Jump to content

Recommended Posts

There is so much to PHP lol

 

ive just scratch the surface on how to use functions

how do I echo this correctly

or better yet how do I store the password from it so i can email it

wanted to echo it first to make sure it works

sorry im really trying to learn this if someone could help me out. I finally got the hang of writing strings on my own  though :)

<?php

function rand_passwd( $length = 8, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ) 
                {     return substr( str_shuffle( $chars ), 0, $length ); } 


                echo "The password is ";rand_passwd();


?>

 

 

I'll check your article out xyph. I spent a while getting my script to mail my password out then i realize i couldnt get rid of the MD5 haha

alright i figured out how to echo it

 

Now i need to figure out how to generate it and store, mail it then md5 it into my data base.

 

Im guessing the best way to do this is to generate and save to a Session? then use that to do everything else

The general idea is to have them enter their email into a password reset form. Your script will generate a random token, store it in their users table, and then email it to the email they entered. They will be given a link to follow that has the token in it. If the token matches that of the one you stored in the database, they will be able to create a new password. The token must be random and unique.

oh so i shouldnt md5 and replace their password with the generated one until they click on the link with the token

i didnt even realize thats how those links worked. didnt you know you could store data in a link and not be part of the dir of the link

 

that would be easier to do

 

I think i can write the script to do it where the random password is emailed to them and then they use that to log in and it replaces and their current password.

 

but creating a link like that with the token i'll have to find a tutor online helping with that

You never overwrite their password before getting confirmation from their email, otherwise someone could spam your forgotten password form with random emails and lock out every user you have (until they check their email).

 

For the links, you need to look at the _GET array HERE.

For the tokens, you could create a function to generate a random string of characters, coupled with the current time:

Example Only

<?php
function randomToken() {
$str = 'aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ0123456789'; //random string of letters and numbers.
$token = NULL; //set the variable.
for($i=0;$i<50;$i++) { //loop 50 times.
$token .= $str[mt_rand(0,(strlen($str)-1))]; //add a random letter from the string to our token variable.
}
return sha1($token) . time(); //hash the result, then add the time to the end of it.
}
?>

 

NOTE: Do not use md5, sha1, sha256 for password storage, even the manual suggests against that. read about it

 

idk I read a ton of online tutors, its way over my head.

 

i think i'll just store the password for now then when my site goes live come up with a lock out

 

a attacker cant see my passwords unless they gain admin access right?

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.