Jump to content

Recommended Posts

<?php
session_set_cookie_params(172800);
session_start();
require('core/config.php');
require('core/auth.php');
require('core/system.php');
$auth = new Auth;
$system = new System;

$system->domain = $domain;
$system->db = $db;

if(isset($_POST['reset'])) {
	$email = $_POST['email'];
	$user = $db->query("SELECT id FROM users WHERE email='".$email."'");
	if($user->num_rows >= 1) {
		$pass = substr($auth->hashPassword(time()),0,5);
		$db->query("UPDATE users SET password='".$auth->hashPassword($pass)."' WHERE email='".$email."'");
		//mail($email,'fdsf','fdsfds',$pass,'From: info@email.com','-f info@email.com');
		mail($email,$lang['Password_Reset'],sprintf($lang['Password_Reset_Instructions'],$pass));
		$success = true;
	} else {
		$error = true;	
	}
}
?>
<!DOCTYPE html>
<!--[if IE 8]> <html lang="en" class="ie8"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9"> <![endif]-->
<!--[if !IE]><!--> <html lang="en"> <!--<![endif]-->

<!-- START @HEAD -->
<head>
	<!-- START @META SECTION -->
	<meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
    <title><?=$site_name?> - <?=$lang['Password_Reset']?></title>
    <!--/ END META SECTION -->

    <!-- START @FAVICONS -->
    <link href="<?=$system->getDomain()?>/img/ico/html/apple-touch-icon-144x144-precomposed.png" rel="apple-touch-icon-precomposed" sizes="144x144">
    <link href="<?=$system->getDomain()?>/img/ico/html/apple-touch-icon-114x114-precomposed.png" rel="apple-touch-icon-precomposed" sizes="114x114">
    <link href="<?=$system->getDomain()?>/img/ico/html/apple-touch-icon-72x72-precomposed.png" rel="apple-touch-icon-precomposed" sizes="72x72">
    <link href="<?=$system->getDomain()?>/img/ico/html/apple-touch-icon-57x57-precomposed.png" rel="apple-touch-icon-precomposed">
    <link href="<?=$system->getDomain()?>/img/ico/html/apple-touch-icon.png" rel="shortcut icon">
    <!--/ END FAVICONS -->

    <!-- START @FONT STYLES -->
    <link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700" rel="stylesheet">
    <!--/ END FONT STYLES -->

    <!-- START @GLOBAL MANDATORY STYLES -->
    <link href="<?=$system->getDomain()?>/assets/global/plugins/bower_components/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
    <!--/ END GLOBAL MANDATORY STYLES -->

    <!-- START @PAGE LEVEL STYLES -->
    <link href="<?=$system->getDomain()?>/assets/global/plugins/bower_components/fontawesome/css/font-awesome.min.css" rel="stylesheet">
    <link href="<?=$system->getDomain()?>/assets/global/plugins/bower_components/animate.css/animate.min.css" rel="stylesheet">
    <!--/ END PAGE LEVEL STYLES -->

    <!-- START @THEME STYLES -->
    <link href="<?=$system->getDomain()?>/assets/themes/default/css/reset.css" rel="stylesheet">
    <link href="<?=$system->getDomain()?>/assets/themes/default/css/layout.css" rel="stylesheet">
    <link href="<?=$system->getDomain()?>/assets/themes/default/css/components.css" rel="stylesheet">
    <link href="<?=$system->getDomain()?>/assets/themes/default/css/plugins.css" rel="stylesheet">
    <link href="<?=$system->getDomain()?>/assets/themes/default/css/pages/sign.css" rel="stylesheet">
    <link href="<?=$system->getDomain()?>/assets/themes/default/css/misc.css" rel="stylesheet" id="theme">
    <!--/ END THEME STYLES -->

    <!-- START @IE SUPPORT -->
    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
        <!--[if lt IE 9]>
        <script src="assets/global/plugins/bower_components/html5shiv/dist/html5shiv.min.js"></script>
        <script src="assets/global/plugins/bower_components/respond-minmax/dest/respond.min.js"></script>
        <![endif]-->
        <!--/ END IE SUPPORT -->
    </head>
    <!--/ END HEAD -->

    <body class="page-sound">

        <!--[if lt IE 9]>
        <p class="upgrade-browser">Upps!! You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/" target="_blank">upgrade your browser</a> to improve your experience.</p>
        <![endif]-->

        <!-- START @SIGN WRAPPER -->
        <div id="sign-wrapper">

        	<!-- Brand -->
        	<div class="brand">
        		<img src="<?=$system->getDomain()?>/img/logo.png"/>
        	</div>
        	<!--/ Brand -->

        	<!-- Login form -->
        	<form class="sign-in form-horizontal shadow rounded no-overflow" action="" method="post">
        		<div class="sign-header">
        			<div class="form-group">
        				<div class="sign-text">
        					<span><?=$lang['Password_Reset']?></span>
        				</div>
        			</div><!-- /.form-group -->
        		</div><!-- /.sign-header -->
        		<div class="sign-body">
        			<?php if(isset($success)) { ?> <div class="alert alert-success" style="border-radius:0px;"> <i class="fa fa-check-circle fa-fw"></i> Successfully sent password reset instructions to <?=$email?>  </div> <?php } ?>
        			<?php if(isset($error)) { ?> <div class="alert alert-danger" style="border-radius:0px;"> <i class="fa fa-warning fa-fw"></i> User doesn't exist </div> <?php } ?>
        			<div class="form-group">
        				<div class="input-group input-group-lg rounded no-overflow">
        					<input type="email" name="email" class="form-control input-sm" placeholder="Email" value="<?=$email?>">
        					<span class="input-group-addon"><i class="fa fa-envelope"></i></span>
        				</div>
        			</div><!-- /.form-group -->
        		</div><!-- /.sign-body -->
        		<div class="sign-footer">
        			<div class="form-group">
        				<button type="submit" name="reset" class="btn btn-theme btn-lg btn-block no-margin rounded" id="login-btn"><?=$lang['Reset']?></button>
        			</div><!-- /.form-group -->
        		</div><!-- /.sign-footer -->
        	</form><!-- /.form-horizontal -->
        	<!--/ Login form -->

        </div><!-- /#sign-wrapper -->
        <!--/ END SIGN WRAPPER -->

        <!-- START JAVASCRIPT SECTION (Load javascripts at bottom to reduce load time) -->
        <!-- START @CORE PLUGINS -->
        <script src="<?=$system->getDomain()?>/assets/global/plugins/bower_components/jquery/dist/jquery.min.js"></script>
        <script src="<?=$system->getDomain()?>/assets/global/plugins/bower_components/jquery-cookie/jquery.cookie.js"></script>
        <script src="<?=$system->getDomain()?>/assets/global/plugins/bower_components/bootstrap/dist/js/bootstrap.min.js"></script>
        <script src="<?=$system->getDomain()?>/assets/global/plugins/bower_components/jquery-easing-original/jquery.easing.1.3.min.js"></script>
        <!--/ END CORE PLUGINS -->
        <!--/ END JAVASCRIPT SECTION -->

    </body>
    <!-- END BODY -->

    </html>
<!-- Localized -->

I need to turned the mail() into something that is friendly with phpmailer Ive been trying for days before i tried to ask for help and im not sure why but it won't work.

Edited by icanhashelp
Link to comment
https://forums.phpfreaks.com/topic/302212-trying-to-make-this-work-with-phpmailer/
Share on other sites

I took the phpmailer code out because the page wasn't loading.I turned on error logging it left no log.

I bought a script and the messaging isn't working correctly and the person who made it refuses to fix it so now I'm left to do it my self.

 

Currently how it works is it sends emails from the server domain not the email that's set so im currently trying to use phpmailer to stop it from sharing it from the shared host address.

63ec94231148eeaaeaa9ad0960f82b9d.png

Edited by icanhashelp

You have bigger problems than your mail stuff.

 

Not only is the code wide open to SQL injections. You also allow anybody to reset the password for any account, and that new password is the current time(!). WTF is this?

The code isn't my own code I'm currently trying to fix the code

So the first thing you should have done is to turn error checking on and leave it on while you are working on this. Then you should be doing what Jacques suggests and get rid of the poor coding techniques with the user input fields. And then show us a better attempt at using the mail() function. Please read the manual and fix what you are doing wrong there. (Hint: you need a header that is not the password value or whatever is in $pass)

Edited by ginerjm

The mail function requires a 'from' specification. Since you aren't doing it in the call, are you sure that you have a valid from email in your php.ini file?

 

And BTW - what doesn't work actually? Just the mail never shows up?

So? Do you want to fix it now or what? Start doing something. Jacques1 has told you what to look at; I have told you what to read and learn about. Start doing some coding and let's makge some progress.

 

When you post code again please try to limit to what is pertinent. All that html you posted is meaningless to us. The form portion is all we really need in order to connect the dots to the php code. That and the php code (including the top portion with your error checking code) are all we need.

Whoever wrote the code: This is unacceptable, and it's your responsibilty to stop it. You're putting all users, all data and the server at risk.

 

And if this is used for any kind of professional activity, we're talking about legal trouble as well.

I have brought the information to the developer and themeforest who is currently letting the developer sell this script.

I have been ignored on all front's that i have done to try and get this fixed there is currently 995 sales for this software.

Is there a section on this site that i can pay to have this page fixed?

You brought it to the developer? And he is not fixing it? And just what is a 'themeforest'?

You said that this script was not live anywhere but now you say you have pending sales of it?

 

Are you not a programmer? Not a PHP programmer? Why are you involved if you are not jumping in to fix it?

Themeforest is a site that sells script and templates im not the owner of the script i just purchased it. My level of php is noob level at best but if i find the documentation i can normally correct it using google.

That's why i asked for help making the phpmailer friendly i followed many guides on google which all failed prop do to my lack of understanding.

 

Thats also why i asked if there was a section here to find someone who can fix it or at least point me in the right direction.

Is there a section on this site that i can pay to have this page fixed?

 

We have the jobs section, but I wouldn't expect too much of it. Paying a competent programmer to repair the entire application may very well cost more than the code itself.

 

I would generally stay away from those code marketplaces. It's very common for people to get ripped off, because the coders are often clueless and won't be held accountable for their mistakes.

 

There are three more realistic routes:

  • Use mainstream software (preferrable open-source); CMS like Drupal, Joomla or WordPress can cover many use cases
  • Hire a real, actual programmer; this will be very expensive
  • Learn to program yourself; this will be very time-consuming

You have no knowledge of PHP yet you are in charge of purchasing PHP scripts? Seems odd. Hope you didn't pay too much.

One: In charge of purchasing scripts, what the hell does that even mean lmao.

No one put me in charge i was just checking out the script and seeing if i could fix it after i found some problems with it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.