matt.sisto Posted April 23, 2009 Share Posted April 23, 2009 Hi all, I have used sha1 for encrypting a users password and I understand it is very difficult to decrypt it, therefore I am trying to give users the opportunity to reset their password when it has been forgotten. I have written the form, but I don't know how to compare stored data with form input. Any advice would be appreciated. Here is my code <?php require "dbconn2.php"; $email_address = mysql_real_escape_string ($_POST['email_address']); $y = mysql_real_escape_string ($_POST['year']); $m = mysql_real_escape_string ($_POST['month']); $d = mysql_real_escape_string ( $_POST['day']); $dob = $y."-".$m."-".$d." ".$_POST["dob"]; $sql = mysql_query("SELECT dob FROM client WHERE email_address = '$email_address'"); $DOB ='dob'; if ("'$DOB' = '$dob'"); { header("Location: resetpassword.php"); exit(); } else{ $url = "Location: register.php?error=true"; header($url); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Request Password</title> </head> <body> </body> </html> Thanks again for any help. Link to comment https://forums.phpfreaks.com/topic/155329-solved-user-authentication-reseting-a-password/ Share on other sites More sharing options...
Yesideez Posted April 23, 2009 Share Posted April 23, 2009 For a reset password have the user validate themselves by email. If you have a matching email in the database just email out a password reset link. If they click the link inside this email it resets their password AND emails them out what it was reset to. This way no passwords themselves are stored inside the database. Link to comment https://forums.phpfreaks.com/topic/155329-solved-user-authentication-reseting-a-password/#findComment-817207 Share on other sites More sharing options...
Yesideez Posted April 23, 2009 Share Posted April 23, 2009 If that wasn't their account they won't receive the email and can't reset it. Link to comment https://forums.phpfreaks.com/topic/155329-solved-user-authentication-reseting-a-password/#findComment-817208 Share on other sites More sharing options...
matt.sisto Posted April 23, 2009 Author Share Posted April 23, 2009 Ok thanks for the advice, I've got that sorted now so here is the code should anybody wish to reuse any part of it, very simple but useful. <?php require "dbconn2.php"; $sql = mysql_query("SELECT * FROM client WHERE email_address = '$to'"); if (mysql_num_rows($sql) !== 0) { $from = "[email protected]"; $message = "Here is a link that will allow you to reset our password: http://www.salmonsreach.org/database/resetpassword.php"; $headers = "SRC Message From: $from"; $sender= "Salmons Reach Consultancy. Striving to achieve excellence."; mail($to, $sender, $message, $headers); header("Location: thankyou.php"); exit(); } else { $url = "Location: register.php?error=true"; header($url); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Request Password</title> </head> <body> </body> </html> Link to comment https://forums.phpfreaks.com/topic/155329-solved-user-authentication-reseting-a-password/#findComment-817235 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.