SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    tn
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    forgotten password

    I've done an aweful lot of searching around these forums and reading all the threads on forgotten passwords.

    There seems to be several different ways to do it, and there's only one way that I'm comfortable with and seems abuse-proof. And that is this method:

    Click "forgot password?" link.
    Fill in your username and and email.
    Username and email are cross checked and if they match:
    Email is sent with a link to click.
    If not clicked, no change
    If clicked, you are asked for the new password (twice).
    New password is encrypted and all is well.

    The problem with this is, well to be realistic, I'm pretty darn new to this and have no clue where to start. I have the page made asking for the username and email. I'm sure I can handle the cross checking, that's just doing a query and telling it to look for the email in row (whatever username they put in) and if it matches the email they put in, then go on, right?

    Next is where I'll get lost. How do I have it email a random link to give them the option to basically 'update' their password? I imagine I need to add a new column in my table to begin with.. but..

    Is anyone already using this particular way already?

  2. #2
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $mailret $_POST["mailret"];
    $ret mysql_query("SELECT * FROM adm_user WHERE email = '$mailret'");
    $row mysql_fetch_row($ret);
    $username $row['1'];
    $name $row['3'];
    function 
    randname($name) {
    $str .= substr(md5(rand($name)), 07);
    return 
    $str;
    }
    function 
    randusername($username) {
    $str .= substr(md5(rand($username)), 07);
    return 
    $str;
    }
    $key randname();
    $key2 randusername();
    $headers "MIME-Version: 1.0\r\n";
    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
    $headers .= "To: ".$mailret."\r\n";
    $headers .= "From: me <me@you.net>\r\n";
    $message "New username and password for ".$row['3']." ".$row['4']."<br>";
    $message .= "Username:&nbsp;".$key2."<br>";
    $message .= "Password:&nbsp;".$key;
    $subject "New password";
    mail($mailret$subject$message$headers);
    $newpass md5(randname());
    $newuser randusername();
    if(
    $mailret == $row['2']) {
    mysql_free_result($ret);
    if(!empty(
    $_POST["mailret"])) {
    $ret mysql_query("UPDATE adm_user SET username = '$newuser', password = '$newpass' WHERE email = '$mailret'");
    echo 
    "Success!";
    } else {
    echo 
    "The field is empty! Go back";
    }
    } else {
    echo 
    "The email is invalid! Go back";

    cheers
    Last edited by reminder; Nov 26, 2004 at 19:43.

  3. #3
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    tn
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the reply reminder

    Not sure what exactly that is, or how much of the process that covers. But I've only looked over it a couple times.

    Does that randomly generate a new password AND a new username?

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this module cover all the process

  5. #5
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    tn
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not sure but that doesn't appear to be what I need. That looks like it generates a random password and a random username?

    I just want it to ask for your username and email, if the info is correct, for it to email you a link you click, that then lets you choose your own new password.

    hmm..

  6. #6
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i dont suggest this couse there can be easy hacks

  7. #7
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    tn
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There can? That seems foolproof..

    It emails to the registered email addy, and gives the user the option to change it. Unless someone has access to their email account, I don't see how it can be tampered with?

    Dernit!

  8. #8
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so i see the link...then go to link...then with the email of my friend i enter....
    bad thing my friend

  9. #9
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    tn
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But it will just email him a link asking if he wants to change his password, and if so, click here.

    Unless you can get into his email account, only he can change his password.

  10. #10
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    someone can see it at the act of changing password!
    or if i know another who use your site i enter with his email.....
    end so on...end so on.....
    easy hacks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •