Forums

PHP

This topic is locked

Retrieve Password

Posted 24 Oct 2001 15:23:29
1
has voted
24 Oct 2001 15:23:29 Ryan Schwiebert posted:
Can anyone tell me how to allow users to retrieve a password by e-mail?

What I want to do is have them enter their e-mail address (which is the primary key for users in the MySQL database) in a form, press submit, and have their record sent by e-mail to that address. How can I do that?

Replies

Replied 24 Oct 2001 16:28:59
24 Oct 2001 16:28:59 Michael O'Neill replied:
I posted an example of my script to do just this at the link below, you will probably have to change it. Let me know if it helps.
Mike.

www.udzone.com/forum/topic.asp?TOPIC_ID=11408&FORUM_ID=67&CAT_ID=5&Topic_Title=Forgotton+Username+or+Password+Retrieval&Forum_Title=PHP

Replied 24 Oct 2001 19:52:22
24 Oct 2001 19:52:22 Ryan Schwiebert replied:
I have looked over your post. It is probably really good, My problem is that I am very new to php and have been using phakt for most of it. How would I use a query from phakt and tell it to do this? (below is my attempt at adapting this:

<?php
$rsForgot__MMColParam = "email_user";
if (isset($MM_EmptyValue))
{$rsForgot__MMColParam = $MM_EmptyValue;}
?><?php
$rsForgot=$connSignup->Execute("SELECT * FROM Registrants WHERE email_user = '" . ($rsForgot__MMColParam) . "'" or DIE($connSignup->ErrorMsg());
$rsForgot_numRows=0;
$rsForgot__totalRows=$rsForgot->RecordCount();
if ($num_results < 1)
{
$header = "No Such Username!"; //displays this if no username exists
}
else
{
$row = mysql_result($result, 0, "password"; //send password reminder
$row2 = mysql_result($result, 0, "email";
$toaddress = $row2;
$subject = "your subject";
$mailcontent = "Your password is ".$row;
$fromaddress = "from address";
$additional_headers = "From: from address";
mail($toaddress, $subject, $mailcontent,$additional_headers);
$header = "Your password has been sent to ".$row2;
}
?>

Also, How do I call the form? Sorry to be such a Newbie.

Replied 24 Oct 2001 23:16:22
24 Oct 2001 23:16:22 Michael O'Neill replied:
You are not alone, I am very new to php myself and I am not at all happy trying to meddle with the UD behaviours. I put my code in a different page called forgot.php and passed it the necessary variables eg. username. I just made the form post to forgot.php and put a redirect at the bottom of the script so that the user would be returned to the sending page.
It is maybe not the most refined solution but hey it works for me!. If this makes sense great, if not I would be happy to post the full script if you can make use of it.

Mike.

Replied 26 Oct 2001 15:00:08
26 Oct 2001 15:00:08 Ryan Schwiebert replied:
If you would post the script, that would be great. I think it would allow me to better understand the process. Thanks Mike!

When I get this all figured out, I think I might post a tutorial on logins, passwords etc. on this site. It would help a lot of people I think.

--Ryan



Edited by - ryans on 10/26/2001 15:01:48
Replied 26 Oct 2001 17:42:23
26 Oct 2001 17:42:23 Michael O'Neill replied:
Here is the code as promised. I included the database structure also. All you have to do to make this page work is save it as password2.php and change the MySql and From: email settings to your own settings. I use this script in all my sites which are built with PHAkt.
If I can make the function of any of the code any clearer please let me know.

Remember to remove this before saving the page!
# ---------- MySQL dump ----------
#
# Table structure for table 'myuser'
#
CREATE TABLE myuser (
username varchar(16) DEFAULT '' NOT NULL ,
password varchar(16) DEFAULT '' NOT NULL ,
PRIMARY KEY (username)
);

# ----------- Dump ends -----------


<?php
// CONNECT TO THE DATABASE CATCHING ERRORS IF THEY OCCUR
@ $db = mysql_pconnect("localhost", "dbname", "password";
if (!$db)
{
echo "ERROR: could not connect to the database at this time. Please try later.";
}


// IF THE USERNAME VARIABLE IS SET CHECK IT FOR DAMAGING CODE
// AND RELOAD THE PAGE SHOWING THE WARNING INVALID PASSWORD
if ($username)
{
$username = trim($username);
$username = strip_tags($username);
if(!ereg('^[a-zA-Z0-9]{6,12}$',$username))
{
header("Location: password2.php?warn=Invalid Password";
}

// SELECT THE APPROPRIATE DATABASE AND SEE IF THE USERNAME EXISTS
// RELOAD PAGE IF USERNAME DOES NOT EXIST AND SHOW WARNING
mysql_select_db("dbname";
$query = "SELECT * from myuser WHERE username = '$username'";
$result = mysql_query($query);
$num_results = mysql_num_rows($result);
if ($num_results < 1)
{
header("Location: password2.php?warn=User does not exist";
}
else
// IF USERNAME EXISTS GET PASSWORD & EMAIL ADDRESS
// FROM DATABASE AND MAIL PASSWORD TO THE REGISTERED EMAIL ADDRESS
{
$row = mysql_result($result, 0, "password";
$row2 = mysql_result($result, 0, "email";
$toaddress = $row2;
$subject = "Password Reminder";
$mailcontent = "Your password is ".$row;
$additional_headers = "From: your ";
mail($toaddress, $subject, $mailcontent,$additional_headers);
}
}
?>


<html>
<head>
<title>Remind Me</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<?php echo $warn ?>
<form name="form1" method="post" action="password2.php">
Enter Username
<input type="text" name="username">
<input type="submit" name="Submit" value="Get new Password">
</form>
</body>
</html>



Edited by - carphone on 10/26/2001 17:45:55
Replied 26 Oct 2001 18:01:06
26 Oct 2001 18:01:06 Michael O'Neill replied:
OOPS! forgot to read your first post.
If your primary key is an email address you will have to do away with or modify this part of the code. It only allows usernames containing letters and numbers, strips off html tags / spaces etc. for security, and makes sure usernames are between 6 and 12 digits long.

$username = trim($username);
$username = strip_tags($username);
if(!ereg('^[a-zA-Z0-9]{6,12}$',$username))
{
header("Location: password2.php?warn=Invalid Password";
}

Have fun
Mike.

Replied 31 Oct 2001 20:46:33
31 Oct 2001 20:46:33 Ryan Schwiebert replied:
Well, Im close, but this still does not work. I can see where you're going with this, and I know it should work. I think the problem is that I cant make the db connedtion this way: @ $db = mysql_pconnect("localhost", "dbname", "password"; I think this has to do with the way I installed PHP. I don't think I allowed for MySQL Variables. My connection to MySQL is through adodb. I'll just keep at it but thanks for the help.

Replied 01 Nov 2001 11:14:57
01 Nov 2001 11:14:57 chief monkey replied:

Folk's

It's bad practice to store plain text passwords in a database.
Mysql has a password function already,but if you wish to allow a user to retrieve his/her password then look at the mycrypt() functions which is a two way encryption method.
www.php.net/manual/en/function.mcrypt-encrypt.php

George


Everybody has got to be somewhere
Replied 01 Nov 2001 13:37:45
01 Nov 2001 13:37:45 Bruno Mairlot replied:
I completely agree with george statement.

Further, I'd suggest you not to resend the password, but instead, generate a new aleatory password, then eventually, store it in mysql, with PASSWORD() function or with any other crypt function (md5,...)

Bruno


--- Better to die trying, than never try at all ---
Replied 01 Nov 2001 14:50:16
01 Nov 2001 14:50:16 Michael O'Neill replied:
The guys are spot on about the password encryption, I intend to convert to this before the database goes live.

You can do without the @ and chenge pconnect to connect. Don't know if this will help but it is worth a try.
Mike.

Replied 01 Nov 2001 16:11:32
01 Nov 2001 16:11:32 Ryan Schwiebert replied:
I am planning on using the 'user authentication extras' extension to store passwords (or something similar). My site is not live yet either.

The truth is, I would first rather see this work. I am getting closer, but I still cannot properly query the database to to send anything by email. It simply wont make the query.

I have figured out how to make the adodb connection that's with:
include("./adodb/adodb.inc.php";
$db = NewADOConnection('mysql');
$db the actual connection

I'd be open to learning how to reset the password to something else and sending that to the user, but I dont know where to begin with that. Any hints?



Edited by - ryans on 11/01/2001 16:15:22
Replied 01 Nov 2001 20:29:48
01 Nov 2001 20:29:48 Ryan Schwiebert replied:
Eureka!! I got it, and it is everything I hoped it could be. I even changed the code to use the password() function to encrypt the passwords. I'll post the code if anyone would benefit from it. Let me know! Thanks to all of you for your suggestions!

Reply to this topic