SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Aug 2006
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question random password problem

    Hi there! I'm using a registration form and i have a problem.
    my form creates random password for users and sends it to their email.
    this part works perfectly. also this passwords enters my db.
    the problem is when user tries to login to my site it says the password is incorrect. i think there is something wrong with my random pass code. can any one help me out of this. thx.
    the code $newpass = substr (md5(time()),0,9);

  2. #2
    SitePoint Addict
    Join Date
    Jul 2006
    Location
    Kansas City, MO
    Posts
    280
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How are you storing $newpass in your database? How are you comparing the user submitted password versus what you store in the database?

  3. #3
    SitePoint Addict greg76's Avatar
    Join Date
    Aug 2004
    Location
    Poland
    Posts
    262
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you cannot use md5 while creating a password, cuz the user receives NOT a password, but already encrypted string.

    you need to create a random password, send it to user, and then use md5 on your login page, sth like:
    PHP Code:
    $sql mysql_query("select * from TABLE where email = '" $_POST['email'] . "' && pass = '" md5($_POST['password']) . "'") or die(mysql_error()); 
    currently what you have works like this:
    1. a random password is created, say 'abc123'
    2. it is immediately encrypted, say 'aDGdsdoeesde'
    3. user receives encrypted string, 'aDGdsdoeesde' which is NOT a password
    4. comparing (on login) fails, because the real password isn't 'aDGdsdoeesde', but 'abc123'.

    Cheers,
    Greg

  4. #4
    SitePoint Addict greg76's Avatar
    Join Date
    Aug 2004
    Location
    Poland
    Posts
    262
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    btw.

    here u have a function for random pass creation:
    PHP Code:
    function generatePassword($var) {
        
    $salt "98765432abcdefghjkmnrstuvxyzABCDEFGHJKMNPRSTUXY23456789";
        
    srand((double)microtime()*1000000);
        
    $i 0;
        
    $pass '';
        while (
    $i $var) {  // change for other length
            
    $num rand() % 33;
            
    $tmp substr($salt$num1);
            
    $pass $pass $tmp;
            
    $i++;
        }
        return 
    $pass;

    $var an be any number, you choose (I usually set it up for 6 characters)

  5. #5
    SitePoint Enthusiast
    Join Date
    Aug 2006
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks guys it was quick . I think i solve my problem using the random password creator script.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •