Part of Slepp's ProjectsPastebinTURLImagebinFilebin
Feedback -- English French German Japanese
Create Upload Newest Tools Donate
Sign In | Create Account

Paste Actions

Download Raw
Embed
pBox URL
Post to Twitter
Remove Paste

Paste Details

PHP Source format, 4 years 8 months old, and 423 hits.

Advertising

Paste Description for OpenSim Email Reset (Without Ver

This php script is used to reset the passwords of users to a value only known to the recipient. This script is self contained and the functions can be pulled from this file and used elsewhere.

OpenSim Email Reset (Without Ver
Wednesday, September 19th, 2007 at 11:16:16am MDT 

  1. <?php
  2.  
  3. //Licensed under whatever license the rest of OpenSim is licensed under.
  4.  
  5. //WARNING! INCREDIBLY INSECURE!
  6. //The current system (rev ~1960) has no email field.  This means there is no way to actually validate
  7. //that a user is who they say they are, and this will send an email containing their new password. 
  8. //To hopefully prevent illicit activity, I will log ips, emails and usernames changed.
  9.  
  10. //Stuff on the left of the "=" is the name of the variable.  Dont touch.
  11. //Stuff on the right of the "=" is the value.  Change the contents of the ''s to change the variable.
  12. //These could eventually be put into an ini file and read from there.
  13. $db['hostname'] = 'localhost';
  14. $db['username'] = 'root';
  15. $db['password'] = '';
  16. $db['database'] = 'opensim';
  17. $db['userstable'] = 'users';
  18. $adminemail = "admin@opensim.org";
  19. $passwordHash = ''; // The passwordhash for user passwords in the database
  20.  
  21. $break = explode('/', $_SERVER["SCRIPT_NAME"]);
  22. $nameofscript = $break[count($break) - 1];
  23.  
  24. //Here's a hunk of HTML that is used as a sample form.
  25. $form = <<<EOF
  26. Enter your information to reset your password.<br />
  27. <form action="{$nameofscript}?action=reset" method="post">
  28. <input name="email" value="E-Mail"><br />
  29. <input name="firstname" value="First Name"><br />
  30. <input name="lastname" value="Last Name"><br />
  31.  
  32. <button value="submit" name="Submit">Submit</button>
  33. <!-- There is no "Reset" button because that would just be confusing. -->
  34. </form>
  35. EOF;
  36.  
  37. //Overview:
  38. //GET INFO AND SEND NEW PASS
  39. //Read email, First Name, Last Name from form
  40. // //Connect to mysql database and Read email from database, but not in this version
  41. //Generate new password, and set it to it.
  42. //Email new password to user
  43.  
  44. function checkEmail($email)
  45. {
  46.         $email = urldecode($email);
  47.         if (eregi("(\r|\n)", $email)) //Checks that someone isnt trying to inject additional recipients
  48.         {
  49.                 return false;
  50.         }
  51.        
  52.         return true; //FIXME: Doesnt really check anything.  Needs a regexp that works.
  53.         if(!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+$', $email)) //Could be a lot better
  54.         {
  55.                 return false;
  56.         }
  57. }
  58.  
  59. function generatePassword($numChars)
  60. {
  61.         $password = '';
  62.         $chars = 'BCDFGHJKLMNPQRSTVWXZ023456789';
  63.         for($i = 0; $i < $numChars; $i++)
  64.         {
  65.                 $password .= $chars[rand(0, 28)];
  66.         }
  67.         return $password;
  68. }
  69.  
  70. function sendEmail($to, $from, $newpass)
  71. {
  72.         $subject = 'OpenSim Grid password reset';
  73.         $body = "Your new password on OSGrid is: {$newpass} (this is different from your website login password.)";
  74.         $subject = 'OpenSim Grid server password reset';
  75.         $headers = 'From: ' . $from . "\r\n" . 'Reply-To: ' . $from;
  76.         mail($to, $subject, $body, $headers);
  77.  
  78. }
  79.  
  80. //There could be a version of this that also checks against an email field for added security.
  81. function changePassword($db, $fname, $lname, $newpass)
  82. {
  83.         mysql_connect($db['hostname'], $db['username'], $db['password']);
  84.         @mysql_select_db($db['database']) or die( "Unable to select database");
  85.         $query = sprintf('UPDATE %s SET passwordHash = MD5("%s") WHERE username = "%s" AND lastname = "%s"',
  86.                 $db['userstable'],
  87.                 (md5($newpass).':'.$passwordHash),
  88.                 mysql_real_escape_string($fname),
  89.                 mysql_real_escape_string($lname));
  90.         mysql_query($query);
  91.         mysql_close();
  92. }
  93.  
  94. function writeLog($fname, $lname, $email, $ip, $logfile = 'log.txt')
  95. {
  96.         //Writes to log file in format:
  97.         //Date/Time     IP   FName      LName Email
  98.         if($ip == ''){$ip = $_SERVER['REMOTE_ADDR'];}
  99.         $filehandle = fopen($logfile, 'ab');
  100.         $line = sprintf('%s     %s   %s %s       %s',
  101.                 date(DATE_RFC822),
  102.                 $ip,
  103.                 rawurlencode($fname),
  104.                 rawurlencode($lname),
  105.                 rawurlencode($email));
  106.         $line .= "\r\n"; //If your editor/program/script cant handle these line endings, you need a new editor/program/script.
  107.         fwrite($filehandle, $line);
  108. }
  109.  
  110. switch ($_GET["action"])
  111. {
  112.         case "reset";
  113.                 //Get contents of formdata, assemble email, and mail it off.
  114.                 $email = $_POST['email'];
  115.                 $fname = $_POST['firstname'];
  116.                 $lname = $_POST['lastname'];
  117.                
  118.                 if(checkEmail($to))
  119.                 {
  120.                         $newpass = generatePassword(8);
  121.                         sendEmail($email, $adminemail, $newpass);
  122.                         changePassword($db, $fname, $lname, $newpass);
  123.                         //This should ideally only be called after verifying that a particular user
  124.                         //has verified that the email in the database is really his email.
  125.                         //This version automatically changes it without any sort of notification, so
  126.                         //a user could be theoretically "griefed" by people resetting his password.
  127.                         writeLog($fname, $lname, $email);
  128.                         echo('Password successfully changed.  Please check your email.');
  129.                 }
  130.                 else
  131.                 {
  132.                         echo('Please re-enter your email address and try again.');
  133.                 }
  134.                 break;
  135.         default:
  136.                 //Since we've got nothing to go on, just print the form and move along.
  137.                 echo $form;
  138.                 break;
  139. }
  140.  
  141. ?>

Paste Details

Tags: php opensim

advertising

Update the Post

Either update this post and resubmit it with changes, or make a new post.

You may also comment on this post.

update paste below
details of the post (optional)

Note: Only the paste content is required, though the following information can be useful to others.

Save name / title?

(space separated, optional)



Please note that information posted here will expire by default in one month. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.

worth-right
fantasy-obligation