Jump to content

PHP "Secret Question"


papillonstudios

Recommended Posts

I am adding a secret question feature to my CMS.

 

But I'm not sure how to go about it. I have the registration form asking to enter one.

 

But how would i go about using it on my password reset page.

 

What i need it to do is pull the question for the user thats wanting to reset the pass. and display it and then cross reference the answer to the question with the answer in the database.

 

Would i use URL variables, or what?

Link to comment
https://forums.phpfreaks.com/topic/172579-php-secret-question/
Share on other sites

heres what i got so far

 

Currently i dont md5 hash the answer.

 

<?php

if (!$_GET['email']) 
{
	if (!$_POST['lost_pass']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td>Email </td></tr><tr><td>'.form_input(text,email).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="lost_pass" value="Continue ->"></p>
</form>';
	}else{
		 $email = isEmail($_POST['email']);
    		 $sql = "SELECT * FROM users WHERE email = '".$email."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }
	}
}else{

	if (!$_POST['answer']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td><i>'..'</i></td></tr>
	<tr><td>Secret Question Answer </td></tr><tr><td>'.form_input(password,answer).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="answer" value="Continue ->"></p>
</form>';
	}else{

		 $answer = isEmail($_POST['answer']);
    		 $sql = "SELECT * FROM users WHERE answer = '".$answer."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }else{
			//if the email doesn't exist, tell the user it doesn't
			// *************************//
			// Random Password Generator //
			// *************************//
			$checkmail = mysql_fetch_array($checkmail);

			$user = $checkmail['username'];

			$totalChar = 7; // number of chars in the password
			$salt = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789"; // salt to select chars from
			srand((double)microtime() * 1000000); // start the random generator
			$password = "0"; // set the inital variable
			for ($i = 0; $i < $totalChar; $i++) // loop and create password

				$password = $password . substr($salt, rand() % strlen($salt), 1);

			// *************************//
			// Display Password //
			// *************************//

			$encpass = sha1($password . SALT);

			$update = "UPDATE users set password ='$encpass' WHERE username ='$user'";

			mysql_query($update) or die(mysql_error());
			//change the member's password to the new generated one

			echo ('You Can Now login with this password.<br />
				  Your Password: '.$password.'<br />
				  After you Login, Click "Edit Profile", and change your password right away.<br />
				  Thank You for using the Isus CMS 2.0 Password Recovery Tool.
				  ');
		 }
	}
}
?>
  

Link to comment
https://forums.phpfreaks.com/topic/172579-php-secret-question/#findComment-909745
Share on other sites

then what do you recommend be doing instead of a secret question?

 

and it doesnt quite work it pulls up the email form when you go to it but i when you submit it it doesnt go to like

 

http://yourdomain/index.php?action=forgot&[email protected]

 

and when you go there manually it doesnt show the secret question.

 

heres the most up to date code its a bit different.

 

<?php

if (!$_GET['email']) 
{
	if (!$_POST['lost_pass']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td>Email </td></tr><tr><td>'.form_input(text,email).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="lost_pass" value="Continue ->"></p>
</form>';
	}else{
		 $email = isEmail($_POST['email']);
    		 $sql = "SELECT * FROM users WHERE email = '".$email."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }
	}
}else{

	//Selecting the News From trhe Table news
$query = "SELECT * FROM `users` WHERE email =  ".$_GET['email']."";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);

	if (!$_POST['answer']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td><i>'.$row['question'].'</i></td></tr>
	<tr><td>Secret Question Answer </td></tr><tr><td>'.form_input(password,answer).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="answer" value="Continue ->"></p>
</form>';
	}else{

		 $answer = isEmail($_POST['answer']);
    		 $sql = "SELECT * FROM users WHERE answer = '".$answer."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }else{
			//if the email doesn't exist, tell the user it doesn't
			// *************************//
			// Random Password Generator //
			// *************************//
			$checkmail = mysql_fetch_array($checkmail);

			$user = $checkmail['username'];

			$totalChar = 7; // number of chars in the password
			$salt = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789"; // salt to select chars from
			srand((double)microtime() * 1000000); // start the random generator
			$password = "0"; // set the inital variable
			for ($i = 0; $i < $totalChar; $i++) // loop and create password

				$password = $password . substr($salt, rand() % strlen($salt), 1);

			// *************************//
			// Display Password //
			// *************************//

			$encpass = sha1($password . SALT);

			$update = "UPDATE users set password ='$encpass' WHERE username ='$user'";

			mysql_query($update) or die(mysql_error());
			//change the member's password to the new generated one

			echo ('You Can Now login with this password.<br />
				  Your Password: '.$password.'<br />
				  After you Login, Click "Edit Profile", and change your password right away.<br />
				  Thank You for using the Isus CMS 2.0 Password Recovery Tool.
				  ');
		 }
	}
}
?>
  

Link to comment
https://forums.phpfreaks.com/topic/172579-php-secret-question/#findComment-909771
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.