maxihobbs Posted March 9, 2010 Share Posted March 9, 2010 Just wondering if anyone out there had a sucessful working script for forget password and reset password. I've used countless oens and cannot get rid of the errors they are throwing up Any help would be great Thanks Quote Link to comment Share on other sites More sharing options...
danbriant Posted March 9, 2010 Share Posted March 9, 2010 Hey Mate the one i use which i coded myself is as follows, However make note you will need to assign values to $site_name $site_email Also you will need to add some sort of email address checking in there As i use this in my own websites CMS <?php if (isset($_POST['submit'])) { if ($_POST['forgotpassword']=='') { error('Please Fill in Email.'); } if(get_magic_quotes_gpc()) { $forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword'])); } else { $forgotpassword = htmlspecialchars($_POST['forgotpassword']); } // Lets see if the email exists $sql = "SELECT COUNT(*) FROM members WHERE user_email = '$forgotpassword'"; $result = mysql_query($sql)or die('Could not find member: ' . mysql_error()); if (!mysql_result($result,0,0)>0) { error('Email Not Found!'); } //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, ; //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); // Make a safe query $query = sprintf("UPDATE `members` SET `user_password` = '%s' WHERE `user_email` = '$forgotpassword'", mysql_real_escape_string($newpassword)); mysql_query($query)or die('Could not update members: ' . mysql_error()); //Email out the infromation $subject = "Your New Password"; $message = "Your new password is as follows: ---------------------------- Password: $emailpassword ---------------------------- Please make note this information has been encrypted into our database This email was automatically generated."; if(!mail($forgotpassword, $subject, $message, "FROM: $site_name <$site_email>")){ die ("Sending Email Failed, Please Contact Site Admin! ($site_email)"); }else{ error('New Password Sent!.'); } } else { ?> <form name="forgotpasswordform" action="" method="post"> <table border="0" cellspacing="0" cellpadding="3" width="100%"> <caption> <div>Forgot Password</div> </caption> <tr> <td>Email Address:</td> <td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td> </tr> <tr> <td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td> </tr> </table> </form> <? } ?> Any Errors are handled by this function error($msg) { ?> <html> <head> <script language="JavaScript"> <!-- alert("<?=$msg?>"); history.back(); //--> </script> </head> <body> </body> </html> <? exit; } As i think it's crazy to make the form DIE when entering values....... Quote Link to comment Share on other sites More sharing options...
maxihobbs Posted March 9, 2010 Author Share Posted March 9, 2010 Thanks very much for the input, when you say assign values do you mean $site_name ='site name here'; $site_email ='admin email here'; Sorry Im rather new to this sort of stuff! Im getting an error... Warning: mail() [function.mail]: Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and "smtp_port" setting in php.ini or use ini_set() ...which I presume is to do with having not set these values yet? Correct? Thanks again Quote Link to comment Share on other sites More sharing options...
danbriant Posted March 9, 2010 Share Posted March 9, 2010 You need to make sure you have mail() support. I guess from the error your testing this locally, and if so you will need to run some sort of mail server etc, otherwise test on a webhost And the values you have show are correct Quote Link to comment Share on other sites More sharing options...
maxihobbs Posted March 10, 2010 Author Share Posted March 10, 2010 Ive uploaded it to my site and Im getting this error Fatal error: Call to undefined function error() the line it relates to is: else { error('New Password Sent!.'); } Any ideas? Quote Link to comment Share on other sites More sharing options...
danbriant Posted March 10, 2010 Share Posted March 10, 2010 Because this needs adding to the script as well function error($msg) { ?> <html> <head> <script language="JavaScript"> <!-- alert("<?=$msg?>"); history.back(); //--> </script> </head> <body> </body> </html> <? exit; } I made a simple guide to understanding how my script works http://www.danbriant.com/general/creating-php-password-reset-script/ Quote Link to comment Share on other sites More sharing options...
maxihobbs Posted March 11, 2010 Author Share Posted March 11, 2010 Thats fantastic mate, solved and done! Now for the Chnage password feature! :-\ Quote Link to comment Share on other sites More sharing options...
Adam Posted March 11, 2010 Share Posted March 11, 2010 Ick! function error($msg) { ?> <html> <head> <script language="JavaScript"> <!-- alert("<?=$msg?>"); history.back(); //--> </script> </head> <body> </body> </html> <? exit; } What if JS is disabled? Quote Link to comment Share on other sites More sharing options...
danbriant Posted March 11, 2010 Share Posted March 11, 2010 Then no error will be displayed but the script will still stop as such when it's supposed to But in this day and age who disables javascript? Heck i could event make it JQUERY if need be Quote Link to comment Share on other sites More sharing options...
Adam Posted March 11, 2010 Share Posted March 11, 2010 But in this day and age who disables javascript? Over 60,000,000 Firefox users? Check out the download count for the "NoScript" add-on: https://addons.mozilla.org/en-US/firefox/addon/722 Quote Link to comment Share on other sites More sharing options...
danbriant Posted March 11, 2010 Share Posted March 11, 2010 Quite frankly i don't really care about a firefox plugin, i code to suite my needs and not to please those who have to get a plugin to make their so called secure browser secure............... Currently it's only using javascript as a test atm it will be going to jquery once i code a suitable plugin Quote Link to comment Share on other sites More sharing options...
Adam Posted March 11, 2010 Share Posted March 11, 2010 Quite frankly i don't really care about a firefox plugin, i code to suite my needs and not to please those who have to get a plugin to make their so called secure browser secure Fair enough you might not, but don't pass on bad advice to other people who believe it's good advice. Currently it's only using javascript as a test atm it will be going to jquery once i code a suitable plugin jQuery is JavaScript? Quote Link to comment Share on other sites More sharing options...
danbriant Posted March 11, 2010 Share Posted March 11, 2010 Jquery is Javascript but it's a nicer form of javascript, and i have more control over what i do as it's coded to be universal for browsers Having javascript disabled would kill off most websites nowdays. As ajax is a form of javascript....... I chose this way as i find it dam annoying when your entering data into a form forget something and hit submit and the form send the die() and wham you loose whatever stuff you typed in. Whereas using javascript will show an error but wont make it die() as such. Sure it will end the script there but it wont kill it Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted March 11, 2010 Share Posted March 11, 2010 But in this day and age who disables javascript? I do. Blind people with screen readers do. ... and "amateur" is the word for people who don't code properly. Quote Link to comment Share on other sites More sharing options...
Adam Posted March 11, 2010 Share Posted March 11, 2010 jQuery is a JavaScript library. If a user has JS disabled, jQuery won't work. Most *decent* websites out there are written to work with JS disabled, in-fact within most professional companies it's a requirement. Agreed die() errors are shocking, but what *decent* websites do you ever see them? Quote Link to comment Share on other sites More sharing options...
danbriant Posted March 11, 2010 Share Posted March 11, 2010 I code to how i want to code, not to how some jumped up people tell me how to code, got that? You will see that javascript is ONLY used for field validation and error message output for said field validation, not exactly mission critical stuff now is it..... Nice to see a friendly community aint it, i also expected a better attitude from someone who appears to be ex-staff ... and "amateur" is the word for people who don't code properly.. I came here asking for a small little code help and i help people, and what do i get in return? Two jumped up people slagging me and my code off. Quite frankly i don't care if you think my code is crap or rubbish, the fact is atleast i tried. I believe the original thread was to provide a user with a password reset script as such, guess what i done that. If you dont think my code is good enough make the correct changes and help the original poster out instead of picking holes Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted March 11, 2010 Share Posted March 11, 2010 There is a difference between just being inexperienced and saying "I don't care". Edit: Okay then, here is your help: http://en.wikipedia.org/wiki/Accessibility http://en.wikipedia.org/wiki/Unobtrusive_Javascript http://en.wikipedia.org/wiki/Progressive_enhancement http://en.wikipedia.org/wiki/Separation_of_concerns Now stop whining about the fact that I called it amateurish that you just say "I don't care" when people tell you it's bad practice. Quote Link to comment Share on other sites More sharing options...
seventheyejosh Posted March 16, 2010 Share Posted March 16, 2010 I chose this way as i find it dam annoying when your entering data into a form forget something and hit submit and the form send the die() and wham you loose whatever stuff you typed in. Whereas using javascript will show an error but wont make it die() as such. Sure it will end the script there but it wont kill it I can't think of a single production website I've ever been to that die()'s just because you forgot a field. What you need to do is do some php validation on in your posted to script, and if there is an error, redirect them, with the values they had still in the form. And if not, send your email. And then, once that works, add in the javascript to enhance the experience. And jQuery is merely a Javascript library. $("#anId"); isn't a magic function, it is an interface for the standard JS selector document.getElementById('anId'); So if a user kills javascript, they kill jquery. And a lot of people new to coding use Javascript as the only form of validation. So if someone puts in a wrong email address, and they have no Javascript on, your php can error trying to send to that email, etc, etc. Which is why it is completely irrelevant if you use javascript or not, you MUST use PHP/asp/etc to do the real work. Which is why we are trying to make it clear that javascript shouldn't be your major focus, at least not now. And don't take offense to the fact that you're an amateur, because you clearly are. Not that there is anything wrong with that, but instead of arguing usability semantics with people who are much more versed in the field than you are, and are giving you free help, you should hold your tongue and listen intently to what they say. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.