scuppered Posted January 3, 2010 Share Posted January 3, 2010 Hi, I have a forgotten password link on my site that is not working, the code that generates the email to the user is <a href="http://<?php echo $_SERVER['HTTP_HOST'].dirname(dirname(dirname($_SERVER['PHP_SELF']))).'/users/details/'.$id.'/'.$md5; ?> This generates the email link http://www.*****.com//users/details/50/eff9e8296bad22a6ac1ad5c8b4d70636 which is fine however the md5 hash after the users id number is not the md5 hash stored in the Mysql database and consequently won't allow the new password (at least I think this is the problem) Can anyone offer any sugestions? Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/ Share on other sites More sharing options...
wildteen88 Posted January 3, 2010 Share Posted January 3, 2010 First we'll need to know where the variables $id and $md5 are being set? Why do you need to set the md5 hash of the old password in the url? You need to post more information about what you're trying to do. Including relevant bits of code helps too. Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-987670 Share on other sites More sharing options...
scuppered Posted January 3, 2010 Author Share Posted January 3, 2010 Hi Wildteen88, As far as I know that is the relevant code to create the FP link to the individual user. I didn't write this, it is a part of a large site that was written very badly for me and I am trying to sort out some of the problems myself. The variable $id is the unique user number for the users account which corresponds to the email address and $md5 is their encrypted password, all stored on the Mysql database Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-987675 Share on other sites More sharing options...
wildteen88 Posted January 3, 2010 Share Posted January 3, 2010 That bit of code is not the problem. The problem is with how the $md5 variable is being defined, as you said in your first post the md5 hash is wrong because it doesn't correspond to the hash stored in the database. ... however the md5 hash after the users id number is not the md5 hash stored in the Mysql database and consequently won't allow the new password (at least I think this is the problem) I need to see how this variable is being set. Just posting the code for link isn't going yield you any helpful replies. Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-987677 Share on other sites More sharing options...
scuppered Posted January 3, 2010 Author Share Posted January 3, 2010 WT, Sorry but I don't understand (not a programmer) surely the variable is being set by " .$id.'/'.$md5; ?> " supposedly to usrs md5 stored encryption currently on the database? Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-987682 Share on other sites More sharing options...
scuppered Posted January 3, 2010 Author Share Posted January 3, 2010 Sorry WT, I understand what you are saying but haven't the faintest idea where to find the answer on the program files . This problem only occurs with the forgotten password link, when a user is logged in to the program they can change their password on the user control panel with out problem and all works fine Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-987684 Share on other sites More sharing options...
scuppered Posted January 3, 2010 Author Share Posted January 3, 2010 Hi, looking at the code string ( .'/users/details/'.$id.'/'.$md5; there is an opening ' in front of .$md5 but no closing one - should there be? Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-987699 Share on other sites More sharing options...
scuppered Posted January 3, 2010 Author Share Posted January 3, 2010 WT, Are these the variables you were asking for? /** * Action for fogotten password link */ function forgotten() { if (!empty($this->data)) { $user = $this->User->find(array('email'=>$this->data['User']['email'])); if (is_array($user)) { if ($user['User']['activated']==1) { // init email $this->Mailer->init(); $this->Mailer->AddAddress($this->data['User']['email']); $this->Mailer->Subject = 'account password'; // Set template vars $this->set('md5',md5($user['User']['id'].$user['User']['id'].$user['User']['password'])); $this->set('id',$user['User']['id']); $this->set('firstname',$user['User']['firstname']); // Set mail body ob_start(); $this->render('email/forgotten_html','email'); $this->Mailer->Body = ob_get_clean(); // Set mail text body ob_start(); $this->render('email/forgotten_text','email'); $this->Mailer->AltBody = ob_get_clean(); // Send mail $ret = $this->Mailer->send(); $this->Session->setFlash($this->Mailer->ErrorInfo); $this->redirect('/users/forgotten_success'); } else { //not activated $this->set('errorcode',2); } } else { //invalid email address $this->set('errorcode',1); } } } function forgotten_success() {} /** * User details form */ function details($id=null,$md5=null) { if (empty($id) || empty($md5)) { $this->Obauth->lock(); // have to be logged in $user = $this->Session->read('userLogin'); //pr($user); $this->set('gid',$user['Group']['id']); if (isset($this->data['User'])) { // if form posted $u = $this->User->read(null,$user['User']['id']); foreach ($u['User'] as $k => $v) { // update the filled fields if (!isset($this->data['User'][$k])) { $this->data['User'][$k] = $v; } } if (!isset($this->data['User']['password_confirmation'])) { $this->data['User']['password_confirmation'] = $this->data['User']['password']; } if ($this->User->save($this->data)) { //TODO: Your account has been updated } } else { $this->data = $this->User->read(null,$user['User']['id']); $this->data['User']['password'] = ''; // don't fill the password field } } else { // check md5@id $this->data = $this->User->read(null,$id); //pr('md5:'.$md5.' id:'.$id.' pass:'.$this->data['User']['password'].' '.md5($id.$id.$this->data['User']['password'])); if (is_array($this->data) && isset($this->data['User']) && is_array($this->data['User']) && $md5==md5($id.$id.$this->data['User']['password'])) { $this->Session->setFlash('Please use your new password to login to your account!'); $this->data['User']['password'] = ''; // don't fill the password field } else { $this->redirect('/users/details'); } } } Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-987728 Share on other sites More sharing options...
scuppered Posted January 4, 2010 Author Share Posted January 4, 2010 Sorry to be a pain guys, still trying to work this out! Ok so today I have been checking through and realised that the last code string on the emails http://www.*****.com//users/details/50/eff9e8296bad22a6ac1ad5c8b4d70636 is actually related to the md5 password (if I change the password manually the code remains the same all time with the given password set) and is not the cause of the problem as it does take me to the change password page for that user so I am assuming that somewhere in the code of the previous post function forgotten_success() {} if (!isset($this->data['User']['password_confirmation'])) { $this->data['User']['password_confirmation'] = $this->data['User']['password']; } if ($this->User->save($this->data)) { there is a reason the new password is not being saved to and replacing the old one on the database, can anyone see anything obvious please? Quote Link to comment https://forums.phpfreaks.com/topic/187026-php-forgotten-password-code-help-please/#findComment-988403 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.