SeniorProject/ForgotPassword.php at master · miller11/SeniorProject · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
include_once 'Header.php';

/*
 * User: Ross
 * Date: 12/11/12
 */


if(isset($_POST['submit'])){
    $sql = "select SALT from NON_UI_PERSON where EMAIL = '" . $_POST['email'] . "'";

    if($emailResult = nextRow(queryDB($sql))){


        $to = $_POST['email'];
        $subject = "University of Iowa Faculty";
        $message = "Hello, \n This a password reset from the University of Iowa Faculty Hiring CS website. \n \n";
        $from = "ross-h-miller@uiowa.edu";
        $headers = "From:" . $from;

        $password = randomString(10);
        $message = $message . "Your new login information: \n User Name:  " . $to
            . " \n Password: " . $password . "\n";
        $insertSql = "update NON_UI_PERSON set PASSWORD = '" . hashString($password . $emailResult['SALT']) . "', RESET_PASS = '1' where EMAIL = '" . $to . "'";
        updateDB($insertSql);

        $message = $message . "Login in at: http://webdev.cs.uiowa.edu/~rhmiller/ChangePassword.php?email=" . $to;
        mail($to,$subject,$message,$headers);
        header(redirect('ChangePassword.php','?email=' . urlencode($to) . "&success=" . urlencode("Your password has been reset please check your email.")));
        exit;
    } else {
       header(refresh("?error=") . urlencode("Email provided was not found in our system"));
        exit;
    }
}

?>

<div class="container">
    <div class="row">
        <h2>Forgot Password</h2>
    </div>
    <div class="row">
        <div class="span8">
            <form class="form-horizontal" method="POST" action="<?php echo myURL();?>">
                <div class="control-group">
                    <label class="control-label" for="email">Email</label>

                    <div class="controls">
                        <input type="text" id="email" name="email" placeholder="Email">
                    </div>
                </div>
                <div class="control-group">
                    <div class="controls">
                        <button type="submit" name="submit" class="btn btn-success">Send</button>
                    </div>
                </div>
            </form>
        </div>
    </div>
</div>