here are a code that u can change ur password on site please if there are a hole tell us
sql
ibwf_users
code varchar 60
sql
ibwf_users
code varchar 60
Code:
<?php include("inc/func.inc.php"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); echo "<?xml version=\"1.0\"?>\n"; echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">\n"; ?> <html xmlns="http://www.w3.org/1999/xhtml"> <?php $bcon = connectdb(); $uid = getuid_sid($sid); if (!$bcon) { echo "<head>"; include("inc/css.inc.php"); echo "</head>"; echo "<body>"; echo getdberror(); echo "</body>"; echo "</html>"; exit(); } $action = $_GET["action"]; ////////////////////////////////////////MAIN PAGE if($action=="main") { echo "<head>"; include("inc/css.inc.php"); echo "</head>"; echo "<body>"; echo "<div class=\"box_cen\" align=\"center\">"; echo "<b>Reset Password</b>"; echo "<div class=\"box_sub\" align=\"center\">"; echo "<small>*Check Your E-mail To Get Reset Code For Next Action</small><br/>"; echo "<br/>"; echo "<form action=\"pass.php?action=code\" method=\"post\">"; echo "Username<br/><input name=\"name\" format=\"*x\" maxlength=\"30\"/><br/>"; echo "E-Mail<br/><input name=\"email\" maxlength=\"60\"/><br/>"; echo "<input type=\"submit\" value=\"Send\"/></form>"; echo "</div><a href=\"pass.php?action=reset\">"; echo "Reset Password</a></div>"; echo "</body>"; } else if($action=="reset") { echo "<head>"; include("inc/css.inc.php"); echo "</head>"; echo "<body>"; echo "<div class=\"box_cen\" align=\"center\">"; echo "<b>Reset Password</b>"; echo "<div class=\"box_sub\" align=\"center\">"; echo "<small>*Enter The Code You Got At The Following Space</small><br/>"; echo "<br/>"; echo "<form action=\"pass.php?action=pass\" method=\"post\">"; echo "Username<br/><input name=\"name\" format=\"*x\" maxlength=\"30\"/><br/>"; echo "E-mail<br/><input name=\"email\" maxlength=\"60\"/><br/>"; echo "Confirmation Code<br/><input name=\"code\" maxlength=\"9\"/><br/>"; echo "<input type=\"submit\" value=\"Reset\"/></form>"; echo "</div><a href=\"pass.php?action=main\">"; echo "Code Request</a></div>"; echo "</body>"; } else if($action=="pass") { $name = $_POST["name"]; $code = $_POST["code"]; $email = $_POST["email"]; echo "<head>"; include("inc/css.inc.php"); echo "</head>"; echo "<body>"; echo "<div class=\"box_cen\" align=\"center\">"; echo "<b>Code Request</b>"; echo "<div class=\"box_sub\" align=\"center\">"; $uinfo = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$name."'")); if(($uinfo[0]==0)||($uinfo[0]=="")) { echo "<img src=\"images/notok.gif\" alt=\"X\"/>Username Does Not Exists!</div>"; echo "<a href=\"pass.php?action=pass\">Password?</a><br/>"; }else{ $uinfo2 = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$name."' AND email='".$email."'")); if(($uinfo2[0]==0)||($uinfo2[0]=="")) { echo "<img src=\"images/notok.gif\" alt=\"X\"/>Email Address Does Not Match. Enter Correct Email Address.</div>"; echo "<a href=\"pass.php?action=pass\">Password?</a><br/>"; }else{ $uinfo3 = mysql_fetch_array(mysql_query("SELECT code FROM ibwf_users WHERE name='".$name."'")); if($uinfo3[0]!=$code) { echo "<img src=\"images/notok.gif\" alt=\"x\"/>Confirmation code Doesn't match</div>"; echo "<a href=\"pass.php?action=pass\">Password?</a><br/>"; }else{ $len = 7; $chars = 'abadefghijklmnopqrstuvwxyz0123456789'; $hug = ''; for ($i = 0; $i < $len; $i++) { $pos = rand(0, strlen($chars)-1); $hug .= $chars{$pos}; } $getc = "95acgmd15"; mysql_query("UPDATE ibwf_users SET pass='".md5($hug)."', code='".$getc."' WHERE name='".$name."'"); echo "<img src=\"images/ok.gif\" alt=\"+\"/>Your Password Has Been Reset.<br/>New Password: <b>$hug</b></div>"; echo "<a href=\"login.php?loguid=$name&logpwd=$hug\">"; echo "Login As $name</a>"; } } } echo "</div>"; echo "</body>"; } else if($action=="code") { $name = $_POST["name"]; $email = $_POST["email"]; echo "<head>"; include("inc/css.inc.php"); echo "</head>"; echo "<body>"; echo "<div class=\"box_cen\" align=\"center\">"; echo "<b>Code Request</b>"; echo "<div class=\"box_sub\" align=\"center\">"; $uinfo = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$name."'")); if(($uinfo[0]==0)||($uinfo[0]=="")) { echo "<img src=\"images/notok.gif\" alt=\"X\"/>Username Does Not Exists!</div>"; echo "<a href=\"pass.php?action=main\">Password?</a><br/>"; }else{ $uinfo = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$name."' AND email='".$email."'")); if(($uinfo[0]==0)||($uinfo[0]=="")) { echo "<img src=\"images/notok.gif\" alt=\"X\"/>Email Address Does Not Match. Enter Correct Email Address.</div>"; echo "<a href=\"pass.php?action=main\">Password?</a><br/>"; }else{ $len = 5; $chars = 'abadefghijklmnopqrstuvwxyz0123456789'; $hug = ''; for ($i = 0; $i < $len; $i++) { $pos = rand(0, strlen($chars)-1); $hug .= $chars{$pos}; } mysql_query("UPDATE ibwf_users SET code='".$hug."' WHERE name='".$name."'"); $kiss = mysql_fetch_array(mysql_query("SELECT name FROM ibwf_users WHERE name='".$name."'")); $msg = "\n Username: ".$kiss[0]." \n Request Code: ".$hug." \n\n Thank You\n".$sitename.""; $subj = "Request Code retrivewap.co.za"; $headers = 'From: admin@retrivewap.co.za' . "\r\n" . 'Reply-To: admin@retrivewap.co.za' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($email, $subj, $msg, $headers); echo "<img src=\"images/ok.gif\" alt=\"+\"/>Request Code Has Been Sent To $email Please Enter That Code At The Section Request Code</div>"; echo "<form action=\"pass.php?action=pass\" method=\"post\">"; echo "Username<br/><input name=\"name\" format=\"*x\" maxlength=\"30\"/><br/>"; echo "E-mail<br/><input name=\"email\" maxlength=\"60\"/><br/>"; echo "Confirmation Code<br/><input name=\"code\" maxlength=\"9\"/><br/>"; echo "<input type=\"submit\" value=\"Reset\"/></form>"; } } echo "</div>"; echo "</body>"; } ?> </html>
Comment