I want to change the Scriptcase security app “retrieve_pswd”, so the user uses their email to retrieve a new password when they have forgotten their password. We are using a member number to create a user, so it’s way too easy to type in the wrong number.
I changed the “login” to “email” in the events and the php methods.
After executing the email, I am getting the success message. After that, I am getting the message
Undefined variable: email
Username does not exist!
Has anyone tried to do something similar and have a solution?
I made it work by following changes:
In events, I changed the OnScriptinit:
if(isset($_GET[‘act_code’]) && !empty($_GET[‘act_code’]))
{
$act_code = trim($_GET[‘act_code’]);
$sql = "SELECT
FROM
sec_users
WHERE
activation_code = ". sc_sql_injection($act_code);
sc_lookup(rs, $sql);if({rs} !== FALSE && isset({rs}[0][0]))
{
$usr_login = {rs[0][0]};sc_set_global($usr_login); sc_apl_status('app_change_pswd', 'on'); sc_redir("app_change_pswd", act_code=$act_code; usr_login=$usr_login);
}
else
{
sc_alert( {lang_act_code_error} );
}
//sc_exit(ok);
}if(isset([usr_login]) && !empty([usr_login]))
{
send_new_pswd();
//sc_redir(‘login’);
}
Under Programming and PHP Methods I changed following methods:
search_email
$sql = “SELECT email FROM sec_users WHERE email = '”.$param_login."’";
sc_lookup(rs, $sql);
if({rs} === FALSE || count({rs}) == 0)
{
sc_error_message({lang_error_login_not_exist});
sc_error_exit();
}
else
{
return {rs[0][0]};
}
sen_act
$act_code = act_code();
$sql = “UPDATE
sec_users
SET
activation_code = '”. $act_code ."’
WHERE
email = ‘". [usr_login] ."’";sc_exec_sql($sql);
send_mail_message({lang_send_act_code}
. "
<a href=‘http://". $_SERVER[‘HTTP_HOST’] . $_SERVER[‘SCRIPT_NAME’]. “?act_code=” . $act_code ."’> http://".$_SERVER[‘HTTP_HOST’] . $_SERVER[‘SCRIPT_NAME’]. “?act_code=” . $act_code ." ");
send_new_password
$pswd = act_code();
$sql = “UPDATE sec_users SET pswd = '”. hash(“sha512”,$pswd) ."’ WHERE email = ‘". [usr_login] ."’";
sc_exec_sql($sql);send_mail_message({lang_send_new_pswd} . $pswd);
send_pasw_mail
sc_lookup(rs, “SELECT
pswd
FROM
sec_users
WHERE
email = '”. [usr_login] ."’");send_mail_message({lang_send_pswd} . " ". {rs[0][0]}) ;
Under Form Settings / Edit Fields, I changed the {lang_sec_users_fild_login} to {lang_sec_users_fild_email}