I have a password reset php script that used to work fine when I was playing on another emu but since I can’t figure this out I thought I might ask for a bit of help here, and if someone can help me fix it for trinity maybe someone else can use it for their own purposes. The code does serveral checks first it checks for a valid username, then a valid email then a simple math problem followed by a captcha.
Everything seems to work up until the point where the email has to be changed/reset, all it does in it’s current state is send me a password hash but I can’t use that to login obviously, the challenge here is to incorporate this into trinity’s sha hash so it A ) deletes old pass B ) makes new pass and prints it to the outgoing e-mail and finally C ) encrypts the new hash & replaces it. Here is what it looks like, it’s not originally mine, the code it was dug up a long while ago from another site then changed and altered. I’m only looking to try and fix it, who knows if anyone else might be able to use it once it works. My description of how trinity handles passwords could be way off I’m no expert when it comes to password hashes or trinitycore for that matter but I’m confident you’ll get what I mean.
<?php
session_start();
if(file_exists("dbcon.php")) {
include('dbcon.php');
} else {
exit("Dependency missing: Script Connection File.");
}
/**************************
* Check if banned
***************************/
$ip = $_SERVER['REMOTE_ADDR'];
$check = "SELECT * FROM recovery_log WHERE banIp = '$ip'";
$do = mysql_query($check, $con);
if(mysql_num_rows($do) > 0) {
while($row = mysql_fetch_assoc($do)) {
$banTime = $row['banTime'];
$banIp = $row['banIp'];
}
if(time() > $banTime) {
$delete = "DELETE FROM recovery_log WHERE banIp = '$banIp'";
$del = mysql_query($delete, $con);
} else {
exit("You have exceeded your 5 attempts. You may try again in an hour.");
}
}
/**********************************
* Create the human calculation
***********************************/
if(!$_SESSION['math1']) { $_SESSION['math1'] = rand(1, 100); }
if(!$_SESSION['math2']) { $_SESSION['math2'] = rand(1, 100); }
$_SESSION['result'] = $_SESSION['math1'] + $_SESSION['math2'];
if(!$_SESSION['attempt']) {
$_SESSION['attempt'] = 0;
}
/*********************************
* if 5th attempt, ban for an hour
**********************************/
if($_SESSION['attempt'] >= 5) {
$hour = 60 * 60;
$tban = time() + $hour;
$insert = "INSERT INTO recovery_log (banTime, banIp) VALUES ('$tban', '$ip')";
$do_ban = mysql_query($insert, $con);
exit("You exceeded your 5 attempts. You may try again in an hour.");
}
if(isset($_POST['isubmit'])) {
$errors = array(); // error array
$login = $_POST['login'];
$email = $_POST['email'];
$pattern = "/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/";
if(empty($email)) {
$errors[] = "You must enter an email address";
}
if(empty($login)) {
$errors[] = "You must enter a valid login";
}
if(!preg_match($pattern, $email)) {
$errors[] = "Invalid email address";
}
if($_POST['human'] != $_SESSION['result']) {
$errors[] = "You failed the human test.";
$_SESSION['math1'] = rand(1, 100);
$_SESSION['math2'] = rand(1, 100);
}
if($_POST['captcha'] != $_SESSION['captcha']) {
$errors[] = "Your image code did not match the one in the image";
}
// if no errors
if(empty($errors)) {
$email = filter_var($email, FILTER_SANITIZE_STRING);
$email = mysql_real_escape_string($email, $con);
$login = filter_var($login, FILTER_SANITIZE_STRING);
$login = mysql_real_escape_string($login, $con);
$qry = "SELECT * FROM account WHERE email = '$email' AND username = '$login' LIMIT 1";
$result = mysql_query($qry, $con);
if(mysql_num_rows($result) > 0) {
// the email address existed - mail the password to the user
while($row = mysql_fetch_assoc($result)) {
$login = $row['username'];
$password = $row['sha_pass_hash'];
}
$subject = "Password recovery";
$message = "Hello " . $login . "\n
Your password is: " . $password;
$headers = "";
if(mail($email, $subject, $message, $headers)) {
echo '<font color="green">Your password have been emailed to the email address you registered with.</font><br />';
} else {
echo '<font color="red">Failed to send the email, please try again.</font><br />';
}
} else {
echo '<font color="red">Incorrect match of username and email</font><br />';
}
}
mysql_close($con);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Password Recovery</title>
<link href="pw_recovery.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="container">
<div id="form">
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST">
<table>
<tr><td align="center">Account Name</td></tr>
<tr><td align="center"><input type="text" class="input" name="login" /></td></tr>
<tr><td align="center">Your email address:</td></tr>
<tr><td align="center"><input type="text" class="input" name="email" /></td></tr>
<tr><td align="center">Are you human? (<?php echo $_SESSION['math1'] . " + " . $_SESSION['math2']; ?>) = </td></tr>
<tr><td align="center"><input type="text" class="input" name="human" /></td></tr>
<tr><td align="center">Enter The Image code below:</td></tr>
<tr><td align="center"><input type="text" class="input" name="captcha" /></td></tr>
<tr><td align="center"><img src="captcha.php" /></td></tr>
<input type="hidden" name="isubmit" />
<tr><td><input type="image" src="pw_recover.png" value="" /></td></tr>
</table>
</form>
</div>
<div id="errors">
<?php
// if any errors occured
if(!empty($errors)) {
$_SESSION['attempt']++;
echo '<font color="red">' . count($errors) . ' Errors occured:</font><br />';
echo '<ul>';
foreach($errors as $display) {
echo '<li><font color="red">' . $display . '</font></li>';
}
echo '</ul>';
}
?>
</div>
</div>
</body>
</html>