SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Threaded View

  1. #1
    SitePoint Member
    Join Date
    Sep 2010
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to return to index.php or login.php after message is sent?

    I am using the following script to reset a forgotten password. When the process succeeds, this code occurs on line 124:

    error('New Password Sent!.');

    When the user clicks OK, the script continues and displays the form again.
    I want to link to index.php rather than display the form. I've tried several things, but nothing seems to work. I think I'm having a problem of "don't see the forest for the trees". Thanks for your help. Here is the script I'm using:

    PHP Code:
    <?php
    /**
     * ShuttleCMS - A basic CMS coded in PHP.
     * Password Reset - Used for allowing a user to reset password
     * 
     * @author Dan <dan@danbriant.com>
     * @version 0.0.1
     * @package ShuttleCMS
     * [url]www.danbriant.com/general/creating-php-password-reset-script[/url]
     */
    define('IN_SCRIPT'true);
    // Start a session
    session_start();

    //Connect to the MySQL Database
    //include '../connect.php';
    include ("db.php");
    include (
    "functions.php");
    include (
    "header.php");

    //this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info
    //use error('foobar');
    function error($msg) {
        
    ?>
        <html>
        <head>
        <script language="JavaScript">
        <!--
            alert("<?=$msg?>");
            history.back();
        //-->
        </script>
        </head>
        <body>
        </body>
        </html>
        <?
        
    exit;
    }

    //This functions checks and makes sure the email address that is being added to database is valid in format. 
    function check_email_address($email) {
      
    // First, we check that there's one @ symbol, and that the lengths are right
      
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$"$email)) {
        
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        
    return false;
      }
      
    // Split it into sections to make life easier
      
    $email_array explode("@"$email);
      
    $local_array explode("."$email_array[0]);
      for (
    $i 0$i sizeof($local_array); $i++) {
         if (!
    ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$"$local_array[$i])) {
          return 
    false;
        }
      }  
      if (!
    ereg("^\[?[0-9\.]+\]?$"$email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
        
    $domain_array explode("."$email_array[1]);
        if (
    sizeof($domain_array) < 2) {
            return 
    false// Not enough parts to domain
        
    }
        for (
    $i 0$i sizeof($domain_array); $i++) {
          if (!
    ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$"$domain_array[$i])) {
            return 
    false;
          }
        }
      }
      return 
    true;
    }


    if (isset(
    $_POST['submit'])) {
        
        if (
    $_POST['forgotpassword']=='') {
            
    error('Please Fill in Email.');
        }
        if(
    get_magic_quotes_gpc()) {
            
    $forgotpassword htmlspecialchars(stripslashes($_POST['forgotpassword']));
        } 
        else {
            
    $forgotpassword htmlspecialchars($_POST['forgotpassword']);
        }
        
    //Make sure it's a valid email address, last thing we want is some sort of exploit!
        
    if (!check_email_address($_POST['forgotpassword'])) {
              
    error('Email Not Valid - Must be in format of [email]name@domain.tld[/email]');
        }
        
    // Lets see if the email exists
        
    $sql "SELECT COUNT(*) FROM posts WHERE email = '$forgotpassword'";
        
    $result mysql_query($sql)or die('Could not find member: ' mysql_error());
        if (!
    mysql_result($result,0,0)>0) {
            
    error('Email Not Found!');
        }

        
    //Generate a RANDOM MD5 Hash for a password
        
    $random_password=md5(uniqid(rand()));
        
    //Take the first 8 digits and use them as the password we intend to email the user
        
    $emailpassword=substr($random_password08);
            echo 
    "<p>$emailpassword</p>"
        
    //Encrypt $emailpassword in MD5 format for the database. 1/14/2013 Jim removing md5.
        
    $newpassword$emailpassword;
            echo 
    $newpassword;
            
    // Make a safe query
               
    $query sprintf("UPDATE `posts` SET `pass` = '%s' 
                              WHERE `email` = '
    $forgotpassword'",
                        
    mysql_real_escape_string($newpassword));
                        
                        
    mysql_query($query)or die('Could not update post: ' mysql_error());

    //Email out the infromation
    $subject "Your New Password"
    $message "Your new password is as follows:
    ---------------------------- 
    Password: 
    $emailpassword
    ---------------------------- 
    Please make note this information has been encrypted into our database 

    This email was automatically generated."

                           
              if(!
    mail($forgotpassword$subject$message,  "FROM: $site_name <$site_email>")){ 
                 die (
    "Sending Email Failed, Please Contact Site Admin! ($site_email)"); 
              }else{ 
                    
    error('New Password Sent!.');
             } 
            
        }
        
    else {
    ?>   <form name="forgotpasswordform" action="" method="post">

             <fieldset>
                 Enter your email address.
                 <p></p>
                 <p></p>
                 <label for="email" class="fixedwidth">Email Address:&nbsp &nbsp;</label>
                 <input name="forgotpassword" type="text" value="" id="forgotpassword" />
                 <input type="submit" name="submit" value="Submit"/>
            </fieldset>

          </form>

       <?   
    }

    include (
    "footer.php");
    ?>
    Last edited by cpradio; Jan 25, 2013 at 12:00. Reason: Added php bb codes


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •