Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Password recovery

    Ok so I'm wondering, how would I set up a script to make a password recovery. I understand how to check if there is a email address that a person has submit into in the database, but how would I get the username and password so I could send it in a email. This is what I have so far:


    PHP Code:


    <?php
    require_once("mydb.php");

      if(isset(
    $_POST['submit']))
        
        {
         

        
    $query mysql_query("SELECT email FROM register WHERE email='{$_POST['email']}'") or die('Database error: ' .mysql_error());
        
        
        
    $check mysql_num_rows($query);
        
        if(
    $check 0)
        
        {

    So pretty much I get to the if statement that checks and sees if the there is a email address that the user has typed in, and then I get stuck. I know I need to use a mysql_query to get User Name and Password, but I don't know how I can select the User Name and Password for that account. If someone could guide me through this, it would be great.

    Thanks in advance,
    Jon W
    Last edited by Jon W; 01-08-2008 at 10:23 AM.

  • #2
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    This is what I came up so far:

    PHP Code:

    <?php

    require_once("mydb.php");

      if(isset(
    $_POST['submit']))
        
    {
        
    $query mysql_query("SELECT email FROM register WHERE email='{$_POST['email']}'") or die('Database error: ' .mysql_error());
        
        
        
    $check mysql_num_rows($query);
        
        if(
    $check 0)
        
        {
        
        
    $rows mysql_fetch_assoc($query);
        
        while(
    $rows mysql_fetch_array($check))
        
        {
        
        
    $header 'From: TopGameHQ' "\r\n"
        
    $subject 'Password Recovery';
        
    $message "Hello, this is your User Name and password that you requested.\r\n\r\n".$rows['username']."\r\n".$rows['password']."";
        
    mail($_POST['email'], $subject$message$header);
        
        }
        }
        
        else 
        
        {
        
        echo 
    'That email address is invalid.';
        
        }

    }
        
        
    ?>
    But this doesn't work. So I'm guessing I'm doing something wrong. Help would be nice.

    Thanks
    Jon W

  • #3
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    How are your tables set up? Are the email addresses in a separate table from the username and password?
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • #4
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Nope. They are all in the same table.

    CREATE TABLE `register` (
    `id` int(11) NOT NULL auto_increment,
    `ip` varchar(20) NOT NULL default '',
    `username` varchar(255) NOT NULL default '',
    `password` varchar(255) NOT NULL default '',
    `email` varchar(255) NOT NULL default '',
    `firstname` varchar(255) default '',
    `lastname` varchar(255) default '',
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM AUTO_INCREMENT=26 DEFAULT CHARSET=latin1;

    ~Jon W~

  • #5
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    PHP Code:
    $query mysql_query("SELECT username,password,email FROM register WHERE email='{$_POST['email']}'") or die('Database error: ' .mysql_error()); 
    Then why not just select the "username" and "password" instead of the email? You don't actually need to select the email address at all.

    You're also prone to SQL-injection if you're not sanitizing user input. ($_POST['email'])

    And do you plan to send out more than ONE email at a time? I see you're using a while loop.
    PHP Code:
        while($rows mysql_fetch_array($check)) //you sure you don't mean $query? 
    Last edited by StupidRalph; 01-08-2008 at 11:07 AM.
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • #6
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Nope. I just didn't know any other way to use mysql_fetch_array. I'm new at programing PHP so, I just thought using a while($rows = mysql_fetch_array($query)) was the only way to echo it out. So by looking at your post I've came down and figure out this so far.

    PHP Code:

    <?php

    include("db.php");

      if(isset(
    $_POST['submit']))
        
    {
        
    $query mysql_query("SELECT firstname, lastname, email FROM register WHERE email='".mysql_real_escape_string($_POST['email'])."'") or die('Database error: ' .mysql_error());
        
        
        
    $check mysql_num_rows($query);
        
        if(
    $check 0)
        
        {
        
        
    $header 'From: TopGameHQ' "\r\n"
        
    $subject 'Password Recovery';
        
    $message "Dear ".$query['username'].",\r\n\r\n This is your User Name and password that you requested.\r\n\r\n".$query['username']."\r\n".$query['password']."";
        
    mail($_POST['email'], $subject$message$header);
        
        }
        
        else
        
        {
        
        
    $msg 'This is a invalid Email. Please check your spelling and try again.';
        
        }
    }    
        
        
    ?>
    Now my only problem is that its not getting the Username and Password and sending it in the email. What do you suggest?

  • #7
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    Quote Originally Posted by Jon W View Post
    Nope. I just didn't know any other way to use mysql_fetch_array. I'm new at programing PHP so, I just thought using a while($rows = mysql_fetch_array($query)) was the only way to echo it out. So by looking at your post I've came down and figure out this so far.

    PHP Code:

    <?php

    include("db.php");

      if(isset(
    $_POST['submit']))
        
    {
        
    $query mysql_query("SELECT firstname, lastname, email FROM register WHERE email='".mysql_real_escape_string($_POST['email'])."'") or die('Database error: ' .mysql_error());
        
        
        
    $check mysql_num_rows($query);
        
        if(
    $check 0)
        
        {
        
        
    $header 'From: TopGameHQ' "\r\n"
        
    $subject 'Password Recovery';
        
    $message "Dear ".$query['username'].",\r\n\r\n This is your User Name and password that you requested.\r\n\r\n".$query['username']."\r\n".$query['password']."";
        
    mail($_POST['email'], $subject$message$header);
        
        }
        
        else
        
        {
        
        
    $msg 'This is a invalid Email. Please check your spelling and try again.';
        
        }
    }    
        
        
    ?>
    Now my only problem is that its not getting the Username and Password and sending it in the email. What do you suggest?
    You just have to add it to your SELECT query to also "select" the username and password.

    PHP Code:
    SELECT `this_field`, `that_field`,`another_fieldWHERE `this_field` = 'some criteria'// you need to select whatever fields you're going to end up using later on in your code... 
    You should also look into mysql_result(). For an alternate way to display results.
    PHP Code:
    list($firstname$lastname,$email) = mysql_fetch_row($query); //combining list() and mysql_fetch_row() is a quick way to store your database values into variables 
    Last edited by StupidRalph; 01-08-2008 at 11:41 AM.
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • Users who have thanked StupidRalph for this post:

    Jon W (01-08-2008)

  • #8
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    but how would I get the username and password so I could send it in a email.
    You should not even be able to get the password from the database. If you're storing it as cleartext you're not being secure.

    Store them as hashes (sha, etc.) and when a user forgot their password, create a new one.

    Sending their current password (if you are able to) is bad because if someone got access to their email, they could get passwords that work with other systems (users tend to use the same password).

  • Users who have thanked aedrin for this post:

    Jon W (01-08-2008)

  • #9
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    So should it more be like it sends a email to their inbox and then if they verify their email address allow them to change their password? If thats the case, how would I make a link that would verify their email?

  • #10
    Regular Coder
    Join Date
    Mar 2007
    Location
    Quebec
    Posts
    261
    Thanks
    6
    Thanked 7 Times in 7 Posts
    Have a key code randomly generated and store it in the database and then use it in the link.
    ex:
    Code:
    To confirm your email, please go here: www.example.com/confirm.php?key=8dfh65347hgs34
    Confirm.php would take the key from the URL and compare it to the database, and if its found, perform the appropriate action.

  • #11
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    How would I go about am making a random key code, and how would the users get it?

  • #12
    Regular Coder
    Join Date
    Mar 2007
    Location
    Quebec
    Posts
    261
    Thanks
    6
    Thanked 7 Times in 7 Posts
    Well I use rand() to generate a random number and then I hash it using MD5(). Perhaps not the best method but it works.
    ex:
    PHP Code:
    $key md5(rand()); 
    As for the users getting it, earlier you mentioned selecting their email and emailing them the info. Instead of their info, send the link.
    ex:
    PHP Code:
    $email $_POST[email];
    //check to see if email exists
    //sql / query...
    if($email exists...){
      
    $confirmUrl "http://www.site.com/confirm.php?key".$key;
      
    $message "To reset your password, click the following link: ".$confirmUrl;
    //now mail it all
      
    mail($email,"Password Recovery",$message);
    }
    //else give error... 
    Hope this helps. This may be a bit unclear as I'm posting this from my Wii. (labor intensive )

  • #13
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    uniqid().

    A suggested token from the manual:
    PHP Code:
    <?php
    // no prefix
    $token md5(uniqid());

    // better, difficult to guess
    $better_token md5(uniqid(rand(), true));
    ?>
    John

  • #14
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts
    I just found this code from another post on this forum, and I've started using it for my web app. I took out the lowercase L, the uppercase I, and the uppercase O, to reduce confusion. Hope it helps you too!

    PHP Code:
    function RandomString() { 
        
    $pass ''
        
    $chars = array( 
            
    '1','2','3','4','5','6','7','8','9','0'
            
    'a','A','b','B','c','C','d','D','e','E','f','F','g','G','h','H','i','j','J'
            
    'k','K','L','m','M','n','N','o','p','P','q','Q','r','R','s','S','t','T'
            
    'u','U','v','V','w','W','x','X','y','Y','z','Z'); 
        
        
    $count count($chars) - 1
        
        
    $microtime microtime()*1000000
        
    settype($microtime'float'); 
        
    srand($microtime);  
        
        for(
    $i 0$i 8$i++) {
            
    $pass .= $chars[rand(0$count)];
        }
        
        return(
    $pass); 


  • #15
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    A somewhat longer variation of JohnDubya's. This allows you to specify a random password length (between min/max constraints), minimum count of numeric characters, alphabetic characters, and optionally special chars.

    PHP Code:
    <?php
    function genPassword($min_len 7$max_len 7$min_numeric 2$min_alpha 2$min_special 0$allow_special false)
    {
        
    // init
        
    $numeric = array('1','2','3','4','5','6','7','8','9');
        
    $alphabetic = array('a','A','b','B','c','C','d','D','e','E','f','F','g','G','h','H','i','j','J'
            
    'k','K','L','m','M','n','N','o','p','P','q','Q','r','R','s','S','t','T'
            
    'u','U','v','V','w','W','x','X','y','Y','z','Z');
       
    $special = array('!''@''#''$''%''=');
       
    $password = array();
       
    $char_count 0;
       
       
       
    // get required numerics
       
    if ($min_numeric 0)
       {
            for(
    $i 1$i <= $min_numeric$i++)
            {
                
    $password[] = $numeric[rand(0count($numeric) - 1)];
                
    $char_count++;
            }
        }
        
        
        
    // get required alphabetics
        
    if ($min_alpha 0)
       {
            for(
    $i 1$i <= $min_alpha$i++)
            {
                
    $password[] = $alphabetic[rand(0count($alphabetic) - 1)];
                
    $char_count++;
            }
        }
        
        
        
    // get required specials
        
    if ($min_special 0)
       {
            for(
    $i 1$i <= $min_special$i++)
            {
                
    $password[] = $special[rand(0count($special) - 1)];
                
    $char_count++;
            }
        }
        
        
        
    // merge arrays
        
    $chars array_merge($numeric$alphabetic);
        if (
    $allow_special$chars array_merge($chars$special);
        
        
        
    // determine password length
        
    if (($min_numeric $min_alpha $min_special) > $max_len)
        {
            
    $pwd_len $min_numeric $min_alpha $min_special;
        }
        if (
    $min_len == $max_len)
        {
            
    $pwd_len $min_len;
        }
        else
        {
            
    $pwd_len rand($min_len$max_len);
        }
        
        
        
    // get remaining characters
        
    if ($pwd_len $char_count)
        {
            for(
    $i $char_count 1$i <= $pwd_len$i++)
            {
                
    $password[] = $chars[rand(0count($chars) - 1)];
            }
        }
        
        
        
    // shuffle password array
        
    shuffle($password);
        
        
    // done
        
    return implode(''$password);
    }
    ?>
    To specify a particular password length (ie: 7 chars) set $min_len & $max_len = to 7.
    John


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •