reset password function:
Code: Select all
/**
* changes the users password
* @param $username username to check
* @param $email user email tied to user
* @return true if login is successful otherwise false
*/
public function resetPassword($username, $email)
{
// prepare the sql statement
$statement = $this->db->prepare('SELECT salt FROM ' . TABLE_USERS . ' WHERE USERNAME = ? AND EMAIL = ? LIMIT 1');
// bing the variables
$statement->bind_param('ss', $username, $email);
// if the statement executed successfully
if ($statement->execute())
{
// get the number of results
$statement->bind_result($resultsalt);
// fetch the results
$statement->fetch();
echo $resultsalt . "<br />";
// if a result exists
if($resultsalt)
{
// generate a new password
$password = $this->generateRandomPassword(10);
echo $password . "<br />";
// hash the password using the stored hash
$passwordhash = $this->generateHash($password, $resultsalt);
echo $passwordhash . "<br />";
// prepare the sql statement to change the password
$statement = $this->db->prepare('UPDATE ' . TABLE_USERS . ' SET PASSWORD = ? WHERE USERNAME = ? AND EMAIL = ? LIMIT 1');
// bing the variables
$statement->bind_param('sss', $passwordhash, $username, $email);
// if the statement executed successfully
if ($statement->execute())
{
// get the number of results
$statement->bind_result($result);
// fetch the results
$statement->fetch();
// if a result exists
if($result)
{
echo "New Password: " . $password . "<br />";
}
// return success
return true;
}
else
{
// second sql statement didn't execute so return false
return false;
}
}
else
{
// the query was successful but the info was incorrect so return true
return true;
}
}
else
{
// first sql statement didn't execute so return false
return false;
}
}
Code: Select all
<?php
// disable display or error messages and log them instead
ini_set('error_reporting', E_ALL | E_STRICT);
ini_set('display_errors', 'Off');
ini_set('log_errors', 'On');
ini_set('error_log', '/logs/error_log');
// include smarty library
require('libs/Smarty.class.php');
// include database library
require_once('libs/Database.class.php');
// include user library
require_once('libs/User.class.php');
// create instance of smarty library
$smarty = new Smarty();
// set content header
header("Content-Type: " . USER_CONTENT_TYPE);
// if the form wasn't submited
if(!isset($_POST["submit"]))
{
// display it
$smarty->display('forgotpassword.tpl');
}
// otherwise the form was submitted
else
{
// if the username is empty
if(empty($_POST["username"]))
{
// so display an error stating the username is empty
$smarty->assign('error', 'username is empty');
// and display it
$smarty->display('error.tpl');
// and terminate
exit;
}
// if the username is too short or too big
elseif(strlen($_POST["username"]) < 4 || strlen($_POST["username"]) > 16)
{
// so display an error stating the username is empty
$smarty->assign('error', 'username must be 4-16 characters long');
// and display it
$smarty->display('error.tpl');
// and terminate
exit;
}
// otherwise the username is filled in
else
{
// so sanitize it
$username = $_POST["username"];
}
// if the email is empty
if(empty($_POST["email"]))
{
// so display an error stating the password is empty
$smarty->assign('error', 'email is empty');
// and display it
$smarty->display('error.tpl');
// and terminate
exit;
}
// if the email is invalid
elseif(!preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/', $_POST["email"]))
{
// so display an error stating the email is invalid
$smarty->assign('error', 'the email address you entered is invalid');
// and display it
$smarty->display('error.tpl');
// and terminate
exit;
}
// otherwise the email is ok
else
{
// so sanitize it
$email = $_POST["email"];
}
// create instance of database class
$database = new Database();
// create instance of user class
$user = new User($database);
// check the users login info
if(!$user->resetPassword($username, $email))
{
// otherwise display an error stating the the feature isn't implemented
$smarty->assign('error', 'there was a problem contacting the database, please notify an admin');
// display it
$smarty->display('error.tpl');
}
else
{
// otherwise display an error stating the the feature isn't implemented
$smarty->assign('error', 'if you provided correct info your password has been reset and an email has been sent with your new password');
// display it
$smarty->display('error.tpl');
}
}
?>
Sincerely,
AleeiousMMO