1
Guys,
I am trying to get this password reset functionality wor for me but I am not successful at all. Please somebody help me. I get "Your password could not be reset - please try again later" so I think the get_random_word function is not working right. Here are the scripts:
This is the script after the user enters his/her userid.
<?php
require_once("bookmark_fns.php");
// creating short variable name
$username = $_POST['username'];
try
{
$password = reset_password($username); //I think this is not working
notify_password($username, $password);
echo 'Your new password has been emailed to you.<br />';
}
catch (Exception $e)
{
echo 'Your password could not be reset - please try again later.';
}
?>
This is the reset_password function:
// set password for username to a random value
// return the new password or false on failure
{
// get a random dictionary word b/w 6 and 13 chars in length
$new_password = get_random_word(6, 13);
if($new_password==false)
throw new Exception('Could not generate new password.');
// add a number between 0 and 999 to it
// to make it a slightly better password
srand ((double) microtime() * 1000000);
$rand_number = rand(0, 999);
$new_password .= $rand_number;
// set user's password to this in database or return false
$conn = db_connect();
$result = $conn->query( "update user
set passwd = sha1('$new_password')
where username = '$username'");
if (!$result)
throw new Exception('Could not change password.'); // not changed
else
return $new_password; // changed successfully
}
This is get_randow_word function: I think this can be the problem as well:
function get_random_word($min_length, $max_length)
// grab a random word from dictionary between the two lengths
// and return it
{
// generate a random word
$word = '';
// remember to change this path to suit your system
$dictionary = '/usr/dict/words';
$fp = @fopen($dictionary, 'r');
if(!$fp)
return false;
$size = filesize($dictionary);
// go to a random location in dictionary
srand ((double) microtime() * 1000000);
$rand_location = rand(0, $size);
fseek($fp, $rand_location);
// get the next whole word of the right length in the file
while (strlen($word)< $min_length || strlen($word)>$max_length || strstr($word, "'"))
{
if (feof($fp))
fseek($fp, 0); // if at end, go to start
$word = fgets($fp, 80); // skip first word as it could be partial
$word = fgets($fp, 80); // the potential password
};
$word=trim($word); // trim the trailing \n from fgets
return $word;
}
I am not sure maybe my ISPELL dictionary is not working, maybe I am not putting this in the correct directory when I upload it to the hosting server but it is not working. Please help me out here. Thank you.
