Jump to content

Password recovery PHP script help

gabe22

By gabe22
in PHP Coding Help

 Share

Recommended Posts

gabe22 Newbie

gabe22

Posted
Posted

I'm trying to use a password recovery script.

The objective here is to send user their previous password when they enters their email address in the input box

 

Bellow is the php script:

<?php
if(isset($_POST['pass-reset'])) {
$var21= mysql_query("SELECT email FROM users") or die(mysql_error());
while($var22=mysql_fetch_assoc($var21))
{
foreach($var22 as $var23)
{
if ($_POST['email']==$var23){
$outerror=1; 
echo "<p class=\"reset-f\">Please check your inbox for your password.</p>";}
}
}
if($outerror!=1)
echo "<p class=\"reset-f\">Invalid Email! Please enter correct email address.</p>";
}
?>

 

I didn't add the html code here as the issue is with PHP.

 

The current script can match the user entered email with emails in database and reply messages but I need to add the following functions:

 

* It also needs to get password if it finds matching email address

* And also send the password to the user entered email address

 

Thanks in advance for your assistance.

Link to comment
https://forums.phpfreaks.com/topic/267921-password-recovery-php-script-help/
Share on other sites
Mahngiel Member

Mahngiel

Posted
Posted

Foremost, you're committing a cardinal programmer's / webmaster's sin by storing unencrypted passwords in your database.  Passwords should be one-way encrypted, meaning they cannot ever return their original value. Furthermore, you should never send a user's password to them in their email - a compromised email ccount has just given an attacker a user's password that's likely used at every other site they belong to, including banks.

 

There are two more appropriate approaches to the 'forgotten password' scenario: Security Questions and Password Resets.

 

Security Questions

You've surely seen these before.  A user has access to set up security Q&As in the event they forget their login credentials.  This is often preferred.

 

Password Resets

This is the avenue you're approaching in your OP.  The practical approach follows these general steps:

>  User clicks the 'forgot my password' link

> User enters identifying details (email)

> Query the database for this address and if successful, prompt the user if they want a reset link sent

> If the user accepts the email link, update their row with some sort of identifying string

> Send this string to the user's email address in link form example.com/activate?id=234;aldsfjk324

> That link performs a DB query, returning the user's row

> The user can now create a new password that you will securely hash

scootstah Member

scootstah

Posted
Posted

Security Questions

You've surely seen these before.  A user has access to set up security Q&As in the event they forget their login credentials.  This is often preferred.

 

Security questions are very susceptible to social engineering. The only real way to have secure security questions is if the user just types in random, arbitrary data and then keeps it somewhere safe, like a password vault. This means that the user can authenticate themselves with the security questions by providing the stored answers, but noone else is ever going to guess that their mother's maiden name is "asdf9iq459adsfka435dfah".

 

Furthermore, you should never send a user's password to them in their email - a compromised email ccount has just given an attacker a user's password that's likely used at every other site they belong to, including banks.

 

It's true that you shouldn't send plaintext passwords to someone's email, but not for the reason above. In my opinion, whether or not a user's email is compromised is out of your control. Out of convenience to the user, some things just have to rely on the fact that their email is not compromised. Security is often about sacrificing usability. You could make a more secure system that relied on SMS or phone calls to provide authentication, but that is less convenient for the users.

 

The fact that people might use the same password for their bank as they do for your forum is also irrelevant and out of the hands of the developer. You can discourage it, tell them that it's bad, whatever. But, at the end of the day, you have no control over it - so there's no point worrying about it.

 

With that said, sending plaintext passwords to an email is bad, because in some circumstances the email can be intercepted, and the password retrieved.

 

Foremost, you're committing a cardinal programmer's / webmaster's sin by storing unencrypted passwords in your database.  Passwords should be one-way encrypted

 

Hashing.

 

Sorry, pet peeve....

Mahngiel Member

Mahngiel

Posted
Posted

The fact that people might use the same password for their bank as they do for your forum is also irrelevant and out of the hands of the developer. You can discourage it, tell them that it's bad, whatever. But, at the end of the day, you have no control over it - so there's no point worrying about it.

 

 

While I concur with what you've said, I believe the dev community as a whole can help each other by eliminating the potential headaches that occur with compromised users.  That's the only reason I mentioned this as a reason to not send plaintext PWs.

Christian F. Member

Christian F.

Posted
Posted

Since it hasn't been posted yet, I strongly recommend that you read this article about secure login systems. Will help you understand the issue a lot better, and hopefully also help you find a proper solution to your problem.

gabe22 Newbie

gabe22

Posted
  • Author
Posted

Hey

No offence to any of you but I'm not really asking for your expertise/opinion on security issues (I have my reasons for doing it this way )... please stay on the topic and if you can provide a solution, if you can't, don't bother replying.

If you would like to discuss security issues, I'm sure there are other places in this forum.

 

Thank you.

scootstah Member

scootstah

Posted
Posted
(I have my reasons for doing it this way )

 

And what would those be? There is absolutely no reason to store plaintext passwords in the database.

 

When people ask for help here, and we see that they are doing something catastrophically wrong, it is our job to point that out and offer better ways to handle the problem. Storing plaintext passwords is one such situation.

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

For your existing code, you would NEVER select all the rows from a database table and scan through them using relatively slow parsed/tokenized/interpreted php code to find if a value exists. You would use a WHERE clause in the query to directly find any row(s) that match the desired value.

 

Also, the foreach(){} loop you have makes no sense. Even if you were selecting more than one column, the value you are trying to find is in one specific column. You would not loop over all the columns trying to find it. You would test the one specific column the value is in. Since you are selecting only one column in the query, the foreach loop is looping over one thing and is a waste of typing to have it in the code.

 

Lastly, since the posted code is attempting to find one (or no) specific email address in the table (with a WHERE clause in the query), you would not use a while(){} loop anyway.

 

To address finding if an entered email address exists in the table -

<?php
if(isset($_POST['pass-reset'])){
// find if the entered email exists
$query = sprintf("SELECT * FROM users WHERE email = '%s'",
	mysql_real_escape_string(trim($_POST['email'])));
$result = mysql_query($query) or die("Query failed: $query<br />Error: " . mysql_error());
if(mysql_num_rows($result) > 0){
	// a matching row was found, fetch and use the data here...
	echo "Email found.";
	$row = mysql_fetch_assoc($result);

} else {
	// no matching row, handle that condition here...
	echo "Email not found.";

}
}

 

 

trq Prolific Member

trq

Posted
Posted
No offence to any of you but I'm not really asking for your expertise/opinion on security issues (I have my reasons for doing it this way )... please stay on the topic and if you can provide a solution, if you can't, don't bother replying.

If you would like to discuss security issues, I'm sure there are other places in this forum.

 

Coming to a forum where actual developers hang out your bound to get this type of advice. It's in our nature to try and fix bad code / design / logic. Most people appreciate it. Your current code has some obvious faults that lead us to believe your not a developer. That coupled with the idea of storing plain text passwords leaves your application open to security concerns. Sorry if people with more experience feel the need to point some of these out.

 

If you don't want good advice, you should find a board where non programmers help out.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.