$length;$i++)
{
$key .= $pattern{rand(0,35)};
}
return $key;
}
$randcon_forgot = randomkeys(15);
/* Generate new password */
// $newpass = $session->generateRandStr(8);
/* Get email of user */
$usrinf = $database->getUserInfo($subuser);
$email = $usrinf['email'];
//### Check IF User already is in users_forgot
$query_isforgoten = "SELECT * FROM ".TBL_USERS_FORGOT." WHERE username='$subuser'";
$result_isforgoten = mysql_query($query_isforgoten) or die("Error in $query_isforgoten: ".mysql_error());
$nr_isforgoten = @mysql_num_rows( $result_isforgoten );
if($nr_isforgoten>0) //// User is in users_forgot table
{
$_SESSION['passinprogress'] = true;
}
else /////User is not in users_forgot table
{
//### Attempt to send the email with RANDCON_FORGOT
if($mailer->sendconfirmforgot($subuser,$email,$randcon_forgot))
{
/* Email sent, update database */
//### Insert to users_forgot e-mail and $randcon_forgot
mysql_query("INSERT INTO ".TBL_USERS_FORGOT." VALUES ('$subuser' ,'$email', '$randcon_forgot' , now() )")or die (mysql_error());
//echo"query = $q<br>";
//$database->updateUserField($subuser, "password", md5($newpass));
$_SESSION['forgotpass'] = true;
}
/* Email failure, do not change password */
else
{
$_SESSION['forgotpass'] = false;
}
}
}
header("Location: ".$session->referrer);
}
3) in mailer.php add ...
- Code:
//###### SEND CONFIRMATION MAIT TO FORGOT PASS
function sendconfirmforgot($user,$email,$randcon_forgot){
$from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
$subject = "Blablabla - Password Change Confirmation";
$body = $user.",\n\n"
."PLEASE Confirm that you REALY WANT to change your pass "
."by Clicking the link "
."http://www.blablabla.com/index.php?p=loghead&l=confirmreg&randomforgot=".$randcon_forgot." \n\n"
."blablabla.com";
return mail($email,$subject,$body,$from);
}
4)in confirmreg.php this is the new page that you have to create....
- Code:
$randomforgot=$_GET['randomforgot'];
$query = "SELECT * FROM `users_forgot` WHERE `random_forgot` = '$randomforgot'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
$user_forgot=$row['username'];
if (mysql_num_rows($result)==0)
echo " <h1>Change Password Confirmation </h1>
<p><h1>Failed OR Expired !!!</h1></p>
<p>Try to ender again your confirmation link.<p>";
else
{
//// Find users INFOS
/* Generate new password */
$newpass = $session->generateRandStr(8);
/* Get email of user */
$usrinf = $database->getUserInfo($user_forgot);
$email = $usrinf['email'];
/* Attempt to send the email with new password */
if($mailer->sendNewPass($user_forgot,$email,$newpass)){
/* Email sent, update database */
$database->updateUserField($user_forgot, "password", md5($newpass));
//### DELETE From user_forgot the USER
$del_forg_user="DELETE FROM `users_forgot` WHERE username='$user_forgot' ";
$result_del_forg_user = mysql_query($del_forg_user);
unset ($_SESSION['forgotpass']);
unset ($_SESSION['passinprogress']);
echo "<p><h1>Change Password Confirmation Completed !!!</h1></p>
<p>A new Password is sended to your given e-mail addreass</p>
<p>You can Change your new Password to something easier to remeber</p>
<p>by clicking User Edit after you LOG-IN</p>";
}
/* Email failure, do not change password */
else{
$_SESSION['forgotpass'] = false;
}
}
5) in forgotpass.php ....just add thisbefore...
- Code:
if (isset($_SESSION['passinprogress']))////Change Pass in Progress
{
if ($_SESSION['passinprogress'])
{
echo "<h1>Waiting for Confirmation !!!</h1>
<p>Check in your given e-mail for a Confirmation LINK </p>";
}
}
/**
* Forgot Password form has been submitted and no errors
* were found with the form (the username is in the database)
*/
else if(isset($_SESSION['forgotpass'])){ ////////The code as it is.................
PLS HELP ME TO MAKE IT PERFECT.....