Daslee Posted May 31, 2011 Share Posted May 31, 2011 Hi, im trying to make a password reminder for my game server accounts. Ok, so now in mysql i have table with 2 fields: email and pass. Here is my php coding to remind password: <?php session_start(); include "./global.php"; ?> <html> <head> <title>Password Reminder</title> </head> <body> <?php if(!isset ($_POST['submit'])) { echo "Your e-mail: <input type='input' name='email'> <input type='submit' name='submit' value='Ok'>\n"; }else{ $to = $_POST['email']; if($to) { $sql = "SELECT pass FROM fpass WHERE email='".$to."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) > 0) { $rrow = mysql_fetch_assoc($res); echo "Your password is: '".$rrow['pass']."'"; }else{ echo "The e-mail that you supplied does not exist!\n"; } }else{ echo "E-Mail field is empty! Please fill it up.\n"; } } ?> </body> </html> global.php connects to mysql. But now when i typing email, the it should select password from table fpass where email = my typed email. But when i click Ok button, then it don't doing anything... It should show me this: Your password is: blabla... Quote Link to comment https://forums.phpfreaks.com/topic/237997-password-reminder/ Share on other sites More sharing options...
Muddy_Funster Posted May 31, 2011 Share Posted May 31, 2011 "then it don't doing anything..." isn't a productive description of your problem. What would be better would be telling us exactly what it DOES do (even if it's only producing a blank page) versus what you are trying to make it do. In addition to that, a couple of things you should be aware of : 1- you should never store passwords in plain text 2- all I or anyone else would need to gain someones password would be their email address (you should at least think about mailing the associated password to the address given) 3- you have no data sanitisation what so ever going on in the page, and as such your form is completly open to attack. Quote Link to comment https://forums.phpfreaks.com/topic/237997-password-reminder/#findComment-1222903 Share on other sites More sharing options...
coolcam262 Posted May 31, 2011 Share Posted May 31, 2011 Like what is said in the above post you shouldn't ever store a users password in a text format. You should at least md5 encrypt it and then if a user forgets their password either allow them to enter their username and email and give them a new, randomly generated password or make them choose a new one when emailed a specific link. Then just update the database with the md5ed new password. Quote Link to comment https://forums.phpfreaks.com/topic/237997-password-reminder/#findComment-1222996 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.