Jump to content

Recommended Posts

I am adding a secret question feature to my CMS.

 

But I'm not sure how to go about it. I have the registration form asking to enter one.

 

But how would i go about using it on my password reset page.

 

What i need it to do is pull the question for the user thats wanting to reset the pass. and display it and then cross reference the answer to the question with the answer in the database.

 

Would i use URL variables, or what?

Link to comment
https://forums.phpfreaks.com/topic/172579-php-secret-question/
Share on other sites

heres what i got so far

 

Currently i dont md5 hash the answer.

 

<?php

if (!$_GET['email']) 
{
	if (!$_POST['lost_pass']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td>Email </td></tr><tr><td>'.form_input(text,email).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="lost_pass" value="Continue ->"></p>
</form>';
	}else{
		 $email = isEmail($_POST['email']);
    		 $sql = "SELECT * FROM users WHERE email = '".$email."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }
	}
}else{

	if (!$_POST['answer']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td><i>'..'</i></td></tr>
	<tr><td>Secret Question Answer </td></tr><tr><td>'.form_input(password,answer).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="answer" value="Continue ->"></p>
</form>';
	}else{

		 $answer = isEmail($_POST['answer']);
    		 $sql = "SELECT * FROM users WHERE answer = '".$answer."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }else{
			//if the email doesn't exist, tell the user it doesn't
			// *************************//
			// Random Password Generator //
			// *************************//
			$checkmail = mysql_fetch_array($checkmail);

			$user = $checkmail['username'];

			$totalChar = 7; // number of chars in the password
			$salt = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789"; // salt to select chars from
			srand((double)microtime() * 1000000); // start the random generator
			$password = "0"; // set the inital variable
			for ($i = 0; $i < $totalChar; $i++) // loop and create password

				$password = $password . substr($salt, rand() % strlen($salt), 1);

			// *************************//
			// Display Password //
			// *************************//

			$encpass = sha1($password . SALT);

			$update = "UPDATE users set password ='$encpass' WHERE username ='$user'";

			mysql_query($update) or die(mysql_error());
			//change the member's password to the new generated one

			echo ('You Can Now login with this password.<br />
				  Your Password: '.$password.'<br />
				  After you Login, Click "Edit Profile", and change your password right away.<br />
				  Thank You for using the Isus CMS 2.0 Password Recovery Tool.
				  ');
		 }
	}
}
?>
  

Link to comment
https://forums.phpfreaks.com/topic/172579-php-secret-question/#findComment-909745
Share on other sites

then what do you recommend be doing instead of a secret question?

 

and it doesnt quite work it pulls up the email form when you go to it but i when you submit it it doesnt go to like

 

http://yourdomain/index.php?action=forgot&email=you@domain.com

 

and when you go there manually it doesnt show the secret question.

 

heres the most up to date code its a bit different.

 

<?php

if (!$_GET['email']) 
{
	if (!$_POST['lost_pass']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td>Email </td></tr><tr><td>'.form_input(text,email).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="lost_pass" value="Continue ->"></p>
</form>';
	}else{
		 $email = isEmail($_POST['email']);
    		 $sql = "SELECT * FROM users WHERE email = '".$email."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }
	}
}else{

	//Selecting the News From trhe Table news
$query = "SELECT * FROM `users` WHERE email =  ".$_GET['email']."";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);

	if (!$_POST['answer']) { //the form hasn't been submitted, we make it

	echo '<form method="post" action="index.php?action=forgot">
    <fieldset>
<legend>Forgot Password</legend>
<table>
	<tr><td><i>'.$row['question'].'</i></td></tr>
	<tr><td>Secret Question Answer </td></tr><tr><td>'.form_input(password,answer).'</td></tr>
</table>
</fieldset>

    <p><input type="submit" name="answer" value="Continue ->"></p>
</form>';
	}else{

		 $answer = isEmail($_POST['answer']);
    		 $sql = "SELECT * FROM users WHERE answer = '".$answer."'";

	     $checkmail = mysql_query($sql) or die(mysql_error());

    		 //the above lines look for the email address in the member table

    		 if (mysql_num_rows($checkmail) == "0") {

        		exit("We can't find that email address in our member database,
please make sure you entered the correct address");

		 }else{
			//if the email doesn't exist, tell the user it doesn't
			// *************************//
			// Random Password Generator //
			// *************************//
			$checkmail = mysql_fetch_array($checkmail);

			$user = $checkmail['username'];

			$totalChar = 7; // number of chars in the password
			$salt = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789"; // salt to select chars from
			srand((double)microtime() * 1000000); // start the random generator
			$password = "0"; // set the inital variable
			for ($i = 0; $i < $totalChar; $i++) // loop and create password

				$password = $password . substr($salt, rand() % strlen($salt), 1);

			// *************************//
			// Display Password //
			// *************************//

			$encpass = sha1($password . SALT);

			$update = "UPDATE users set password ='$encpass' WHERE username ='$user'";

			mysql_query($update) or die(mysql_error());
			//change the member's password to the new generated one

			echo ('You Can Now login with this password.<br />
				  Your Password: '.$password.'<br />
				  After you Login, Click "Edit Profile", and change your password right away.<br />
				  Thank You for using the Isus CMS 2.0 Password Recovery Tool.
				  ');
		 }
	}
}
?>
  

Link to comment
https://forums.phpfreaks.com/topic/172579-php-secret-question/#findComment-909771
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.