-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathforgotpasswd.php
More file actions
173 lines (151 loc) · 5.6 KB
/
forgotpasswd.php
File metadata and controls
173 lines (151 loc) · 5.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
<?php
//==========================================================================
// forgotpasswd.php
//
// Form to email the user his login password
//
// Copyright (c) 2006 Kenneth J. Snyder
// Licensed under the GNU GPL. For full terms see the file LICENSE
// -------------------------------------------------------------------------
//
// Created: 02Apr2006 Snyder, Kenneth J. 73blazer@snyderworld.org
//
// Revised: 23Feb2007 Snyder, Kenneth J 73blazer@snyderworld.org v2.1.0
// - Updated because passwords are now encrypted
// Reset the users password to a random string and mail that to him
//
//==========================================================================
include_once("includes.php");
// Get the Version
// -----------------
$VSTVERSION=shell_exec("./getvstversion");
$formpresent=0;
?>
<html>
<head>
<title>
Vehicle Service Tracker :: Forgot Password
</title>
</head>
<link rel='stylesheet' type='text/css' href='vst.css'>
<BODY>
<H1>
<CENTER>
<P CLASS='Header1'>Vehicle Service Tracker - Forgotton Password</P>
</CENTER>
</H1>
<?php
function generatePassword ($length = 8)
{
// start with a blank password
$password = "";
// define possible characters
$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKMNPQRSTUVWXYZ@!";
// set up a counter
$i = 0;
// add random characters to $password until $length is reached
while ($i < $length) {
// pick a random character from the possible ones
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
// we don't want this character if it's already in the password
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
// done!
return $password;
}
if (isset($FP) && $FP!="") {
if ($USERNAME=='demo') {
header("Location: login.php?rc=40");
die("Sorry");
}
$dbconn = odbc_connect("$dbname","$dbuid","$dbpasswd");
if (!$dbconn) {
die("No Connection to database. Please try later");
} else {
// Generate a new password and mail it
$Select="select email from vst.clients where usrname='$USERNAME'";
$Result=odbc_exec($dbconn,$Select);
if (odbc_fetch_row($Result)) {
$passwd=generatePassword();
$epasswd=sha1($passwd);
$email=odbc_result($Result,1);
$Insert="update VST.CLIENTS set PASSWD='$epasswd' where USRNAME='$USERNAME'";
$InsertResult=odbc_exec($dbconn,$Insert);
if ($InsertResult!=0) {
odbc_commit($dbconn);
$subject="Your password for Vehicle Service Tracker at $orgname";
$message="Your password for $orgname's Vehicle Service Tracker has been reset to ";
$message.="[$passwd]\r\n";
$message.="Your User ID [$USERNAME]\r\n\r\n";
$message.="You can Login with your new password\r\n";
$message.="Feel free to change it with the \"Update Profile\" on the main page\r\n\r\n";
$message.="You are recieving this notification because a request has been";
$message.=" made for a forgotton password. If the request was not ";
$message.="initiated by you, please notify $orgname's administrator ";
$message.="at $adminemail. Rest assured your information has not been ";
$message.="compromised. The password is only shown in this mail and ";
$message.="was never displayed during the request.\r\nThank you.\r\n\r\n";
$message.="As always, you can access the tracker at: $homepage$webpath";
$headers = "MIME-Version:1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "From: Vehicle Service Tracker Admin <$adminemail>";
mail($email,$subject,$message,$headers);
odbc_close($dbconn);
echo "<br>";
echo "<center>";
echo "<b>Your password has been reset and mailed to your email address on file<b>";
echo "<center>";
} else {
echo "<center><font color=#ff0000><b>";
echo "Something went wrong with DB2 Insert of new passwd";
echo "</b></font></center><br>";
$formpresent=1;
$USERNAME="";
} // if insert ok
} else {
echo "<center><font color=#ff0000><b>";
echo "The UserName [$USERNAME] is not on file";
echo "</b></font></center><br>";
$formpresent=1;
$USERNAME="";
} // if (odbc_fetch_row($Result)) if there was a user by that anme
} // if dbconn
} else {
$formpresent=1;
}
if ($formpresent) {
?>
<small><center>Enter your UserName and we will email your
password to the email address on file</center></small><br>
<form method=post action=forgotpasswd.php>
<CENTER><table>
<tr><td><B>UserName</B><td><input name=USERNAME type=text size=30 value=
<?php if (isset($USERNAME)) echo $USERNAME; ?> ></td></tr>
</table></CENTER>
<p>
<CENTER><B><input type=submit name="FP" value="Email me my password"
id='butt'></B></CENTER>
</form>
<br>
<?php
}
?>
<br>
<hr noshade size=5 width=90% >
<center>
<?php
if (isset($USERNAME) && $USERNAME!="") {
$LoginURL="http://www.snyderworld.org/VST?USERNAME=$USERNAME";
} else {
$LoginURL="http://www.snyderworld.org/VST";
}
?>
<a href="<?php echo $LoginURL ?>">
Back to Login</a>
</center><hr noshade size=5 width=90% >
<?php footer($PHP_SELF,$adminemail); ?>
</body>
</html>