How to fix this PHP Forgotten Password Script? -


so basically, i'm trying make simple, yet secure, forgotten password script.

there 2 scripts, 1 allows user enter email address. send them email link must visit save new password.

the second script link leads to. script saves new password.

for security purposes, made new table within database called 'token'. has 3 fields; token, email, used. token random generated string of 10 letters , numbers, email users email address, , used integer of either 1 or 0 indicating whether or not token has been used.

you able understand far more of structure once read on 2 scripts. not long, , not complex @ all.

what going wrong

okay, there 1 small thing going wrong, , within reset-password.php script. users come after receive email. basically, type in new password, , click 'reset password', yet nothing happens. no errors or confirmations shown, along nothing changing within database. can't seem debug this, , have been searching , trying hours now. , suggestions appreciated.

please try keep in mind still newbie @ php , mysql. been working php approximately 8 weeks now, , mysql 2.

forgot-password.php

<?php //forgotten password script      //variable save errors     $errors = array();      $email = $_post['email'];      include 'config.php';     mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect");      mysql_select_db("$db_name")or die("cannot select db");      $query = "select email users email='" . $email . "'";     $result = mysql_query($query);     $num = mysql_num_rows($result);     if($num==0)     {         echo ("<div style='color:red;'>email address not registered</div>");         die();     }      $token = getrandomstring(10);     $query = "insert tokens (token,email) values ('".$token."','".$email."')";     mysql_query($query);      //function renerate token     function getrandomstring($length)      {         $validcharacters = "abcdefghijklmnpqrstuxyvwz123456789";         $validcharnumber = strlen($validcharacters);         $result = "";          ($i = 0; $i < $length; $i++)          {             $index = mt_rand(0, $validcharnumber - 1);             $result .= $validcharacters[$index];         }         return $result;     }      //send reset link user     function mailresetlink($to,$token)     {         $subject = "password reset";         $message = '         <html>         <head>         <title>password reset</title>         </head>         <body>         <p>click on given link reset password <a href="http://domain.com/reset-password.php?token='.$token.'">reset password</a></p>          </body>         </html>         ';         $headers = "mime-version: 1.0" . "\r\n";         $headers .= "content-type:text/html;charset=iso-8859-1" . "\r\n";         $headers .= 'from: password reset <noreply@domain.com>' . "\r\n";          if(mail($to,$subject,$message,$headers))         {             echo "we have sent password reset link email @ <strong>".$to."</strong>";          }     }      //if email posted, send email     if(isset($_post['email']))     {         mailresetlink($email,$token);     }   ?>     <table align="center" style="padding-bottom:40px;">     <form action="<?php $_server['php_self']; ?>" method="post">     <tr>     <td>email address: </td>     <td><input type="text" name="email" /></td>     </tr>     <tr>     <td colspan="2" align="center"><input type="submit" value="reset password" /></td></tr>     <input type="hidden" name="register" value="true" /> </form> </table> 

reset-password.php

<?php //reset password script      $token = $_get['token'];     $email;      include 'config.php';     mysql_connect("$db_host", "$db_username", "$db_password") or die("cannot connect");      mysql_select_db("$db_name")or die("cannot select db");      if(!isset($_post['newpassword']))     {         $query = "select email tokens token='" . $token . "' , used = 0";         $result = mysql_query($query);         while($row = mysql_fetch_array($result))         {             $email = $row['email'];         }           if ($email != '')         {             $_session['email'] = $email;         }         else          {             echo "invalid link or password changed";         }     }       $pass = $_post['newpassword'];     $email = $_session['email'];      //save new password     if(isset($_post['newpassword']) && isset($_session['email']))     {         $query = "update users set password = sha('$password') email='" . $email . "'";         $result = mysql_query($query);         if($result)         {             mysql_query("update tokens set used=1 token='" . $token . "'");         }         echo "your password has been changed successfully";         if(!$result)         {             echo "an error occurred. please try again or contact @ admin@domain.com";         }     }  ?>    <table align="center" style="padding-bottom:40px;">     <form action="<?php $_server['php_self']; ?>" method="post">     <tr>     <td>new password:</td>     <td><input type="password" name="newpassword" id="password"/></td>     </tr>     <tr>     <td colspan="2" align="center"><input type="submit" value="change password"></td></tr>     <input type="hidden" name="reset" value="true" /> </form> </table> 

please, if need more information or code, please not hesitate ask.

thanks in advance!

i don't see anywhere passing token parameter server on reset page after entering new password parameter. should have hidden <input /> control, expect. $_server['php_self'] not return query string parameters. cause of current problem.

specifically,

<table align="center" style="padding-bottom:40px;">     <form action="<?php echo $_server['php_self']; ?>" method="post">     <tr>     <td>new password:</td>     <td><input type="password" name="newpassword" id="password"/></td>     </tr>     <tr>     <td colspan="2" align="center"><input type="submit" value="change password"></td></tr>     <input type="hidden" name="reset" value="true" /> </form> </table> 

should

<table align="center" style="padding-bottom:40px;">     <form action="<?php echo $_server['php_self']; ?>" method="post">     <tr>     <td>new password:</td>     <td><input type="password" name="newpassword" id="password"/></td>     </tr>     <tr>     <td colspan="2" align="center"><input type="submit" value="change password"></td></tr>     <input type="hidden" name="reset" value="true" />     <input type="hidden" name="token" value="<?php echo $_request['token']; ?>" /> </form> </table> 

make sure change $_get['token']s $_request['token'] first time, post second.

that being said, larger problem ability me bypass security specifying ' or 1=1 or ' token. or, mean , nice '; update users set password = sha('iknowthispassword') username = 'admin'; --

moral of story being parameterized sql (how can prevent sql injection in php?)


Comments

Popular posts from this blog

Detect support for Shoutcast ICY MP3 without navigator.userAgent in Firefox? -

web - SVG not rendering properly in Firefox -

java - JavaFX 2 slider labelFormatter not being used -