I have got a miny login section for a part of my site and some of those people that have logged in/registered cannot remeber their username or password. I know it is possible to have an email responder for those that have forgotten these details. For instance, on the login screen it will also state:

Forgot Password, Please Click Here.

Upon clicking here the user will be taken to another screen which states to enter email address. upon entering a valid email address then this will connect to the database for this email and pull out the username and password for that email and then send it to them. But i am confused to the coding to use as there are severall parts to this process:

1. validate email address
2. login script to database
3. check database for email address (what if the same one exists twice!!!)
4. pull out username and password for that email address
5. cdonts script to send this information to the retrieved email address.

Any help whatsoever would be appreciated.

at the moment i'm coding a similar system so i can give you my thoughts on it. (the code will become available in about a week)
i'll start from the top:
1. validate email address
It's impossible to really validate it. you can never be sure if it's a real adress, unles you send a mail to it. I don't mind if they insert a false adress, because i almost never use it. I create databasedriven app and they simply have to check on my site for messages (a valid email-accound (at hotmail etc) can be stopped by the user or provider on the next day, so why borher.)
I only check for the @ en . + the order in which they appear, but thats not waterproof of coarse

but if it's really important for you, check out this one
http://www.codingforums.com/showthread.php?s=&threadid=7741

2. login script to database
My advice : write it your own. Check the username and validate username and password against your database + register succesful or failed attemp in a session-variable + include a check on this session-variable on each page in your site (people that browse straight to a page they bookmarked or something will then be sent to login-page.

There's a lot to explain about securing a site, and there's a lot of info about it. Check out some of the threads in this forum and in the "other server sided ..."-forum. There are a lot of readymade scripts buth, my advice is ...

3. check database for email address (what if the same one exists twice!!!)
What i do is : before creating a new use-account, i check there registration-form and make a selectquery to find out if there are existing user-accounts with that username or there email-adress or there ICQ-number. If so : i display a message (stating that one of these criteria is allready present : don't be to specific and helpful there because people with bad intentions don't need to much help). So each person can only get one account (unless they start a new emailaccount and ICQ-registration.
if the recordset is empty, the registration continues.

So i prevent duplication at the registration-end (both in my db (variable is indexed(no duplicates)) and in my script.

4. pull out username and password for that email address
this is the easiest : just run a selectquery on your database using the emailadres as a condition.

I only proces request that were send from the email adress they inserted on there registration (or that they modifyed within my apps) and only send information to that adress. If they lose this account and forget username/pasword, then that's just to bad for them.

5. cdonts script to send this information to the retrieved email address.

you'd be able to find a lot of info about this topic on these fora.
i don't use it so i can't tell you a lott about it.


Don't know if this helps you a lot further, buth it's a pretty wide problem to solve here.

In response to ur previous query, i basically know how to do parts 1 and 2. Your suggestion for part 3 - on validating the email at registration is a good idea as i only do this for my username at the moment (but will apply it to the email section). So i could basically do a select query searching for the email address that the user has entered, return the username and password for that email address....and then bang it into a cdonts script to send it to the user. Thanks for your suggestions they have helped.

1. validate email address
2. login script to database
3. check database for email address (what if the same one exists twice!!!)
4. pull out username and password for that email address
5. cdonts script to send this information to the retrieved email address.

your welcome. good luck with your site

(good databasedesign and verry strict control of entered data make it real easy to keep everything running. "There is no sollution because there is no problem." buth if you neglect them, they surely create problems further down the road.)

That sounds like exactly the right order. raf, thanks for referencing that post, I'm glad to see some people paying attention! :)

You know that email addresses can't really be validated unless you require that someone answers your email and then you KNOW it really exists.

That's probably the best way to validate an email address, since anyone can fool ANY email matchin regular expression by entering their next door neighbor's email address. ;)

I try whammy, i really do. Although my boss probably won't thing I'm really paying attention :D

To conclude the email-business (for my part, that is) : i think emails are highly overrated as a way to automatically exchange information.

I like to deal with these 'message' by incorpariting a messagesystem into my apps. If they wan't to see there messages, they have to return to my app (i they don't do this spontaniously, then my app just isn't hot/sexy/usefull enough)

Take this forum for instance : i take a peak a few times a day, and i'd be better served if there is some kind of welcomingpage for me whitch tell's me what threads (i subscribed to) were changed since my last login, than a bunch of emails. i never check out the emailmessages to see what threads were changed.
(+ email acounts can change quickly)

I believe that if this emailtraffic can/should be reduced immensly + that this would free up quite some resources ...

Buth hey, lets not get to serious and launch another sattelite and buy some more servers. ..