This little script replaces and emails out a new password to a user dumb enough to lose theirs. I have NEVER done this (yeah, right!).
So make your user's lives easier by allowing them to do this, just place a 'lost password' link to a page with this script and thats it. It also flags the account with a temporary password marker that would force the user to change their password when they next log on. Keep that or lose it, its up to you.
//ep.php
/*
resets and mails out a new temp password to the user
*/
session_start();
if (!isset($_SESSION['logged_in'])){
$_SESSION['logged_in'] = "";
}
//declarations
require("conn.php");
require("common.php");
global $err_msg;
$err_msg = "";
//control code
if (isset($_POST['cbSend'])){
mail_password();
}else{
show_form();
}//end if
// mail password function
function mail_password()
{
global $err_msg;
//get the variables from the form
if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){
$email = $_POST['email'];
$mid = $_POST['lg_name'];
$date_cookie = $_COOKIE['last_time'];
}else{
$err_msg = "Please enter both your email address and your username. Thank you.";
show_form();
die();
}//end if
//create the sql and run the query
$sql = "SELECT * FROM users WHERE user_email='$email' and user_name = '$mid'";
$result = connect($sql);
//check the query results
if (mysql_num_rows($result)!=1){
$err_msg = "No results found. Please re-enter your username and email address to try again.";
show_form();
}else{
$row = mysql_fetch_array($result);
$email2 = $row['cust_email'];
$pass = $row['cust_pw'];
//call the change password function and pass it the information related to the record to create the temp password
$new_pass = change_password($mid, $pass);
$sendto = $email2;
$from = "WebMaster ";
$subject = "Forgotten Password";
$message = "Dear $email2,
Your password is $new_pass.
Regards,
Webmaster";
echo $message;
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
$headers .= "X-Priority: 3\n";
$headers .= "X-MSMail-Priority: Normal\n";
$headers .= "X-Mailer: php\n";
$headers .= "From: \"".$from."\" <".$from.">\n";
if (!mail($sendto, $subject, $message, $headers)){
echo "Mail failed to send";
}else{
header("location:confirm1.htm");
}//end if
}//end if
}//end function
// change password function
function change_password($id, $password)
{
//generate a random password
$pass = "";
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
//change the password in the db
$sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'";
$result = connect($sql);
if ($result){
return $pass;
}else{
change_password($id, $password);
}
}//end function
// show_form function
function show_form()
{
global $err_msg;
html_header();
?>