Script 18.10 Forgot Password

Output

Reset Your Password

Enter your email address below and your password will be reset.

Source
<?php # Script 18.10 - forgot_password.php
// This page allows a user to reset their password, if forgotten.
require (CHAPTER_PATH.'/'.$chapter.'/includes/18.3.php');
$page_title = 'Forgot Your Password';
include (CHAPTER_PATH.'/'.$chapter.'/includes/18.1.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	require (CONNECT_OOP);

	// Assume nothing:
	$uid = FALSE;

	// Validate the email address...
	if (!empty($_POST['email'])) {

		// Check for the existence of that email address...
		$q = 'SELECT user_id FROM reg_users WHERE email="'.  mysqli_real_escape_string ($link, $_POST['email']) . '"';
		$r = mysqli_query ($link, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($link));
		
		if (mysqli_num_rows($r) == 1) { // Retrieve the user ID:
			list($uid) = mysqli_fetch_array ($r, MYSQLI_NUM); 
		} else { // No database match made.
			echo '<p class="error">The submitted email address does not match those on file!</p>';
		}
		
	} else { // No email!
		echo '<p class="error">You forgot to enter your email address!</p>';
	} // End of empty($_POST['email']) IF.
	
	if ($uid) { // If everything's OK.

		// Create a new, random password:
		$p = substr ( md5(uniqid(rand(), true)), 3, 10);

		// Update the database:
		$q = "UPDATE reg_users SET pass=SHA1('$p') WHERE user_id=$uid LIMIT 1";
		$r = mysqli_query ($link, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($link));

		if (mysqli_affected_rows($link) == 1) { // If it ran OK.
		
			// Send an email:
			$body = "Your password to log into http://www.ashlietaylor.com/percolate has been temporarily changed to '$p'. Please log in using this password and this email address. Then you may change your password to something more familiar.";
			mail ($_POST['email'], 'Your temporary password.', $body, 'From: noreply@ashlietaylor.com');
			
			// Print a message and wrap up:
			echo '<h3>Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you have logged in with this password, you may change it by clicking on the "Change Password" link.</h3>';
			require(DISCONNECT_OOP);
			include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php');
			exit(); // Stop the script.
			
		} else { // If it did not run OK.
			echo '<p class="error">Your password could not be changed due to a system error. We apologize for any inconvenience.</p>'; 
		}

	} else { // Failed the validation test.
		echo '<p class="error">Please try again.</p>';
	}
	require(DISCONNECT_OOP);

} // End of the main Submit conditional.
?>

<h1>Reset Your Password</h1>
<div class="message">Enter your email address below and your password will be reset.</div> 
<form action="" method="post">
	<fieldset>
	<p>
		<label for="em">Email Address:</label>
		<input id="em" type="text" name="email" size="20" maxlength="60" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" />
	</p>
	</fieldset>
	<p>
		<input type="submit" name="submit" value="Reset My Password" />
	</p>
</form>

<?php  include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php'); ?>