Emailing forgotten password with JMail, MS SQL and ASP

anessa05 · 02-22-2006, 08:32 PM

Hello,
I'm trying to create a simple form that someone who has forgotten their password can enter their email address and, if the email matches the db, email them their password. I cannot find an example for doing this with JMail. I'm using ASP and a MS SQL database. The 'employers' db has the fields 'email' and 'pw'. I'm a newbie, so an example would be most helpful. Any assistance would be very much appreciated. Below is my trainwreck of code...

Code:

<!-- FORM PAGE -->
<form method="POST" action="sendpassword.asp">
E-mail Address:<input type="text" name="email" size="30"> 
<p><input type="submit" value="Send it"></p> 
</form>
<!-- END FORM PAGE -->

<!-- FORM ACTION PAGE -->
<%@ LANGUAGE="VBSCRIPT" %>
<!-- DATABASE CONNECTION INCLUDE -->
<!-- #include file="db.inc" -->
<html>
<%
If (Request.Form("email") = "") Then
	"SELECT * FROM Employers WHERE email = '" & email & "'"
%>

<head>
<title>Send Password</title>
</head>
<body>
<%
'checks if email address exists in the database before sending a message.
If objrs.EOF then
%>
<table border="0" cellPadding="0" cellSpacing="1" width="540">
<tr>
<td bgcolor="#FF0000"><font color="#FFFFFF"><b>Invalid Email Address</b></font></td>
</tr>
</table>
<p><span>We could not find</span><span> <%=email%></span> 
<span> in our database.</span></p>
<% Else %>

<%
'sets variables
email = request.form("email")
'chooses email/username and password from database that correspond to submitted email address.
pass = objrs.Fields("pw")

Set JMail = Server.CreateObject("JMail.SMTPMail") 
JMail.ServerAddress = "SERVER ADDRESS REMOVED FOR FORUM POST"
JMail.Sender = "SENDER ADDRESS REMOVED FOR FORUM POST" 
JMail.Subject = "Your Password"
JMail.AddRecipient = email
JMail.Body = "Your user name and password are below as requested:" & vbCrLf
JMail.Body = JMail.Body & "Per your request your account login information is: " & vbCrlf & vbCrlf _
& "Password=" & pw & vbCrlf
JMail.Body = JMail.Body & "You may now use these to log on"
JMail.Priority = 3
JMail.Execute
%>

<p>We just sent your login information to <%=email%>.<br>
You should receive it shortly.</p>
<%
' Close Data Access Objects and free connection variables
objDC.Close
Set objRS = Nothing
Set objDC = Nothing
%>
<%end if%>
</html>

MetalStorm · 02-22-2006, 10:55 PM

Looks like you're heading in the right direction.

This is the password retreival script I use on one of my sites. It actually generates a new password rather than emailing them their old one.

There are several functions I'm using such as sendMail and randomPassword which live in the functions include, as well as the database stuff which is a class. But if you ignore that you should be able to see what's going on.

Hope this helps:

Code:

<% page = "Password Retrieval" %>
<!-- #include file="includes/inc_database.asp" -->
<!-- #include file="includes/inc_functions.asp" -->
<!-- #include file="includes/inc_html_top.asp" -->
             <h1>Retrieve Password</h1>
<%	If len(Request.cookies("request")) > 0 Then %>
             <h2>Retrieval Failed.</h2>
             <p>You have already had one successful retrieval request in the last 24 hours.</p>
             <p>You cannot use the retrival system again until <%=Request.cookies("request")%>.</p>
<%
	ElseIf Request.ServerVariables("REQUEST_METHOD") = "POST" Then

		Dim db, username, newpass

		username = Request.form("username")
		email = Request.form("email")

		Set db = new Database
		db.query ("SELECT nick, email, password FROM members WHERE nick = '" & fixSql(username) & "'"), true

		If db.gotResult Then
			If lcase(email) = lcase(db.rs("email")) Then
				newpass = randomPassword  ' Generate a new password.
				db.rs("password") = SHA256(newpass)
				db.rs.Update

				Response.cookies("request") = dateAdd("d", 1, now)
				Response.Cookies("request").Expires = dateAdd("d", 1, now)
				sendMail lcase(email), "Guitar Channel - Password Request.", "" &_
					"Hello " & db.rs("nick") & "," & vbCrlf & "A new password was requested from the guitar channel website" &_
					" www.whatever.com" & vbCrlf & vbCrlf & "Your details are as follows:" & vbCrlf &_
					"Username: " & db.rs("nick") & vbCrlf & "Password: " & newpass & vbCrlf & vbCrlf &_
					"Remember you can change this password from your User Control Panel once you log in." & vbCrlf & vbCrlf &_
					"Thank You."
%>
             <h2>Your password request has been sent.</h2>
             <p>You should recieve an email shortly with your details.</p>
             <p>When you recieve your email you can then <a href="login.asp">login</a>.</p>
<%
			Else
%>
             <h2>Retrieval Failed.</h2>
             <p>Sorry, your email address was not found in the database.</p>
             <p>Ask an Operator in the <a href="irc.asp">IRC Channel</a> for further assistance.</p>
<%
			End If
		Else
%>
             <h2>Retrieval Failed.</h2>
             <p>Sorry, your username was not found in the database.</p>
             <p>Please <a href="retrieve.asp">try again</a>.</p>
<%
		Set db = Nothing
		End If
	Else

%>
             <p>
               If you entered your e-mail address when registering to this site, then you can have a new password
               sent to you via email.
             </p>
             <p>Simply just fill in the form below and press the submit button.</p>
             <form action="retrieve.asp" method="post" id="retrieve">
               <p>Username:<br /><input type="text" name="username" /></p>
               <p>E-Mail:<br /><input type="text" name="email" /></p>
               <p><input type="submit" value="  Submit  " /></p>
             <p class="center">Please note, you can only make one retrieval request per day.</p>
             </form>
<%	End If %>
<!-- #include file="includes/inc_html_bottom.asp" -->