$pass = sanitise('currentpassword', 'p'); $newpass1 = sanitise('newpassword1', 'p'); $newpass2 = sanitise('newpassword2', 'p'); $query = "SELECT * FROM users WHERE UserID='{$user}'"; $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result) == 1) { $row = mysql_fetch_array($result); $hash = sha1($pass . $row['Salt']); //check that they've provided the correct password: if ($hash == $row['Password']) { //check that provided passwords match: if ($newpass1 == $newpass2) { //check that new password is long enough: if (strlen($newpass1) > 5) { //generating some salty hashes: $salt = generatesalt(); $hash = sha1($newpass1 . $salt); //now we change their password... $query = "UPDATE users SET Password='******', Salt='{$salt}' WHERE UserID='{$user}'"; $result = mysql_query($query) or die(mysql_error()); //tell the user that it has been sucessfull: $msg = $msg . "Successfully changed your password!"; $success = True; } else { $msg = $msg . "New Password is too short - make sure it's at least 6 characters long. "; $sucess = False; } } else { //passwords didn't match: $msg = $msg . "New Passwords don't match. Please try again. "; $sucess = False;
<?php include_once 'functions.php'; $conn = opendb(); $email = sanitise('email', 'p'); $query = "SELECT * FROM users WHERE Email='{$email}'"; $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result) == 1) { $row = mysql_fetch_assoc($result); if ($row['Validated'] == 1) { if ($row['ResetKey'] == NULL || time() > $row['ResetTimeout']) { $resetkey = sha1(generatesalt(64)); $timeout = time() + 604800; //One Week $UserID = $row['UserID']; $query = "UPDATE users SET ResetKey='{$resetkey}', ResetTimeout='{$timeout}' WHERE Email='{$email}'"; $result = mysql_query($query) or die(mysql_error()); sendpasswordreset($email, $resetkey, $UserID); echo "email: " . $email . " resetkey: " . $resetkey . " UserID: " . $UserID; } else { echo "You've already tried to reset"; } } else { echo "You haven't validated your account yet! Check your emails, including the spam folder"; } } else { echo "your email wasn't found :("; }
$query = "INSERT INTO users (Email, Password, Salt, ValidatedTimeout, ValidationKey, PrefCurrency, PrefPaymentMethod) VALUES ('{$email}', '{$hash}', '{$salt}', '{$time}', '{$validationkey}', '£', 'Card')"; //insrt mysql_query($query) or die(mysql_error()); $UserID = mysql_insert_id(); $query = "INSERT INTO accounts (UserID, AccountName) VALUES ('{$UserID}', 'Current')"; mysql_query($query) or die(mysql_error()); sendvalidationkey($email, $validationkey, $UserID); $success = 1; $msg = $msg . "Success! Before you can use your account, you'll need to validate it - we've sent you an email with a link to do that. If you can't find it, check your spam folder or click here to send it again. "; } elseif (mysql_num_rows($result) == 1) { $row = mysql_fetch_array($result); if ($row['Validated'] == 0 && time() > $row['ValidatedTimeout']) { $time = time() + 604800; $salt = generatesalt(); $hash = sha1($pass . $salt); $validationkey = sha1(generatesalt(64)); $query = "UPDATE users SET Password='******', Salt='{$salt}', ValidatedTimeout='{$time}', ValidationKey='{$validationkey}' WHERE Email='{$email}'"; //insrt mysql_query($query) or die(mysql_error()); sendvalidationkey($email, $validationkey, $UserID); $msg = $msg . "Successfully re-registered. Before you can use your account, you'll need to validate it - we've sent you an email with a link to do that. If you can't find it, check your spam folder or click <a href=\"resendvalidationkey.php\">here</a> to send it again."; } else { $msg = $msg . "You've already registered that email! Please validate it by clicking the link in the email you received. If you can't find the email, click <a href=\"resendvalidationkey.php\">here<a/> to resend it "; } } } if ($success == 1) { include 'index.php'; } else { include 'register.php'; }