I am using the following script to reset a forgotten password. When the process succeeds, this code occurs on line 124:
error(‘New Password Sent!.’);
When the user clicks OK, the script continues and displays the form again.
I want to link to index.php rather than display the form. I’ve tried several things, but nothing seems to work. I think I’m having a problem of “don’t see the forest for the trees”. Thanks for your help. Here is the script I’m using:
<?php
/**
* ShuttleCMS - A basic CMS coded in PHP.
* Password Reset - Used for allowing a user to reset password
*
* @author Dan <dan@danbriant.com>
* @version 0.0.1
* @package ShuttleCMS
* www.danbriant.com/general/creating-php-password-reset-script
*/
define('IN_SCRIPT', true);
// Start a session
session_start();
//Connect to the MySQL Database
//include '../connect.php';
include ("db.php");
include ("functions.php");
include ("header.php");
//this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info
//use error('foobar');
function error($msg) {
?>
<html>
<head>
<script language="JavaScript">
<!--
alert("<?=$msg?>");
history.back();
//-->
</script>
</head>
<body>
</body>
</html>
<?
exit;
}
//This functions checks and makes sure the email address that is being added to database is valid in format.
function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\\.-]{0,63})|(\\"[^(\\\\|\\")]{0,62}\\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\\[?[0-9\\.]+\\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
if (isset($_POST['submit'])) {
if ($_POST['forgotpassword']=='') {
error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
}
else {
$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
//Make sure it's a valid email address, last thing we want is some sort of exploit!
if (!check_email_address($_POST['forgotpassword'])) {
error('Email Not Valid - Must be in format of [email]name@domain.tld[/email]');
}
// Lets see if the email exists
$sql = "SELECT COUNT(*) FROM posts WHERE email = '$forgotpassword'";
$result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
if (!mysql_result($result,0,0)>0) {
error('Email Not Found!');
}
//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));
//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, 8);
echo "<p>$emailpassword</p>";
//Encrypt $emailpassword in MD5 format for the database. 1/14/2013 Jim removing md5.
$newpassword= $emailpassword;
echo $newpassword;
// Make a safe query
$query = sprintf("UPDATE `posts` SET `pass` = '%s'
WHERE `email` = '$forgotpassword'",
mysql_real_escape_string($newpassword));
mysql_query($query)or die('Could not update post: ' . mysql_error());
//Email out the infromation
$subject = "Your New Password";
$message = "Your new password is as follows:
----------------------------
Password: $emailpassword
----------------------------
Please make note this information has been encrypted into our database
This email was automatically generated.";
if(!mail($forgotpassword, $subject, $message, "FROM: $site_name <$site_email>")){
die ("Sending Email Failed, Please Contact Site Admin! ($site_email)");
}else{
error('New Password Sent!.');
}
}
else {
?> <form name="forgotpasswordform" action="" method="post">
<fieldset>
Enter your email address.
<p></p>
<p></p>
<label for="email" class="fixedwidth">Email Address:  </label>
<input name="forgotpassword" type="text" value="" id="forgotpassword" />
<input type="submit" name="submit" value="Submit"/>
</fieldset>
</form>
<?
}
include ("footer.php");
?>