animezon |
14th August 2009 01:37 |
Recover
Hello guys i see anyone cant help me with my recover i do it myself and i like to share it here is totaly working
Edit your recover.php:
PHP Code:
<? ////fix by Nereu onlydvds2009
require_once("include/bittorrent.php"); dbconn(); // If user submitted info. if ($_SERVER["REQUEST_METHOD"] == "POST") { // trim for whitespace $email = trim($_POST["email"]);
// if email is not entered. if (!$email) newerr($tracker_lang['error'], "You must enter an email address!"); // show error
// select user from table users, limit to 1 user. $res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
// assign data to arr $arr = mysql_fetch_assoc($res) or newerr($tracker_lang['error'], "The email address was not found in the database..\n");
// create random security code $sec = create_salt();
sql_query("UPDATE users SET editsecret=" . sqlesc($sec) . " WHERE id=" . $arr["id"]) or sqlerr(__FILE__, __LINE__); if (!mysql_affected_rows()) newerr($tracker_lang['error'], "Database error. Please contact an administrator about this..");
$hash = md5($sec . $email . $arr["passhash"] . $sec);
$body = <<<EOD Hi,
Someone, hopefully you, requested that the password for the account associated with this email address ($email) be reset.
The request originated from $ip.
If you did not do this ignore this email. Please do not reply.
Should you wish to confirm this request, please follow this link:
$DEFAULTBASEURL/recover.php?confirm&id={$arr["id"]}&secret=$hash
After you do this, your password will be reset and emailed back to you.
-- $SITENAME EOD; @sent_mail($arr["email"],$SITENAME,$SITEEMAIL,"password reset confirmation $SITENAME",$body) or newerr($tracker_lang['error'], "Unable to send E-mail. Please let the administration know."); newerr($tracker_lang['success'], "Recovery E-mail was sent.\n" . " After a few minutes (usually immediately) we will send you a E-mail with further instructions."); } elseif(isset($_GET['confirm'])) { // if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches)) // httperr();
// $id = 0 + $matches[1]; // $md5 = $matches[2];
if (!is_valid_id($_GET["id"])) stderr($tracker_lang['error'], $tracker_lang['invalid_id']);
$id = 0 + $_GET["id"]; $md5 = $_GET["secret"];
$res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = $id"); $arr = mysql_fetch_array($res) or stderr($tracker_lang['error'],"??? ???????????? ? ????? ID");
$email = $arr["email"];
$sec = hash_pad($arr["editsecret"]); if (preg_match('/^ *$/s', $sec)) stderr($tracker_lang['error'],"Error"); if ($md5 != md5($sec . $email . $arr["passhash"] . $sec))
// generate new password; $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$newpassword = ""; for ($i = 0; $i < 10; $i++) $newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];
$sec = create_salt();
$newpasshash = create_password($newpassword, $sec);
sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" . sqlesc($arr["editsecret"]));
if (!mysql_affected_rows()) newerr($tracker_lang['error'], "Unable to update user information. Please contact the administrator and tell them of this error.");
define('REGISTER', true); $userid = $id;
$body = <<<EOD Your request for password recovery, generates you a new password.
Here is your new data for this account:
Username: {$arr["username"]} Password: $newpassword
You can login here: $DEFAULTBASEURL/login.php
-- $SITENAME EOD;
@sent_mail($email,$SITENAME,$SITEEMAIL,"password reset confirmation for $SITENAME",$body) or newerr($tracker_lang['error'], "Unable to send E-mail. Please let the administration know."); newerr($tracker_lang['success'], "Recovery E-mail was sent to $email.\n" . "After a few minutes (usually immediately), you will get your new data.");
} else { stdhead("Recover lost user name or password"); ?> <form method="post" action="recover.php"> <table border="1" cellspacing="0" cellpadding="5"> <tr><td class="colhead" colspan="2">Restoration user name or password </td></tr> <tr><td colspan="2">Use the form below to recover password and your data will be mailed to you.. You e-mail will confirm the request</td></tr> <tr><td class="rowhead">Registered E-Mail</td> <td><input type="text" size="40" name="email"></td></tr> <tr><td colspan="2" align="center"><input type="submit" value="Recover"></td></tr> </table> <? stdfoot(); }
////fix by Nereu onlydvds2009 ?>
Enjoy:)
|