Jump to content

Setting new password


krymly

Recommended Posts

Ok, basicly I am using a php site with scripts from a third party. There is one thing not working like its supposed to be.

This is the full script of the page where I think the mistake is:

<?php
/**
* Copyright (c) 2006, 2007
*
* Florian Schreier. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. The names of its contributors may never be used to endorse or promote
* products derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* @author tomilo <tomilo@gmx.net>
* @author waRhawK <whk@gmx.de>
* @package trooptool
* @subpackage rtwwmod
*/
require_once "config.php";

  if (isset($_POST['action']) AND ($_POST['action'] == text('pw_submit')) AND !empty($_POST['lostpw_name'])) {
  	//---neues Passwort erstellen!
  	$sql="SELECT
  	        name,
  	        email
  	      FROM
  	        ".PREFIX."spieler
  	      WHERE
  	        name = '".$_POST['lostpw_name']."'";
  	$result = mysql_query($sql) OR die(mysql_error());
  	$row = mysql_fetch_assoc($result);
  	if ($row['email'] == $_POST['lostpw_email']) { //wenn email gleich, generiere neues Passwort
  		//Zufallsgenerator für neues Passwort
  		$zeichen="abcdefghijlmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
  		$passwort="";
  		mt_srand((double)microtime()*1000000);
  		for ($i=0; $i<8; $i++) {
  			$passwort .= $zeichen{mt_rand(0,(mb_strlen($zeichen)-1))};
  		}

  		//speichert neues Passwort in die Datenbank
  		$sql="UPDATE
  		        ".PREFIX."spieler
  		      SET
  		        pass = '".md5($passwort)."'
  		      WHERE
  		        name = '".$_POST['lostpw_name']."'";
  		mysql_query($sql) OR die(mysql_error());

  		//versendet neues Passwort an den Spieler
  		$headers = "From:".$row['email']."\n";
	$headers .= 'X-Mailer: PHP/' . phpversion() . "\n";
	$headers .= 'X-Sender-IP: ' . $REMOTE_ADDR . "\n";
	$headers .= "Content-type: text\n";

	$subject="Truppentool: New Password";

	$message="Hello ".$_POST['lostpw_name']."\n
a new password has been generated for you:\n
".$passwort."\n
you can log in with this password.";

        mail($row['email'], $subject, $message, $headers);

        //erfolgreich
        $fehler = "The new pasword will be mailed to you in a short time.";
  	} else { //wenn emails nicht gleich, Fehlermeldung ausgeben
  		$fehler = "Your E-Mail did not match, please give the mail provided with the registration.";
  	}
  }

write_header(text('login_header'));
?>

<div class="oben"><?php include "oben.php"; ?></div>
<div class="menu"><?php include "menu2.php"; ?></div>
<div class="mitte2">

<?php
  if(isset($_GET['action']) AND $_GET['action']=="lostpw") {
?>
        <form action="index.php?action=lostpw" method="post" accept-charset="utf-8">
            <table class="itable" cellpadding="2" cellspacing="1" width="500">
                <tr>
                    <td colspan="4" class="header1"><?php echo text('pw_header')?></td>
                </tr>
                <tr>
                    <td colspan="4" class="header2"><?php echo text('pw_text')?></td>
                </tr>
                <tr>
                    <td class="zeile2"><nobr><label class="fieldLabel"><?php echo text('pw_name')?></label></nobr></td>
                    <td><input class="ibox f100" type="text" name="lostpw_name"></td>
                    <td class="zeile2"><nobr><label class="fieldLabel"><?php echo text('pw_email')?></label></nobr></td>
                    <td><input class="ibox f200" type="text" name="lostpw_email"></td>
                </tr>
                <tr>
                    <td colspan="4"><input class="submit" type="submit" name="action" value="<?php echo text('pw_submit')?>"></td>
                </tr>
            </table>
        </form>
<?php
  } else {
?>
        <form action="index.php" method="post" accept-charset="utf-8">
            <table class="itable" cellpadding="2" cellspacing="1">
                <tr>
                    <td colspan="2" class="header1"><?php echo text('login_header')?></td>
                </tr>
                <tr>
                    <td class="zeile2" width="100"><label class="fieldLabel"><?php echo text('login_name')?></label></td>
                    <td><input class="ibox f100" type="text" name="name"></td>
                </tr>
                <tr>
                    <td class="zeile2" width="100"><label class="fieldLabel"><?php echo text('login_pass')?></label></td>
                    <td><input class="ibox f100" type="password" name="pass"></td>
                </tr>
                <tr>
                    <td colspan="2"><input class="submit" type="submit" value="<?php echo text('login_submit')?>"></td>
                </tr>
            </table>
        </form>
<?php
  }
  if (isset($fehler)) {
?>
<div style="border:solid 1px #C0C0C0; width:400px; text-align:center;"><?php echo $fehler?></div>
<?php
  }
?>
</div>

</body>
</html>

The main problem is that it does not actualy mail a new password, an pre made example of the site I host my site to mail is:

<?
$from = “From: You <you@yourdomain.com>”;
$to = “you@yourdomain.com”;
$subject = “Hi! “;
$body = “TEST”;

if(mail($to,$subject,$body,$from))
echo “MAIL - OK”;
else
echo “MAIL FAILED”;
?>

 

However if the code for mailing a new password is so troublesome there would also be another possible sollution, and that is where the password is set to a non random one (but still one only I know and I can set it to whatever password i want it to be)

 

So to summorise my request:

either to help me find a code to get the automatic mailing system work with a mailaddress from the site or to give it the abilaty to set a standard password that only I know and I can change in the code if I feel like it.

 

I would be gratefull for any possible help.

 

Thanks in advance,

Krymly

Link to comment
Share on other sites

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.