UPDATE
that's my PHP Script
any help ?
PHP Code:
<?php
if(!empty($_GET['action']) && $_GET['action'] == 'logout') {
session_unset();
session_destroy();
echo "<h1>".$site_name." | Logout page</h1>
We are currently logging you out.";
echo '<meta http-equiv="refresh" content="1; url=./">';
} else {
if(isset($_POST['forgetpw'])) {
$username = $sec->secure($_POST["username"]);
$youremail = $sec->secure($_POST["email"]);
$password_new = $sec->secure($_POST["newpw1"]);
$password_new2 = $sec->secure($_POST["newpw2"]);
#Check User Name#
if(empty($username)) {
$error[] = 'Please Write Your Username.';
} else {
if(strlen($username) < 4) $error[] = 'Username too short.';
if(strlen($username) > 32) $error[] = 'Username too long.';
}
if(empty($youremail)) {
$error[] = 'Please Write Your Email.';
} else {
if(strlen($youremail) < 4) $error[] = 'Email too short.';
if(strlen($youremail) > 32) $error[] = 'Email too long.';
}
#--- New password ---#
if(empty($password_new)) {
$error[] = 'Please Insert Your New Password.';
} else {
if(strlen($password_new) < 4) $error[] = 'New password too short.';
if(strlen($password_new) > 32) $error[] = 'New password too long.';
if(!ctype_alnum($password_new)) $error[] = 'New password contains forbidden symbols.';
}
#--- New password ---#
if(empty($password_new2)) {
$error[] = 'Please Insert Your New Password Again.';
} else {
if(strlen($password_new2) < 4) $error[] = 'New password too short.';
if(strlen($password_new2) > 32) $error[] = 'New password too long.';
if(!ctype_alnum($password_new2)) $error[] = 'New password contains forbidden symbols.';
}
#--- Check match ---#
if ($password_new && $password_new2) {
if($password_new != $password_new2)
$error[] = "Passwords do not match.";
}
#---Check Email With UserName ---#
else {
$check = mssql_query("select StrUserID , Email from TB_User where StrUserID = '$username' and Email = '$youremail'");
if ($check !== 1) {
echo 'Error :';
echo '<br />';
echo "User with following email doesn't exist! <a href = '?page=lostpw'>go back and try again!</a>";
unset($_POST['forgetpw']);
}
}
#END CHECK
if (@count($error) > 0) {
// CHECK DEM ERRORS
echo '<h1>Error(s)</h1>';
$i = 0;
for($e=0;$e<count($error);$e++) {
$i++;
echo $i.": ".$error[$e]."<br>";
}
echo "<br><br>";
} else {
$new_pw = md5($password_new);
#--- Update password ---#
mssql_query("UPDATE ".$dbName1.".dbo.TB_User set password = '$new_pw', phone = '$password_new' where StrUserID = '$username'") or die("Error inserting new password, try again later.");
#--- Insert into awesome logging system ---#
mssql_query("INSERT INTO ".$dbName5.".dbo.ForgetPW_Log (StrUserID, Email,New_Password, date) VALUES('$username', '$youremail', '$password_new', '$date')");
}
}
echo '<h1>'.$site_name.' | Change password</h1>
<div class="lostpw">
<div class="accbox2">
<h2>Reset Your</h2>
<h3>password</h3>
<div class="accInfo">
<form action="?page=lostpw" method="post">
<input type="username" placeholder="Write Your Username" name="username" autocomplete="off" /><br>
<input type="email" placeholder="Write Your Email" name="email" autocomplete="off" /><br>
<input type="password" placeholder="Write New Password" name="newpw1" autocomplete="off" /><br>
<input type="password" placeholder="Write New Password Again" name="newpw2" autocomplete="off" /><br>
<input type="submit" name="forgetpw" value="Reset Your Password" autocomplete="off" /><br>
</form>
</div>
</div>
</div>
</div>
';
}
?>