Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder
    Join Date
    Sep 2008
    Posts
    702
    Thanks
    8
    Thanked 17 Times in 16 Posts

    Forgotten Password script - SIMPLE!

    I have coded this up.

    Its a simple reset password script, for account management scripts:

    PHP Code:
    <?php
    session_start
    ();  // Start Session
    session_register("session");
    // This is displayed if all the fields are not filled in
    $empty_fields_message "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
    // Convert to simple variables  
    $email_address $_POST['email_address'];
    if (!isset(
    $_POST['email_address'])) {
    ?>
    <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <label for="email_address">Email:</label>
        <input type="text" title="Please enter your email address" name="email_address" size="30"/>
        <input type="submit" value="Submit" class="submit-button"/>
    </form>

    <?php
    }
    elseif (empty(
    $email_address)) {
        echo 
    $empty_fields_message;
    }
    else {


    mysql_connect("localhost""DB_USER""DB_PASSWORD") or die(mysql_error());
    mysql_select_db("DB_NAME"
     or die(
    mysql_error());



    $email_address mysql_real_escape_string($email_address);
    $status "OK";
    $msg="";
    //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
    if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
    $msg="<p>Your email address is not in the correct format.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back"
    $status"NOTOK";}

    echo 
    "";
    if(
    $status=="OK"){  $query="SELECT email,username FROM admin WHERE admin.email = '$email_address'";
    $st=mysql_query($query);
    $recs=mysql_num_rows($st);
    $row=mysql_fetch_object($st);
    $em=$row->email_address;// email is stored to a variable
     
    if ($recs == 0) {  
    echo 
    "<p>Sorry your address is not there in our database. Please try again.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
    exit;
    }
    function 
    makeRandomPassword() { 
              
    $salt "abchefghjkmnpqrstuvwxyz0123456789"
              
    srand((double)microtime()*1000000);  
              
    $i 0
              while (
    $i <= 7) { 
                    
    $num rand() % 33
                    
    $tmp substr($salt$num1); 
                    
    $pass $pass $tmp
                    
    $i++; 
              } 
              return 
    $pass
        } 
        
    $random_password makeRandomPassword(); 
        
    $db_password md5($random_password); 
         
        
    $sql mysql_query("UPDATE admin SET password='$db_password'  
                    WHERE email='$email_address'"
    ); 
         
        
    $subject "Your New Password"
        
    $message "Hello, you have chosen to reset your password. 
         
        New Password: $random_password 
         
        http://www.yoursite.com/login
        Once logged in you can change your password 
         
        Thanks! 
        Site admin 
         
        This is an automated response, please do not reply!"

         
        
    mail($email_address$subject$message"From: yoursite.com Webmaster<admin@jyoursite.com>\n 
            X-Mailer: PHP/" 
    phpversion()); 
    echo 
    "<p>Your new password has been send! Please check your email!";
     } 
     else {echo 
    "$msg";}
    }
    ?>
    If your login doesn't use MD5 passwords then change this line:

    Code:
     $db_password = md5($random_password);
    to
    Code:
     $db_password = ($random_password);
    Very simple to use.

    --

    If you use this, I would be very pleased if you can click the Thank You button at the bottom right of this post.

    Thank You.
    MY MSN: Sith717@Hotmail.com
    PHP, HTML, and CSS Coding, Logo and Web Design - Professionally done.
    PM me anytime for HTML, PHP or web design help. I will be glad to help you out.

  • #2
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    So, any miscreant who happens by can mischievously reset the admins password ... and this deserves 'thanks'?

    And, you really shouldn't be coding forms that rely on javascript - not everybody browses with javascript enabled.
    John

  • #3
    Regular Coder
    Join Date
    Sep 2008
    Posts
    702
    Thanks
    8
    Thanked 17 Times in 16 Posts
    The password would be reset and sent to the administrators email.

    So other people will not be able to get it.

    There is no java script there, its something simple and not major.
    MY MSN: Sith717@Hotmail.com
    PHP, HTML, and CSS Coding, Logo and Web Design - Professionally done.
    PM me anytime for HTML, PHP or web design help. I will be glad to help you out.

  • #4
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    I didn't say the prankster would be able to get it, but nonetheless the admin's password has been reset. He won't be able to gain access until he reads his mail, and even then, he has to go in and reset his password even though he didn't request the change - causing him wasted, unnecessary effort.

    No javascript?
    Code:
    <a class=\"two\" href=\"javascript:history.go(-1)\">here</a>
    my bad, I guess.
    John

  • #5
    Regular Coder
    Join Date
    Sep 2008
    Posts
    702
    Thanks
    8
    Thanked 17 Times in 16 Posts
    Okay, also he doesnt have to reset his password since it was already reset, all he needs to do is check his email for his new password.

    Also, what should I add to make it prankster proof?
    Should I add a Username textbox?
    MY MSN: Sith717@Hotmail.com
    PHP, HTML, and CSS Coding, Logo and Web Design - Professionally done.
    PM me anytime for HTML, PHP or web design help. I will be glad to help you out.

  • #6
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    Quote Originally Posted by bucket View Post
    Okay, also he doesnt have to reset his password since it was already reset
    Correct - to a password not of his choosing.
    John

  • #7
    Regular Coder
    Join Date
    Sep 2008
    Posts
    702
    Thanks
    8
    Thanked 17 Times in 16 Posts
    Okay,
    Also, what should I add to make it prankster proof?
    Should I add a Username textbox?
    MY MSN: Sith717@Hotmail.com
    PHP, HTML, and CSS Coding, Logo and Web Design - Professionally done.
    PM me anytime for HTML, PHP or web design help. I will be glad to help you out.

  • #8
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    Requiring a username would add little to no security.

    One common method is to record the request, together with a secure, random token. You send an email that contains a link which includes the token. When the user clicks the link, you verify the token, generate the random password and email it to the user. As added security, you can require the user to change the generated password on their first visit.

    There are quite a few tutorials on the subject.
    John

  • #9
    Regular Coder seco's Avatar
    Join Date
    Nov 2008
    Location
    Oregon
    Posts
    687
    Thanks
    6
    Thanked 79 Times in 77 Posts
    Quote Originally Posted by PappaJohn View Post
    I didn't say the prankster would be able to get it, but nonetheless the admin's password has been reset. He won't be able to gain access until he reads his mail, and even then, he has to go in and reset his password even though he didn't request the change - causing him wasted, unnecessary effort.

    No javascript?
    Code:
    <a class=\"two\" href=\"javascript:history.go(-1)\">here</a>
    my bad, I guess.
    thats just a back button..

  • #10
    Regular Coder seco's Avatar
    Join Date
    Nov 2008
    Location
    Oregon
    Posts
    687
    Thanks
    6
    Thanked 79 Times in 77 Posts
    bucket, just add in a secret question and answer field.

  • #11
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    Wow, this is the most blatant plagiarism I've ever seen.

    Note this topic:
    Forgot Password

    Now scroll down:
    http://www.codingforums.com/showthre...088#post896088

    So bucket you ask if the script the the OP made is "fixed" then you ask the most simplest of questions. Are you seriously trying to pass yourself off as a php coder?

    Even the most novice php coder would look at this syntax and LAUGH

    PHP Code:
    $db_password = ($random_password); 
    PHP Code:
    $aString is_string((string)array()) ? true false// true :D 
    [/CENTER]

  • #12
    Regular Coder
    Join Date
    Sep 2008
    Posts
    702
    Thanks
    8
    Thanked 17 Times in 16 Posts
    Yep, I fixed it and changed a few things.
    MY MSN: Sith717@Hotmail.com
    PHP, HTML, and CSS Coding, Logo and Web Design - Professionally done.
    PM me anytime for HTML, PHP or web design help. I will be glad to help you out.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •