SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    Non-Member
    Join Date
    Jul 2006
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    forgotten password

    PHP Code:
    <?php
    include("config.php");
    ?>
    <form method="post">


    Forgot your password?
    Email address<input type="text" name="email">
    <input type="submit" name="lostpass" value="Recover Password">
    <?php
    if(isset($_POST['lostpass'])) {
    $email $_POST['email'];

    $select mysql_query("SELECT * FROM users WHERE email='$email'") or die(mysql_error());
    $checkmail mysql_num_rows($select) or die(mysql_error());
    $query mysql_fetch_object($select) or die(mysql_error());

    if(empty(
    $email)) {
        echo 
    "<tr><td colspan='2'>You need to fill in an email</td></tr>";
    }elseif(!
    ereg("^[_a-zA-Z0-9-]+(\.[*@([a-zA-Z0-9-]+)*@([a-zA-Z0-9-]+\.)+([a-zA-Z]{2,4})$"$email)) {
        echo 
    "<tr><td colspan='2'>Your email has to be valid</td></tr>";
    }elseif(
    $checkmail == 0) {
        echo 
    "<tr><td colspan='2'>This email address was not found in our database</td></tr>";
    }else{

    $username $query->username;
    $password createcode($len
        { 
            
    $nps ""
            
    mt_srand ((double) microtime() * 1000000); 
            while (
    strlen($nps)<$len) { 
            
    $c chr(mt_rand (0,255)); 
            if (
    eregi("^[a-z0-9]$"$c)) $nps $nps.$c
            } 
            return (
    $nps); 
        } 

    $hash md5($password);

    mysql_query("UPDATE users SET password = '$hash' WHERE username = '$username'");

            
    mail($email"New Password""
    Hi 
    $username,
    Here is your password you requested
       
       Username: "
    .$username."
       Password: "
    .$password."
       
    "
    );

    echo 
    "<tr><td colspan='2'>Your new password has been send to you</td></tr>";

            }
        }
    ?>
    I have that - it doesn't work. It send the user an thats about it. it doesn't generate or update a new password in the mysql database. Can anyone either make it so it sends the users current password to the users email or can anyone generate a random password, update the mysql db and send it to the user?

  2. #2
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $password createcode($len
        { 
            
    $nps ""
            
    mt_srand ((double) microtime() * 1000000); 
            while (
    strlen($nps)<$len) { 
            
    $c chr(mt_rand (0,255)); 
            if (
    eregi("^[a-z0-9]$"$c)) $nps $nps.$c
            } 
            return (
    $nps); 
        }

        
    mail($email"New Password"
    Hi 
    $username
    Here is your password you requested 
        
       Username: "
    .$username.
       Password: "
    .$password.
        
    "
    );

    $hash md5($password); 

    mysql_query("UPDATE users SET password = '$hash' WHERE username = '$username'") or die(mysql_error()); 

    echo 
    "<tr><td colspan='2'>Your new password has been send to you</td></tr>"
    my mobile portal
    ghiris.ro

  3. #3
    Non-Member
    Join Date
    Jul 2006
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Parse error: syntax error, unexpected '{' in /home/ryan/public_html/forgotpword.php on line 74

    Line 74:

    PHP Code:
        

  4. #4
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok this works, I've tested
    PHP Code:
    <?php 
    include("opendb.php"); 
    ?> 
    <form method="post"> 


    Forgot your password? 
    Email address<input type="text" name="email"> 
    <input type="submit" name="lostpass" value="Recover Password"> 
    <?php 
    if(isset($_POST['lostpass'])) { 
    $email $_POST['email']; 

    $select mysql_query("SELECT * FROM users WHERE email='$email'") or die(mysql_error()); 
    $checkmail mysql_num_rows($select) or die(mysql_error()); 
    $query mysql_fetch_object($select) or die(mysql_error()); 

    if(empty(
    $email)) { 
        echo 
    "<tr><td colspan='2'>You need to fill in an email</td></tr>"
    }elseif(!
    ereg("^[_a-zA-Z0-9-]+(\.[*@([a-zA-Z0-9-]+)*@([a-zA-Z0-9-]+\.)+([a-zA-Z]{2,4})$"$email)) { 
        echo 
    "<tr><td colspan='2'>Your email has to be valid</td></tr>"
    }elseif(
    $checkmail == 0) { 
        echo 
    "<tr><td colspan='2'>This email address was not found in our database</td></tr>"
    }else{ 

    $username $query->username
    function 
    createcode($len=6
        { 
            
    $nps ""
            
    mt_srand ((double) microtime() * 1000000); 
            while (
    strlen($nps)<$len) { 
            
    $c chr(mt_rand (0,255)); 
            if (
    eregi("^[a-z0-9]$"$c)) $nps $nps.$c
            } 
            return (
    $nps); 
        } 
    $password createcode();
    $hash md5($password); 

     
    mysql_query("UPDATE users SET password = '$hash' WHERE username = '$username'"); 

            
    mail($email"New Password"
    Hi 
    $username
    Here is your password you requested 
        
       Username: "
    .$username.
       Password: "
    .$password.
        
    "
    );

    echo 
    "<tr><td colspan='2'>Your new password has been send to you</td></tr>"

            } 
        } 
    ?>
    my mobile portal
    ghiris.ro

  5. #5
    Non-Member
    Join Date
    Jul 2006
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yep, thats working. I've just realised that anyone can request the password if they know the email, and the email is displayed in users profiles.

    Would anyone be able to make it so, a user asks for their password to be resent. They get an email that they then have to open and then click a link to change their password. Then their password is re-sent to them, this way only the owner of the account can get the password changed.

    Thanks if anyone can do this for me!

    Thank you Ernie for what you have done so far too!

  6. #6
    SitePoint Addict caddyfixr's Avatar
    Join Date
    Aug 2004
    Location
    Albuquerque, NM
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What I do is send the password to the email address that belongs to that ID. Who cares if sombody knows the email address of the user. If they try to request it it will still go to the owner.

  7. #7
    Non-Member
    Join Date
    Jul 2006
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, but the problem with that is if all emails are public, anyone can type in an email and get the different password resent and then the original account owner will think his account has been hacked and I will get loads of emails about people getting a new password but not requesting it.

  8. #8
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by musicinterests
    Yes, but the problem with that is if all emails are public, anyone can type in an email and get the different password resent and then the original account owner will think his account has been hacked and I will get loads of emails about people getting a new password but not requesting it.
    You should explain in the message sent to a user that someone requested a new password, but their account is not hacked. Verifying the e-mail before new password is sent could be of course used for the sake of increased security, but I don't think it is necessary. Unless it's some top security site that you have there.
    Saul

  9. #9
    Non-Member
    Join Date
    Jul 2006
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess so, I'll record the IP of requests and this way I can ban any requesting that is not needed.

    EDIT: would anyone be able to write up a little script that emailed all the 'email's in my user's table?

  10. #10
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by musicinterests
    I guess so, I'll record the IP of requests and this way I can ban any requesting that is not needed.

    EDIT: would anyone be able to write up a little script that emailed all the 'email's in my user's table?
    Here's very basic script:

    PHP Code:
    $resource=mysql_query("SELECT email FROM users");
    while(
    $row=mysql_fetch_assoc($resource)) mail($row["email"],"Subject","Message"); 
    Saul


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •