SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Enthusiast MadDog31's Avatar
    Join Date
    Nov 2003
    Location
    Wilmington, NC
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry Ugh, ok tired of busting my head on my desk...

    I'm using Chapter 24 in PHP & MySQL Web Development to design a user authentication and personalization site that lets users add their favorite bookmarks to a Web site.

    I have everything working perfectly except for one thing, the 'forgot your password' link.

    When I click the link on the form, it goes to a new form and asks for the username. When I enter the username, it comes back that it wasn't able to change my password and to try again later.

    What it's supposed to do is access a wordlist file I have on my server, pick a random word between 6 and 13 chars and then add on a random number of 3 digits on the end of that (passwords can only be between 6-16 chars.)

    Here's the code I used in my function to generate a new password ($new_password):
    PHP Code:
    function reset_password($username) {
            
    // Set password for username to a random value
            // Return the new password or false on failure
            
            // Get a random dictionary word between 6-13 characters in length
            
    $new_password get_random_word(613);
            
            if (
    $new_password == false)
                return 
    false;
            
            
    // Add a number between 0 and 999 to it to make it a slightly better password
            
    srand ((double) microtime() * 1000000);
            
    $rand_number rand(0999);
            
    $new_password .= $rand_number;
            
            
    // Set user's password to this in database or return false
            
    if (!($conn db_connect()))
                return 
    false;
            
    $result mysql_query("update user 
                                   set password = password('
    $new_password')
                                   where username = '
    $username'");
            if (!
    $result)
                return 
    false;  // Not changed
            
    else
                return 
    $new_password;  // Changed successfully
        

    Here is the code for getting a random word. It utilizes a text file of words I have in the dict\words folder in my wwwroot.

    PHP Code:
    function get_random_word() {
            
            
    // Grab a random word from dictionary between the two lengths and return it
            
            // Generate a random word
            
    $word '';
            
            
    // Remember to change this path to suit your system
            
    $dictionary '\dict\words\english.txt'// The ispell dictionary
            
    $fp fopen($dictionary'r');
            if (!
    $fp)
                return 
    false;
            
    $size filesize($dictionary);
            
            
    // Go to a random location in the dictionary
            
    srand ((double) microtime() * 1000000);
            
    $rand_location rand(0$size);
            
    fseek($fp$rand_location);
            
            
    // Get the next whole word of the right length in the file
            
    while (strlen($word) < $min_length || strlen($word) > $max_length || strstr($word"'")) {
                if (
    feof($fp))
                    
    fseek($fp0);  // If at end, go to start
                
    $word fgets($fp80);  // Skip first word as it could be partial
                
    $word fgets($fp80);  // The potential password
            
    };
            
            
    $word trim($word);  // Trim the trailing \n from fgets
            
    return $word;
        } 
    Here's my actual forgotten password php page (forgot_password.php)
    PHP Code:
    <?php

        
    require_once('bookmark_fns.php');
        
        
    do_html_header("Resetting Password");
        
        
    // Creating short variable name
        
    $username $_POST['username'];
        
        if (
    $password reset_password($username)) {
            if (
    notify_password($username$password))
                echo 
    'Your new password has been sent to your e-mail address.';
            else
                echo 
    'Your password could not be mailed to you.  Try pressing refresh.';
        }
        else
            echo 
    'Your password could not be reset - please try again later.';
            
            
    do_html_url('login.php''Login');
            
            
    do_html_footer();
            
    ?>
    Notice in the part of the first if, where if ($password = reset_password($username))...that's where it's hanging I think because it's not even getting to the notify part which is e-mailing which will probably shoot more errors at me. Anyways, to get to that point, I need to get this fixed first. Also, I'm getting an error in my browser that says:

    Warning: fopen(\dict\words\english.txt): failed to open stream: No such file or directory in c:\inetpub\wwwroot\user_auth_fns.php on line 130
    Your password could not be reset - please try again later.
    Login
    ...when my file path is \dict\words\english.txt. However, when I put my filepath as .\dict\words\english.txt, it doesn't come up w/ that error. Something else on my plate I can't seem to understand.

    Can anyone makes heads or tails with this? I've tried searching for the last 2 hours to no avail...figured someone w/ fresh eyes can notice something I'm not.

    Ian
    "It's way better to have 100 idiot clients than to have one idiot boss."

  2. #2
    SitePoint Wizard Lats's Avatar
    Join Date
    Jun 2003
    Location
    Melbourne, AU
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As you're having trouble getting a new password from your dictionary, you could try creating a random password with something like...
    PHP Code:
    $new_password  substr(md5(time()),0,6); 
    Harder to crack than a dictionary word too
    Lats...

  3. #3
    SitePoint Enthusiast MadDog31's Avatar
    Join Date
    Nov 2003
    Location
    Wilmington, NC
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry for the noob question, but does that string alone create a random password that can be changed and sent out? If so, I'll just drop the dictionary idea as it would work quicker and be less of a headache...

    Ian
    "It's way better to have 100 idiot clients than to have one idiot boss."

  4. #4
    SitePoint Wizard Lats's Avatar
    Join Date
    Jun 2003
    Location
    Melbourne, AU
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, it generates something like 87bfdf, or if you change the 6 to a 10, it will generate something like 63e38796da.
    Lats...

  5. #5
    SitePoint Zealot
    Join Date
    Jan 2004
    Location
    vta,ca,usa
    Posts
    180
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your problem is in the path you've defined for the file.
    PHP Code:
    $dictionary '\dict\words\english.txt'// The ispell dictionary 
    Since fopen() is a filesystem function, it's looking for the file on the filesystem, not relative to the http document root. So in essence, it's looking for a path like c:\dict\words\english.txt. I assume your path is something more like c:\inetpub\wwwroot\dict\words\english.txt. When defining the path, either use a path relative to the current script, or an absolute filesystem path.


    As to the post Lats made -
    Sorry for the noob question, but does that string alone create a random password that can be changed and sent out?
    Did you try it? Does it create a random password?

  6. #6
    SitePoint Enthusiast MadDog31's Avatar
    Join Date
    Nov 2003
    Location
    Wilmington, NC
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have not tried that yet, I'm packing up the system for the evening...however I like the idea of the md5 hash anyways b/c it's a bit more secure. I'll update this thread tomorrow.

    Also, thanks for the path tip...I tried the c:\ but left out the inetpub\wwwroot accidently. Thanks for your assistance!

    Updates tomorrow!
    Ian
    "It's way better to have 100 idiot clients than to have one idiot boss."

  7. #7
    SitePoint Enthusiast MadDog31's Avatar
    Join Date
    Nov 2003
    Location
    Wilmington, NC
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alrighty I promised an update, so here goes:

    Lats,

    Your md5 suggestion works perfectly. Not only does it reduce my total lines of code from what I had before (from what the book told me to have before) to just that single line that's much more secure. Also with that, I can eliminate the random word function I had in there AND I can eliminate thie sizable text file I have on my server b/c I won't need that anymore. So in short, thanks for the suggestion! I like how the book tries to show you how to use other functions, but the tutorial parts of this book are done, now it's in project mode. I'm much happier w/ the slimmer code.

    bdl...thanks for your suggestion also, however I didn't even try to switch that around in the example I had before since the md5 worked. However, I'm going to keep that in mind for when I really do need to start using fopen for certain reasons. Thanks a bunch.

    I was getting mail problems, mainly because I don't have SMTP set up on my server...however to at least test my code...I found this following thread which helped me use my ISPs SMTP and my e-mail address for testing purposes. Everything works like a charm.

    The thread:
    http://www.sitepoint.com/forums/showthread.php?t=122841

    I hope this can help someone else that's in need of this type of info.

    Ian
    "It's way better to have 100 idiot clients than to have one idiot boss."

  8. #8
    SitePoint Wizard Lats's Avatar
    Join Date
    Jun 2003
    Location
    Melbourne, AU
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm glad to hear that it's all working for you - well done.
    Lats...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •