Email Password after user answers a personal question.

Forgotten Password Page
Have User answer Question and E-mail Password

Overview: This tutorial will go over all the steps to set up a single page that will ask for a User Name, ask them their password reminder question, Then E-mail them their password when/if they answer the question correctly. This is a fairly easy process if your willing to use 3 or 4 pages to do it. However, if you want it all set up on one page, the following tutorial will show you the way.

We will set up a form with All of the elements we will needed throughout the entire process as we will be doing this all on one page. Then, we will use Show Regions and a little hand coding to show and hide the different parts of the page as needed. Lastly, we set up a validation script that will send them their password via E-Mail if/when they enter the correct answer to their question.

Step 1: is to lay out your page. Include all of the elements that you will need to use throughout the entire validation as laid out below. Include a form for the 2 Textboxes and the submit and reset buttons. Ignore all of the shows and ASP's, we will go through them line by line later. I've named this page "userremind.asp"

The Form elements need to be set up as follows:
Form method = post
Form Action = userremind.asp (submits back to itself)
Textbox1 name = username
Textbox2 name = answer

Step 2: is to set up a simple recordset query.
Set the recordset to filter username =URL Paramater = username.

After setting up the recordset, insert the question field onto your page after Your Question.
Your Question: {recordset.question}

Step 3: Now we will use the standard UD behaviors to Hide different parts of the page until we need them. We will be using the "Show Region" behavior from your Server Behaviors window.
3.1 Select your "User Name Not On File, Please Reenter!" and apply a "Show Region if recordset IS empty. When they click on submit, if their username is not in the database, the recordset will be empty, and we will show this line to tell them their username is not in the database.

3.2 Select the entire region from "Your question" to the end of "Wrong answer, please try again" and apply a "Show Region if recordset IS NOT empty" This will prevent the entire question and answer section from being visable until they have entered a valid username. It also keeps us from getting an error from trying to display their question when the recordset is empty.

Step 4: We will add some code so that the page remembers their answers every time they click submit. We will be working with the properties window.
4.1 Select the "username" text box, and enter <% = Request.QueryString("username") %> into the Initial value field.
4.2 Select the "password" text box, and enter <% = Request.QueryString("password") %> into the Initial value field.
This will fill the text boxes with their previous entry on each submit of the page.

Step 5. If your connection is set up correctly, you should be able to preview the page now. Enter User Name and see the page show the question. However, you will notice 3 problems with the page as it stands. The "User Name not on file, please reenter" shows up on their first visit to the page before they have had a chance to enter a User Name, and, the "Sorry, Wrong answer. Please try again" shows up before they have had a chance to enter a answer. For this we need to enter a little hand coding to hide these. And the message saying their E-mail has been sent is on the screen. As hiding this section includes a little code that is generated when the E-mail is sent, we will leave this on the page until last.

5.1 Switch to your code inspector. and find the following code then add the hand code. Blue = existing code, Red = hand code. On their first visit to the page, QueryString("username") is empty, so this code will hide this region until they have entered a username and submited the form.
<% If Recordset1.EOF And Recordset1.BOF Then %>
<%if (Request.QueryString("username") <> "") then %>
<b><font color="#FF0000"> Username Not On File, Please Re-enter:</font></b>
<% End If %>
<% End If ' end Recordset1.EOF And Recordset1.BOF %>

5.2 Now find the following code. Then hand code the red code again, the existing code is in blue. The QueryString("password") is empty until they have attempted to answer the question, so this code will hide this region until they have entered an answer and submitted the form. It also checks to see if the answer they have entered is correct, and will show the region if the answer is wrong.
<% If Not Recordset1.EOF Or Not Recordset1.BOF Then %>
<b>Your Question:</b><%=(Recordset1.Fields.Item("question").Value)%> <br>
<b>Answer:</b>
<input type="text" name="answer" value="<% = Request.QueryString("answer") %>">
<br>
<% If (Request.QueryString("answer") <> Recordset1.Fields.Item("answer").Value) AND (Request.QueryString("answer") <> "") Then %>
<b> <font color="#FF0000">Sorry, Wrong answer, Please try again!</font> </b><br>
<% End If %>
<% End If ' end Not Recordset1.EOF Or NOT Recordset1.BOF %>
Test your page again, and if everything is coded properly, the errors will only show up if you enter an invalid username, or invalid password. So far so good, but, After you enter a valid username and password, the page doesnt do anything but keep submitting back to itself. And, that message saying the E-mail has been sent is still on the page all the time. On to step 6.

Step 6: They have entered a valid username, and it brings up their question, they enter a valid answer, so, we need add the code that sends them their E-mail with their password. I entered the last little bit of hand coding to validate their answer and execute the mail code if the answer is right: I use Jmail as this is the mail program my server supports, so, the code below is done with Jmail. Obviously, any of the mail programs will work, just make sure the "execute" command of the mail program is inside of the validations. Because the mail script has to be placed precisely in the code, if you use an extension to generate your E-mail code, I recomend opening a new page, use the extension and generate the code, then copy paste it into this page. Blue = script already on page. Red = hand code. Purple = Mail Script. Note: the var_done I use to hide the "submit" button after the email has been sent so they dont keep clicking submit and sending emails and finally, it is also used to Hide the "your email has been sent" until after the E-mail has been sent.

<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="../Connections/connection.asp" -->
<%
Dim Recordset1__MMColParam
Recordset1__MMColParam = "1"
if (Request.QueryString("username") <> "") then Recordset1__MMColParam = Request.QueryString("username")
%>
<%
set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_connection_STRING
Recordset1.Source = "SELECT * FROM users WHERE username = '" + Replace(Recordset1__MMColParam, "'", "''") + "'"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 3
Recordset1.Open()
Recordset1_numRows = 0

Dim var_done
var_done = "0"
If Not Recordset1.EOF Or Not Recordset1.BOF Then
If (Request.QueryString("answer") <> "") AND ( Request.QueryString("answer") = Recordset1.Fields.Item("answer").Value) Then
Set JMail = Server.CreateObject("JMail.SMTPMail")
JMail.ServerAddress = "mail.yourserver.com:25"
JMail.Sender = "you@yourserver.com"
JMail.Subject = "Your Username and Password"

JMail.AddRecipient (Recordset1.Fields.Item("email").Value)

JMail.Body = "Your user information is below as requeste:." & vbCrLf & vbCrLf
JMail.Body = JMail.Body & "User Name : " &(Recordset1.Fields.Item("email").Value) & vbCrLf
JMail.Body = JMail.Body & "Password : " &(Recordset1.Fields.Item("email").Value) & vbCrLf
JMail.Body = JMail.Body & "You may now use these to log on."

JMail.Priority = 3
JMail.AddHeader "Originating-IP", Request.ServerVariables("REMOTE_ADDR")
JMail.Execute
var_done = "1"
End If
End If
%>

Step 6: 2 final finishing bits of codes. We want to display the message "your E-mail has been sent" after it is sent. Also, I like to hide the submit buttons after it is done to prevent them from re-submitting and sending themselves multiple emails.
6.1 The Button. Find the following code for your submit button, and add the script in red.
<% If var_done <> "1" Then %>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="reset" value="Reset">
<% End If %>
6.2 The Email has been sent message. Find the message in your code, and add the script in red.
<% If var_done = "1" Then %>
<b><font color="#990099"><br>
Your Username and password has been sent to the E=mail on file.<br>
Please check your E-mail and then go to the log on page</font></b>
<% End If %>

See the Page Working
Download the zip file with the working pages and database

Thats it, if you have any questions, please email me at mike@jdmlt.com

Editors Notes:

#1. In a final working version, I used Yaromats form validation to ensure that they enter a username and dont just leave the field blank. It doesnt hurt it to leave the fields blank, but, its always good to "validate a form"

2.I am now working to include a code that will prevent them from just typing in an answer after answer after answer forever. 3 tries and if they dont get it right... Ill send them to another page.