Helo All,
I have a vsro server and the file "lostpassword.php" does not work properly.
the lostpassword working with pin code.
here is the code :
PHP Code:
<?php
if (isset($_SESSION['username'])) {
$sql->redirect("?page=index");
}
if (isset($_POST['submit'])) {
$id = $_POST['ID'];
$Email = $_POST['email'];
$pin = $_POST['pin'];
$pw = md5($_POST['pw']);
if (strlen($id) < 5)
$msg[] = 'ID is shorter than 5 letters !';
if (strlen($pin) < 0)
$msg[] = 'New password is shorter than 0 letters !';
if (strlen($id) > 20)
$msg[] = 'ID is longer than 20 letters !';
if (strlen($pin) > 20)
$msg[] = 'PIN is longer than 20 letters !';
if (!$sql->isValidEmail($Email))
$msg[] = "Email is not valid";
if(!$sql->is_secure($id)) die;
if(!$sql->is_secure($Email)) die;
if(!$sql->is_secure($pin)) die;
if(!$sql->is_secure($pw)) die;
if (count($msg) > 0) {
$error = "";
for ($i = 0; $i < count($msg); $i++) {
$error .= "-$msg[$i]</br>";
}
echo "<dl id='system-message'>
<dt class='error'>Error</dt>
<dd class='error message fade'>
<ul>
$error
</ul>
</dd>
</dl>";
} else {
$query = $sql->Query("SELECT * FROM TB_User WHERE StrUserID='$id'");
$row = $sql->fetcharray($query);
if ($Email != $row['Email'])
$msg1[] = 'Incorrect email';
if ($pin != $row['certificate_num'])
$msg1[] = 'Pin is incorrect !';
if (count($msg1) > 0) {
$error1 = "";
for ($i = 0; $i < count($msg1); $i++) {
$error1 .= "-$msg1[$i]</br>";
}
echo "<dl id='system-message'>
<dt class='error'>Error</dt>
<dd class='error message fade'>
<ul>
$error1
</ul>
</dd>
</dl>";
} else {
$query = $sql->Query("UPDATE TB_User SET password='$pw' WHERE StrUserID='$id'");
if ($query) {
echo "<dl id='system-message'>
<dt class='message'>Message</dt>
<dd class='message message fade'>
<ul>
<li>Your password is sucessfully reset.</li>
</ul>
</dd>
</dl>";
} else {
echo "<dl id='system-message'>
<dt class='error'>Error</dt>
<dd class='error message fade'>
<ul>
<li>An error happened while reseting password,please contant the admin.</li>
</ul>
</dd>
</dl>";
}
}
}
}
?>
<?php
echo '<h2 class="title">Reset Password</h2>';
echo '<div class="content-bg">';
echo '<div class="content-bgtop">';
echo '<div class="content-bgbtm content">';
?>
<center>
<div id="login">
<form action="" method="post" name="login">
<input type="text" name="id" size="50" class="email" placeholder="UserName" />
<br>
<input type="text" name="pin" size="50" class="email" placeholder="PIN" />
<br>
<input type="text" name="email" size="50" class="email" placeholder="Email" />
<br>
<input type="password" name="pw" size="50" class="email" placeholder="New Password" />
<br>
<input type='submit' name='submit' value='Change class='submit'>
</form>
</div>
</center>
<?php
echo '</div>';
echo '</div>';
echo '</div>';
?>
PHP Code:
<?php
session_start();
If (Isset($_SESSION['username'])) {
$sql->redirect("?page=index");
}
if (isset($_POST['submit'])) {
$username = $sql->ms_escape_string($_POST['username']);
$password = $sql->ms_escape_string($_POST['pw1']);
$password2 = $sql->ms_escape_string($_POST['pw2']);
$md5pw = md5($password);
$email = $_POST['email'];
$pin = $sql->ms_escape_string($_POST['pin']);
if (empty($username) || empty($password) || empty($password2) || empty($pin) || empty($email) || $username == "Username" || $password == "Password(1)" || $password2 == "Password(2)" || $email == "Email")
$msg[] = 'WRONG';
if (!$sql->is_secure($username))
$msg[] = 'WRONG';
if (!$sql->is_secure($password) || !$sql->is_secure($password2))
$msg[] = 'WRONG';
if ($password != $password2)
$msg[] = 'WRONG';
$mail = $sql->ms_escape_string($email);
if (strlen($username) > 16)
$msg[] = 'WRONG';
if (strlen($username) < 2)
$msg[] = 'WRONG';
if (strlen($password) > 32)
$msg[] = 'WRONG';
if (strlen($password) < 5)
$msg[] = 'WRONG';
if (strlen($password2) > 32)
$msg[] = 'WRONG';
if (strlen($password2) < 5)
$msg[] = 'WRONG';
if (strlen($email) > 32)
$msg[] = 'WRONG';
if (strlen($email) < 5)
$msg[] = 'WRONG';
if(!is_numeric($pin))
$msg[] = 'WRONG';
if(strlen($pin) < 5)
$msg[] = 'WRONG';
if (!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $mail))
$msg[] = 'WRONG';
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid)
$msg[] = 'WRONG';
if (count($msg) > 0) {
$error = "";
for ($i = 0; $i < count($msg); $i++) {
$error .= "-$msg[$i]</br>";
}
echo "<dl id='system-message'>
<dt class='error'>WRONG</dt>
<dd class='error message fade'>
<ul>
<li>$error</li>
</ul>
</dd>
</dl>";
} else {
if ($sql->rowcount($sql->Query("SELECT * FROM TB_User WHERE StrUserID='$username'")) > 0)
$msg1[] = "Username is already taken";
if ($sql->rowcount($sql->Query("SELECT * FROM TB_User WHERE Email = '$mail'")) > 0)
$msg1[] = "Email is already taken";
if (count($msg1) > 0) {
$error1 = "";
for ($i = 0; $i < count($msg1); $i++) {
$error1 .= "-$msg1[$i]</br>";
}
echo "<dl id='system-message'>
<dt class='error'>WRONG</dt>
<dd class='error message fade'>
<ul>
$error1
</ul>
</dd>
</dl>";
} else {
$query = $sql->Query("INSERT INTO TB_User(StrUserID,password,Email,sec_primary,sec_content,reg_ip,certificate_num) values('$username','$md5pw','$mail',3,3,'$_SERVER[REMOTE_ADDR]','$pin')");
if (!$query) {
echo "<dl id='system-message'>
<dt class='error'>WRONG</dt>
<dd class='error message fade'>
<ul>
<li>An error happened while registering,please contant the admin.</li>
</ul>
</dd>
</dl>";
} else {
echo "<dl id='system-message'>
<dd class='message message fade'>
<ul>
<li>Sucsess !</li>
</ul>
</dd>
</dl>";
}
}
}
}
?>
<?php
echo '<script type="text/javascript">';
echo 'var RecaptchaOptions = {';
echo 'theme : "white"';
echo '}';
echo '</script>';
echo '<h2 class="title">Register</h2>';
echo '<div class="content-bg">';
echo '<div class="content-bgtop">';
echo '<div class="content-bgbtm content">';
?><center>
<div id="login">
<form action="" method="post" name="login">
<input type="text" name="username" size="50" class="email" placeholder="user name" />
<br>
<input type="password" name="pw1" size="50" class="email" placeholder="pass" />
<br>
<input type="password" name="pw2" size="50" class="email" placeholder="pass again" />
<br>
<input type="text" name="email" size="50" class="email" class="email" placeholder="mail"">
<br>
<input type="text" name="pin" size="50" class="email" placeholder="pin code" />
<br>
<?php
echo recaptcha_get_html($publickey);
?>
<Br>
<input type='submit' name='submit' value='submit' class='submit'>
</form>
</div>
<?php
echo '</div>';
echo '</div>';
echo '</div>';
?>
A huge thank you to assistants
