Does anyone have a 'safe' "I forgot my password" script?
I utilize vqregister to allow users to sign-up, so I have their original
email address, and I also have a 'secret word' they've provided.
phpMember Just does:
$result=mysql_fetch_array(mysql_db_query($db_name, "SELECT * FROM
$tbl_member WHERE login = '$login'"
But that doesn't seem safe to me. The input is never sanitized...
especially for vqregister, where a user could potentially pick an
already used user name who's been deleted - then I just want the last
row, but still - isn't it possible to stick a join in there or
Any ideas on this subject?