Daslee Posted May 31, 2011 Share Posted May 31, 2011 Hi, im trying to make a password reminder for my game server accounts. Ok, so now in mysql i have table with 2 fields: email and pass. Here is my php coding to remind password: <?php session_start(); include "./global.php"; ?> <html> <head> <title>Password Reminder</title> </head> <body> <?php if(!isset ($_POST['submit'])) { echo "Your e-mail: <input type='input' name='email'> <input type='submit' name='submit' value='Ok'>\n"; }else{ $to = $_POST['email']; if($to) { $sql = "SELECT pass FROM fpass WHERE email='".$to."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0) { $rrow = mysql_fetch_assoc($res); echo "Your password is: '".$rrow['pass']."'"; }else{ echo "The e-mail that you supplied does not exist!\n"; } }else{ echo "E-Mail field is empty! Please fill it up.\n"; } } ?> </body> </html> global.php connects to mysql. But now when i typing email, the it should select password from table fpass where email = my typed email. But when i click Ok button, then it don't doing anything... It should show me this: Your password is: blabla... Link to comment https://forums.phpfreaks.com/topic/237997-password-reminder/ Share on other sites More sharing options...
Muddy_Funster Posted May 31, 2011 Share Posted May 31, 2011 "then it don't doing anything..." isn't a productive description of your problem. What would be better would be telling us exactly what it DOES do (even if it's only producing a blank page) versus what you are trying to make it do. In addition to that, a couple of things you should be aware of : 1- you should never store passwords in plain text 2- all I or anyone else would need to gain someones password would be their email address (you should at least think about mailing the associated password to the address given) 3- you have no data sanitisation what so ever going on in the page, and as such your form is completly open to attack. Link to comment https://forums.phpfreaks.com/topic/237997-password-reminder/#findComment-1222903 Share on other sites More sharing options...
coolcam262 Posted May 31, 2011 Share Posted May 31, 2011 Like what is said in the above post you shouldn't ever store a users password in a text format. You should at least md5 encrypt it and then if a user forgets their password either allow them to enter their username and email and give them a new, randomly generated password or make them choose a new one when emailed a specific link. Then just update the database with the md5ed new password. Link to comment https://forums.phpfreaks.com/topic/237997-password-reminder/#findComment-1222996 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.