Need a "canned" password/logon script

[rscott7706]

Hi all, I have a MYSQL database for a an organization, with Name, Company, logon name, password and email.

The organization does not want new user validation, they will assign a logon name and password when someone joins.

What we do need is a script that would allow them, armed with their Name, Company Name and email, to either change their password, or retrieve if forgotton.

This is a little different then most scripts out there that have a whole user validation process up front.

Does any one know of a free or low-cost routine out there?

[.josh]

umm, just look for virtually any login script and remove the register linkie?

[rscott7706]

[!--quoteo(post=375408:date=May 19 2006, 05:54 PM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ May 19 2006, 05:54 PM) [snapback]375408[/snapback][/div][div class=\'quotemain\'][!--quotec--]
umm, just look for virtually any login script and remove the register linkie?
[/quote]

I hear you, but I did not explain my main issue - the users of this site are at best computer illiterate.

I would like a script that will "recover' the password, not send an new crytic looking one.
All of the routines I seen so far only allow a "new" password to be sent, I need to recover the original.

I know security is lower in this scenario, but not a hugh issue.

[alpine]

okay, i'll help you out on the password bit and you can work with this making your own update info form using the mysql --> UPDATE users set name='$name', company='$company' where id='$id' <-- etc
Come back for spesific help on this when you are working on it.

Work with this to retrieve password (assume the stored password is stored without encryption):
[code]
<?php

$show_pass_form = 1;

if(isset($_POST['change']))
{
if(!empty($_POST['cname']) OR !empty($_POST['uname']) OR !empty($_POST['umail']))
{
foreach( $_POST as $key => $value )
{
${$key} = htmlspecialchars($value);
}
// change table info to your own
$sql = mysql_query("select password from table_users where email = '$umail' and name = '$uname' and company = '$cname'") or die(mysql_error());

if(mysql_num_rows($sql)<>1)
{
  print "Sorry, no unique user found with your provided information <br />";
}
else
{
$row = mysql_fetch_array($sql);
$pass = $row["password"]; // col name in db storing the password

  print "Your password is: $pass <br />";
// or preferred is to email it, remove the line above this printing out the password
$send_it = mail($umail,"Your password","Your password is: $pass","From: Secret site <[email protected]>");
if($send_it)
{
  print "Your password is sendt to $umail";
}
else
{
  print "Password was NOT sendt as the email procedure failed...";
}

// now we dont need to show the form again
$show_pass_form = 0;
}
}
else
{
  print "All fields needs to be filled in... <br />";
}
}

if($show_pass_form == 1)
{
echo <<<__HTML_END

<form action="this.php" method="post">

Company:<br />
<input type="text" name="cname" size="25" value="" />
<br />
Logon Name:<br />
<input type="text" name="uname" size="25" value="" />
<br />
Email:<br />
<input type="text" name="umail" size="25" value="" />
<br />
<br />
<input type="submit" name="forgot" value="Retrieve my password" />

</form>

__HTML_END;
}
?>
[/code]

[rscott7706]

[!--quoteo(post=375408:date=May 19 2006, 05:54 PM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ May 19 2006, 05:54 PM) [snapback]375408[/snapback][/div][div class=\'quotemain\'][!--quotec--]
umm, just look for virtually any login script and remove the register linkie?
[/quote]

I hear you, but I did not explain my main issue - the users of this site are at best computer illiterate.

I would like a script that will "recover' the password, not send an new crytic looking one.
All of the routines I seen so far only allow a "new" password to be sent, I need to recover the original.

I know security is lower in this scenario, but not a hugh issue.


Thanks alpine, I sure appreciate the help.

I can't get to it this morning, but will start working on it later today.

Please indulge me a little, I am still so new to this - and maybe a little dull in the cranium...

It looks like you have the users form and the php action script together here. Maybe I am way off, but on the bottom I see the form actions as "this.php" - wouldn't that be the code above saved as a separate file?

Or am I still not understanding all this? Gads - hate being a novice. I know just like everything else I will start picking this up, but PHP has been a slower curve for me.

[alpine]

just rename the form action to the same name as you choose on that file, example getpass.php - nothing is to be splitted up. Remember to correct the table and col names, + ofcourse you will need to include a connection to your mysql db.

[rscott7706]

[!--quoteo(post=375499:date=May 20 2006, 07:19 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ May 20 2006, 07:19 AM) [snapback]375499[/snapback][/div][div class=\'quotemain\'][!--quotec--]
just rename the form action to the same name as you choose on that file, example getpass.php - nothing is to be splitted up. Remember to correct the table and col names, + ofcourse you will need to include a connection to your mysql db.
[/quote]


Cool!! Thanks alpine!!