[release] Reset Lost Password Script

Page 2 of 2

04/30/2011 23:56 ~*Kronic*~#16

Nice release :) I would add some input sanitization though, to easy to hack that script and gain full access to accounts table (no offense as all the sites on here require that).

05/01/2011 00:18 Eurion#17

Since its constantly connected through mysql, you can use mysql's built in mysql_real_escape_string(variable) function. It will sanitize any input that could harm the database.

05/01/2011 00:44 PowerChaos#18

i am not that skilled at mysql/php
i mostly copy/paste the core functions from differend scripts to mix it to a part to do what i need to do (this script is a rebuild of a register script with verification email and a few other scripts where i took the code from)

basicly i wanted to make it with a dual database conection ( single database on website and main database on vps so you can only acces the database from the vps with read acces , is safer then allowing a conection from the web to the vps) but i failt at that part as everyhting that i found doesnt seems to work :'(

anyway
it is atleast a usefull release for some persones , you are free to modifie it for your needs and improve it , but let me know when you want to re release it as it is still my own work :D

Greets From PowerChaos

if you got example codes for me , please send them to me and i will use them in the script (i just need the basic functions and examples) so i know what i can put in it

05/01/2011 01:18 Eurion#19

I've gone through and fixed up the majority of the sanitizing issues. I haven't tested it, but I don't see how it could cause any issues. These are just simple sanitizing functions, if you want to fully secure it, I suggest that you write up your own functions.

If you encounter any problems with this, feel free to post.

newpass.php:

Spoiler

Code:

<?php
	$myhost="localhost";		//server ip
	$myuser="test"; 		//your server login username
	$mypass="test"; 		//your server login password
	$mydb="compose";			//your server my database	
mysql_connect($myhost,$myuser,$mypass);
mysql_select_db($mydb);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>New Password</title>
</head>
 <body>
  <form action="newpass.php" method="post" name="password reset confirm">
    Pass Reset Code: <input type="text" name="code"/>
  <input type="submit" name="confirm" value='Confirm Code' />
  </form>
 
<?php

if(isset($_POST['confirm'])){
$confirm = mysql_real_escape_string($_POST['code']);
$res = mysql_query("select * from passreset where activationkey = '".$confirm."'");
$row = mysql_fetch_assoc($res);
$email = $row['email'];
 								if(mysql_num_rows($res) == 0)
								{
								Echo "Sorry that Confirm code does not exist";
								}else{
								$res2 = mysql_query("select * from account where email = '".$email."'");
								$row2 = mysql_fetch_assoc($res2);
								echo "
<script type=\"text/javascript\" src=\"http://178.32.174.84/md5.js\"></script>								
<form method=\"post\" action=\"newpass.php\">
<TABLE align=\"center\">
<tr><td align=\"center\">email :</tr></td>
<tr><td align=\"center\"><input type=\"hidden\" name=\"email\" value=".$row['email']."><font color='red'>".$row['email']."</font></tr></td>
<tr><td align=\"center\">Login Name:</tr></td>
<tr><td align=\"center\"><input type=\"hidden\" name=\"name\" value=".$row2['name']."><font color='red'>".$row2['name']."</font></tr></td>
<tr><td align=\"center\">New Password:</td></tr>
<tr><td align=\"center\"><input type=\"password\" size=\"20\" name=\"newpas\"/></td></tr>
<tr><td align=\"center\">Retype New Password:</td></tr>
<tr><td align=\"center\"><input type=\"password\" size=\"20\" name=\"renew\"/></td></tr>
<tr><td align=\"center\">
<input type=\"hidden\" name=\"hash\"><input class=Butt type=submit onClick=\"hash.value = login(newpas.value)\" value=\"Change Password\" name=complete>
</td></tr>
</TABLE>
</form>"
									;
							}
}
if(isset($_POST['complete'])){
					$userid = mysql_real_escape_string($_POST['name']);
					$password=mysql_real_escape_string($_POST['curpass']);
					$passretype=mysql_real_escape_string($_POST['repass']);
					$hash=mysql_real_escape_string($_POST['hash']);
					$hash1=mysql_real_escape_string($_POST['hash1']);
					$newpass = mysql_real_escape_string($_POST['newpas']);
					$renewpass = mysql_real_escape_string($_POST['renew']);
					$email = mysql_real_escape_string($_POST['email']);
if($newpass != $renewpass)
					{
						echo "Your New paswords dont match , please complete the process again";
					}
if($userid == "")
					{
						echo "This account does not seems to exist";
					}					
					else{
					$sql = "UPDATE account SET password='$hash' WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());

									echo "Password Changed correctly ";
									mysql_query("DELETE FROM passreset WHERE email = '".$email."'");
									

					}
}				
?>
</body>
</html>

lostpass.php:

Spoiler

Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Lost Password</title>
</head>
 <body>
  <form action="lostpass.php" method="post" name="password reset">
    Email: <input type="text" name="email" maxLength="128"/>
  <input type="submit" name="passreset" value='Lost Password Request' />
  </form>
 
<?php
    $myhost="127.0.0.1";        // server ip
	$myuser="test"; 		//your server login username
	$mypass="test"; 		//your server login password
	$mydb="compose";			//your server account database
mysql_connect($myhost,$myuser,$mypass);
mysql_select_db($mydb);

if (isset($_POST['passreset'])) {

$activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();

$email = mysql_real_escape_string($_POST['email']);
if($email == ""){
die( "email is not valid" );
}
$res = mysql_query("select * from account where email = '".$email."' order by id desc") or die(mysql_error());
								if(mysql_num_rows($res) == 0)
								{
									die("email does not exist , please try again");
								}

								$res2 = mysql_query("select * from passreset where email = '".$email."' order by id desc") or die(mysql_error());
								if(mysql_num_rows($res2) == 0)
								{
									mysql_query("insert into passreset (email,activationkey,date) values ('".$email."', '".$activationKey."','".date("y-m-d H:i:s", time())."')") or die(mysql_error());
									echo "An email has been sent to $_POST[email] with an pass reset key. Please check your mail to continue to change your password.";
								}
								else
								{
									mysql_query("DELETE FROM passreset WHERE email = '".$email."'");
									die( "passreset code is deleted , please submit your email again for a new code");
								}

//Send activation key Email

$to      = mysql_real_escape_string($_POST[email]);

$subject = " DemonPower Password Change Request";

$message = "DemonPower Pass Restore!\r\rYou, or someone using your email address, has lost his password.\rYou can change your password at the following link:\r\rhttp://www.demonpower.com/newpass\r\r Please fill in below code to reset your pass \r\r$activationKey\r\rIf this is an error, ignore this email and report it to us .\r\rRegards,\r DemonPower.com Team";

$headers = 'From: [Only registered and activated users can see links. Click Here To Register...]' . "\r\n" .

    'Reply-To: [Only registered and activated users can see links. Click Here To Register...]' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);
}
?>
</body>
</html>

05/01/2011 01:41 PowerChaos#20

ok , Thank you
i changed a few more things in it that i noticed (in some cases)

i changed the "echo" comamnds to "die" commands to prevent execution of the other commands (what happends in rare cases)

but after looking true the script i founded something where i can not figure out how it comes that it works ( make no sense for me but it works)

Code:

else{
					$sql = "UPDATE account SET password='$hash' WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());

if i understand php good enouf , then $query need to run somewhere or it is not even suposed to be running ? (as it is a variable that get set to the command $query so you can use that command to execute on the place you like )

anyway , thank you for the update
i going edit my first post with this new post and the mirror fix on it

Greets From PowerChaos

05/01/2011 01:47 Eurion#21

Quote:
Originally Posted by PowerChaos
ok , Thank you
i changed a few more things in it that i noticed (in some cases)

i changed the "echo" comamnds to "die" commands to prevent execution of the other commands (what happends in rare cases)

but after looking true the script i founded something where i can not figure out how it comes that it works ( make no sense for me but it works)
Code:
else{
					$sql = "UPDATE account SET password='$hash' WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());
if i understand php good enouf , then $query need to run somewhere or it is not even suposed to be running ? (as it is a variable that get set to the command $query so you can use that command to execute on the place you like )

anyway , thank you for the update
i going edit my first post with this new post and the mirror fix on it

Greets From PowerChaos

The $query variable is what's running the sql. Since you have it defined, it will run even if its not called through an echo or print statement.

Page 2 of 2