-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathrecover_password.php
92 lines (68 loc) · 2.08 KB
/
recover_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?php
/*
* recover_password.php
*
* Creates a new password and sends it to registered email address
*
*/
include 'config.php';
include 'db.php';
include 'lib/utility.php';
if ( !isset( $enable_PAM ) ) {
$enable_PAM = false;
}
if ( $enable_PAM ) {
include 'login.php';
exit();
}
$email_address = stripslashes( $_POST['email_address'] );
if ( ! $email_address )
{
$message = "Error: E-mail address is missing!";
include 'lost_password.php';
exit();
}
// Quick check to see if record exists
$query = "SELECT personID, activated FROM people " .
"WHERE email='$email_address'";
$result = mysqli_query( $link, $query );
$row_count = mysqli_num_rows( $result );
$row = mysqli_fetch_row( $result );
if ( $row_count == 0 )
{
$message = "No records were found matching your email address ($email_address)<br/>";
include 'lost_password.php';
exit();
}
list($personID, $activated) = $row;
// Sometimes users come here before account is activated, and a new
// password will break the activation, so...
if ( $activated == 0 )
{
$message = "Error: This account has not been activated yet. " .
"Please activate your account first. " .
"The activation code was sent to your e-mail address: $email_address.";
include 'login.php';
exit();
}
// Everything looks ok, generate password, update it and send it!
$random_password = makeRandomPassword();
$db_password = md5($random_password);
$query = "UPDATE people " .
"SET password='$db_password' " .
"WHERE personID='$personID'";
mysqli_query( $link, $query )
or die("Query failed : $query" . mysqli_error( $link ));
$subject = "System Password";
$message = "We have reset your password at your request.
New Password: $random_password
http://$org_site
Please save this message for your reference.
Thanks!
The $org_name Admins.
This is an automated response, do not reply!";
LIMS_mailer( $email_address, $subject, $message );
$message = "Your password has been sent to you via email. " .
"Please check your email for your new password.";
include 'login.php';
?>