Ok, its not a recovery .... its more the ability to change to a new one.
So lets start
I placed the code in a page called lostpw.php
Here's the full commented source:
Code: Select all
<html>
<center>
<head><link href="style.css" rel="stylesheet" type="text/css"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>
<title>Village Wars</title>
<?php
include_once 'config.php'; //database configuration
require "languages/index.lang.php"; // this is because i use multi language system you can remove it.
echo "<a href='index.php'><img src='images/VW-Logo.png'></a><br><br>"; //Banner of my game
function md5_pass($length = 8) //this function you will see later, but what it does its creating a md5 hash with 8 chars lenght.
{
return substr(md5(rand().rand()), 0, $length);
}
if(isset($_POST['email'])) $bypass = 2; //this is needed so we can know if the user has inputed the email of the account
echo "<div id='igactivemenu'>"; //div of my content, from here all is displayed in the screen with my style.css
echo "<center><h2>Password Recovery</h2></center>"; //no comments xD
if(!$bypass) //check if the user has putted the email or not
{
echo "<h3>To recover your password, you need to enter the email your account is linked to, and then you will receive a temporary password that you can change once you login with it.</h3>";
echo "Email:";
echo "<form method='post' action='lostpw.php'>
<input type='text' name='email'>
<input type='submit' name='sbm' value='Send'>
</form>";
}
if($bypass == 2)//what to do when we got the email
{
$email = $_POST['email'];
if($info = mysql_fetch_array(mysql_query("SELECT * from players where email='$email'"))) //check what account has this email (if any)
{
$player_email = $info['email']; //check the email
$username = $info['username']; //check the username
$password_init = "tmp9031"; //not this is the begining of my system, i think it was a original idea by me.. at least i didn't stole it..
$password = md5_pass(); //now we create that 8 lenght hash
$password = $password_init . '' . $password; //and we combine, so it will be: tmp9031XXXXXXXX
$encrypted = md5($password); //now encrypt the new password into a real md5
mysql_query("UPDATE players SET password='$encrypted', realpw='$password' WHERE username='$username'"); //and update the player with the new password.
$to = $email; //now to send a email, we need the receiver
$subject = "Village Wars Password Recovery"; //subject
$message = "Dear user $username , you used the Village Wars password recovery system to recover your password.
Your temporary password is $password
Please<a href='$site'>Login now</a>, and change the password as soon as possible.
Village Wars Team
"; //message, about the <a href='$site'>Login now</a> part, i think it should work.. (the $site variable is the site path included in my database config file)
$headers = "From: no-reply@vw.oryzhon.com"; //the headers that will be shown as the sender
mail($to,$subject,$message,$headers); //send to the user the new info
echo "<h3>The new password was sent to $email.</h3>";
echo "<h3><a href='index.php'>Back</a></h3>";
} //you can put a else here so you can echo a message like: "sorry no acc with that email"
}
echo "</div>";
?>
</center>
</html>
Ok very easy.
Now go to your first game page. What's this? Well, you got your login one right? You need to go to the page that is displayed once the user login.
Mine is game.php and is where i display server and game news.
And then, in your first game page you will add to the content area this:
Code: Select all
echo "<div id='igactivemenu'>"; //my content div
$temp_password = "tmp9031"; //we know that the new password has this string on it
$password = $info['realpw']; //we check for the real password of the player (the changed but unencrypted one)
$pos = strpos($password, $temp_password); //then we do a strpos function that will see where in the $password is the $temp_password
if(isset($_POST['newpassword'])) //this is to check if the player already changed
{
$newpassword = $_POST['newpassword']; //catch the newpassword
$encrypted = md5($newpassword); //encrypt it
mysql_query("UPDATE players SET password='$encrypted' where username='$username'"); //update and its done
echo "Your password has been changed! You will be redirected to game.";
echo '<meta http-equiv="refresh" content="2; URL=game.php">'; // 2 seconds waiting and then it will redirect to this page again, but since the password changed it will go straight to news.
}
if(strlen(strstr($password,$temp_password))>0) //now we check if the $temp_password is inside $password
{
if(!isset($_POST['newpassword'])) //and if the player didnt submit the new password yet we display the change password content
{
echo "<h3>Change your Temporary Password</h3>";
echo "<form method='post' action='game.php'>
Password: <input type='text' name='newpassword'>
<input type='submit' value='Change'>
</form>";
}
}
else
{
include_once 'news.php'; //and when there is no tmp9031 chars in the password, it means the player changed it.. so display normal content :D
}
echo "</div>";
About the unsecure password, dont mind because the new one wont get stored unencrypted so nothing to fear.
Thanks, and any comment or question, reply