Jump to content

Password Retrieval

elmas156

By elmas156
in PHP Coding Help

Recommended Posts

elmas156 Regular Member

elmas156

Posted
Posted

Hello everyone,

 

I've developed a password retrieval page so if someone forgets their password it will be sent to them in an email.  I have everything working except for one thing.  When the user signs up their password is sent to the database encrypted using md5 so when their password is retrieved from the database and emailed to them, it is still encrypted.  Is there a way to "un-encrypt" the password before sending it to the user in an email?

Here is what I have so far:

<?php
include("conf.inc.php"); // Includes the db and form info.
session_start(); // Starts the session.
$email=$_SESSION['email'];
if (!isset($_POST['getpword'])) { // If the getpword form has not been submitted.

	$result = mysql_query("SELECT fname,question,pword FROM users WHERE email = '$email'");
	$row = mysql_fetch_row($result);
	echo $row[1];
	echo "<p><form action=\"pwordhelp2.php\" method=\"POST\"></p>";
	echo "<input name=\"answer\" type=\"text\" id=\"answer\" size=\"37\" maxlength=\"50\">";
	echo "<input name=\"getpword\" type=\"submit\" value=\"Get my password.\">";

} else { // The getpword form has been submitted

	$answer = form($_POST['answer']);

	$a = mysql_query("SELECT * FROM `users` WHERE answer = '$answer'") or die (mysql_error()); // mySQL Query
	$c = mysql_num_rows($a); // Checks to see if anything is in the db.

			if ($c > 0) { // If the answer is correct.

					$result2 = mysql_query("SELECT fname,pword FROM users WHERE email = '$email'");
					$inforow = mysql_fetch_row($result2);						
					$fname = "$inforow[0]";
					$pword = "$inforow[1]";		
					$to = "$email";
					$subject = "Alleyway Oil & Lube Password.";		
					$message = "<html>
					<body>
					Hello $fname,<p>
					Your login information is listed below.</p>
					Email Address/User ID: $email<br>
					Password: '$pword'<br> <br>
					<a href=\"http://www.alleywayoil.com\">Click Here to Login to Alleyway Oil $ Lube</a> 
					</body>
					</html>";

					// To send HTML mail, the Content-type header must be set
					$headers  = 'MIME-Version: 1.0' . "\r\n";
					$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

					// Additional headers

					$headers .= 'From: Alleyway Oil & Lube <[email protected]>' . "\r\n";

					// Mail it
					mail($to, $subject, $message, $headers);

					echo "Thank you $fname, your password has been emailed to you.";
					echo "<br><a href=\"index.php\">Click here to login.</a>";
					session_destroy(); // Destroys the session.
					exit(); // Stops the rest of the script.
			} else {

					echo $row[1];
					echo "<font color=\"#FF0000\">That is not the answer you provided<br>";
					echo "when you signed up. Please try again.</font>";
					echo "<p><form action=\"pwordhelp2.php\" method=\"POST\"></p>";
					echo "<input name=\"answer\" type=\"text\" id=\"answer\" size=\"37\" maxlength=\"50\">";
					echo "<input name=\"getpword\" type=\"submit\" value=\"Get my password.\">";

			}			
}
?>

Thanks for any help that you can provide.

Link to comment
https://forums.phpfreaks.com/topic/121255-password-retrieval/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.