[RELASE] Forget Password Script w mail

~~Hesorio1u~~ · 10/09/2013, 17:54

Dear user's, i'll share small script for your website's who doesn't know how to make Forget password via Mail, here is small tutorial of me.

1. Setuping Mail Server

Video

2. Configuring ini connect to smtp server

3. You can use your localhost smtp server, but also gmail,hotmail, etc.

4. Place your script to your htdocs folder / webhost / www/, www_html /.
with anti injection by javnier123

Quote:

<?php

$CONFIG['host'] = "127.0.0.1"; /Server ip, shud stay 127.0.0.1
$CONFIG['user'] = "sa"; /Mssql username
$CONFIG['pass'] = "rErMorsEth^6sa"; /mssql password

$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);

function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}

if(isset($_GET['action']) && ($_GET['action'] == "forgetpassword")){

$forget = anti_injection($_POST['user']);

$userno = mssql_query("SELECT user_no FROM account.dbo.Tbl_user WHERE user_mail = '".$forget."'");
$usernofetch = mssql_fetch_row($userno);

$username = mssql_query ("SELECT user_id FROM account.dbo.Tbl_user WHERE user_no = '".$usernofetch[0]."'");
$userfetch = mssql_fetch_row($username);

$password = mssql_query("SELECT user_pwd FROM account.dbo.USER_PROFILE WHERE user_no = '".$usernofetch[0]."'");
$passfetch = mssql_fetch_row($password);

if($usernofetch == '0') {
echo "<table class='hovertable' width='96%'>
<tr><td>
<center>
The e-mail doesnt exist in our server, <font color=C35817><a href='javascript:history.back()'> Go Back</a><font>
</center>
</td></tr>
</table>";
} else {

$_SESSION['email'] = $user;

echo "<h3>The password is successfully sended to <br>".$forget."</h3>";

$to = '$forget';
$subject = 'Dekaron - Forgetten Password';
$message = 'here is your account info
Username: $userfetch[0]
Password: $passfetch[0]

If u have any questions please send us to: / enter SMTP server mail
Thank you for playing on our server ~ ';
$headers = 'From: '; / enter SMTP server mail
mail($to, $subject, $message, $headers);

}
}else {
echo'
<form name="" action="'.$_SERVER['php_self'].'?action=forgetpassword" method="post">
Your email <input type="text" class="input" name="user" maxlength="35"><br/>
<br>
<input value="Get Password" type="submit" src="http://www.elitepvpers.com/forum/images/forgetpassword.png">
</form>';
}
?>

}
?>

lifs2000 · 10/12/2013, 12:52

This may be available to SQL Injections the way I see it, you should lose the preg_replace() function and use prepared statements. If not use the mysql_real_escape_string() function.