Jump to content

Forget & Reset Password scripts?

maxihobbs

By maxihobbs
in Miscellaneous

 Share

Recommended Posts

danbriant Newbie

danbriant

Posted
Posted

Hey Mate the one i use which i coded myself is as follows, However make note you will need to assign values to

$site_name

$site_email

 

Also you will need to add some sort of email address checking in there

 

As i use this in my own websites CMS

 

      <?php
if (isset($_POST['submit'])) {

if ($_POST['forgotpassword']=='') {
	error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
	$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
} 
else {
	$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
    // Lets see if the email exists
    $sql = "SELECT COUNT(*) FROM members WHERE user_email = '$forgotpassword'";
    $result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
    if (!mysql_result($result,0,0)>0) {
        error('Email Not Found!');
    }
//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, ;

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

        // Make a safe query
       	$query = sprintf("UPDATE `members` SET `user_password` = '%s' 
					  WHERE `user_email` = '$forgotpassword'",
                    mysql_real_escape_string($newpassword));

				mysql_query($query)or die('Could not update members: ' . mysql_error());

//Email out the infromation
$subject = "Your New Password"; 
$message = "Your new password is as follows:
---------------------------- 
Password: $emailpassword
---------------------------- 
Please make note this information has been encrypted into our database 

This email was automatically generated."; 
                       
          if(!mail($forgotpassword, $subject, $message,  "FROM: $site_name <$site_email>")){ 
             die ("Sending Email Failed, Please Contact Site Admin! ($site_email)"); 
          }else{ 
                error('New Password Sent!.');
         } 

}

else {
?>
      <form name="forgotpasswordform" action="" method="post">
        <table border="0" cellspacing="0" cellpadding="3" width="100%">
          <caption>
          <div>Forgot Password</div>
          </caption>
          <tr>
            <td>Email Address:</td>
            <td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td>
          </tr>
          <tr>
            <td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td>
          </tr>
        </table>
      </form>
      <?
}
?>

 

Any Errors are handled by this

function error($msg) {
    ?>
    <html>
    <head>
    <script language="JavaScript">
    <!--
        alert("<?=$msg?>");
        history.back();
    //-->
    </script>
    </head>
    <body>
    </body>
    </html>
    <?
    exit;
}

As i think it's crazy to make the form DIE when entering values.......

maxihobbs Newbie

maxihobbs

Posted
  • Author
Posted

Thanks very much for the input, when you say assign values do you mean

 

$site_name ='site name here';

$site_email ='admin email here';

 

Sorry Im rather new to this sort of stuff!

 

Im getting an error...

 

Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set()

 

...which I presume is to do with having not set these values yet? Correct?

 

Thanks again

danbriant Newbie

danbriant

Posted
Posted

Because this needs adding to the script as well :)

function error($msg) {

    ?>

    <html>

    <head>

    <script language="JavaScript">

    <!--

        alert("<?=$msg?>");

        history.back();

    //-->

    </script>

    </head>

    <body>

    </body>

    </html>

    <?

    exit;

}

I made a simple guide to understanding how my script works

http://www.danbriant.com/general/creating-php-password-reset-script/

Adam Advanced Member

Adam

Posted
Posted

Ick!

 

function error($msg) {
    ?>
    <html>
    <head>
    <script language="JavaScript">
    <!--
        alert("<?=$msg?>");
        history.back();
    //-->
    </script>
    </head>
    <body>
    </body>
    </html>
    <?
    exit;
}

 

What if JS is disabled?

danbriant Newbie

danbriant

Posted
Posted

Quite frankly i don't really care about a firefox plugin, i code to suite my needs and not to please those who have to get a plugin to make their so called secure browser secure...............

Currently it's only using javascript as a test atm it will be going to jquery once i code a suitable plugin

Adam Advanced Member

Adam

Posted
Posted
Quite frankly i don't really care about a firefox plugin, i code to suite my needs and not to please those who have to get a plugin to make their so called secure browser secure

 

Fair enough you might not, but don't pass on bad advice to other people who believe it's good advice.

 

Currently it's only using javascript as a test atm it will be going to jquery once i code a suitable plugin

 

jQuery is JavaScript?

danbriant Newbie

danbriant

Posted
Posted

Jquery is Javascript but it's a nicer form of javascript, and i have more control over what i do as it's coded to be universal for browsers

 

Having javascript disabled would kill off most websites nowdays. As ajax is a form of javascript.......

 

I chose this way as i find it dam annoying when your entering data into a form forget something and hit submit and the form send the die() and wham you loose whatever stuff you typed in. Whereas using javascript will show an error but wont make it die() as such. Sure it will end the script there but it wont kill it

Adam Advanced Member

Adam

Posted
Posted

jQuery is a JavaScript library. If a user has JS disabled, jQuery won't work. Most *decent* websites out there are written to work with JS disabled, in-fact within most professional companies it's a requirement. Agreed die() errors are shocking, but what *decent* websites do you ever see them?

danbriant Newbie

danbriant

Posted
Posted

I code to how i want to code, not to how some jumped up people tell me how to code, got that?

 

You will see that javascript is ONLY used for field validation and error message output for said field validation, not exactly mission critical stuff now is it.....

 

Nice to see a friendly community aint it, i also expected a better attitude from someone who appears to be ex-staff

... and "amateur" is the word for people who don't code properly.
. I came here asking for a small little code help and i help people, and what do i get in return? Two jumped up people slagging me and my code off. Quite frankly i don't care if you think my code is crap or rubbish, the fact is atleast i tried. I believe the original thread was to provide a user with a password reset script as such, guess what i done that.

 

If you dont think my code is good enough make the correct changes and help the original poster out instead of picking holes

 

Daniel0 Advanced Member

Daniel0

Posted
Posted

There is a difference between just being inexperienced and saying "I don't care".

 

Edit: Okay then, here is your help:

http://en.wikipedia.org/wiki/Accessibility

http://en.wikipedia.org/wiki/Unobtrusive_Javascript

http://en.wikipedia.org/wiki/Progressive_enhancement

http://en.wikipedia.org/wiki/Separation_of_concerns

 

Now stop whining about the fact that I called it amateurish that you just say "I don't care" when people tell you it's bad practice.

seventheyejosh Advanced Member

seventheyejosh

Posted
Posted
I chose this way as i find it dam annoying when your entering data into a form forget something and hit submit and the form send the die() and wham you loose whatever stuff you typed in. Whereas using javascript will show an error but wont make it die() as such. Sure it will end the script there but it wont kill it

 

I can't think of a single production website I've ever been to that die()'s just because you forgot a field. What you need to do is do some php validation on in your posted to script, and if there is an error, redirect them, with the values they had still in the form. And if not, send your email. And then, once that works, add in the javascript to enhance the experience.

 

And jQuery is merely a Javascript library. $("#anId"); isn't a magic function, it is an interface for the standard JS selector document.getElementById('anId'); So if a user kills javascript, they kill jquery.

 

And a lot of people new to coding use Javascript as the only form of validation. So if someone puts in a wrong email address, and they have no Javascript on, your php can error trying to send to that email, etc, etc. Which is why it is completely irrelevant if you use javascript or not, you MUST use PHP/asp/etc to do the real work. Which is why we are trying to make it clear that javascript shouldn't be your major focus, at least not now.

 

And don't take offense to the fact that you're an amateur, because you clearly are. Not that there is anything wrong with that, but instead of arguing usability semantics with people who are much more versed in the field than you are, and are giving you free help, you should hold your tongue and listen intently to what they say.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.