gabe22 Posted September 2, 2012 Share Posted September 2, 2012 I'm trying to use a password recovery script. The objective here is to send user their previous password when they enters their email address in the input box Bellow is the php script: <?php if(isset($_POST['pass-reset'])) { $var21= mysql_query("SELECT email FROM users") or die(mysql_error()); while($var22=mysql_fetch_assoc($var21)) { foreach($var22 as $var23) { if ($_POST['email']==$var23){ $outerror=1; echo "<p class=\"reset-f\">Please check your inbox for your password.</p>";} } } if($outerror!=1) echo "<p class=\"reset-f\">Invalid Email! Please enter correct email address.</p>"; } ?> I didn't add the html code here as the issue is with PHP. The current script can match the user entered email with emails in database and reply messages but I need to add the following functions: * It also needs to get password if it finds matching email address * And also send the password to the user entered email address Thanks in advance for your assistance. Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted September 2, 2012 Share Posted September 2, 2012 Foremost, you're committing a cardinal programmer's / webmaster's sin by storing unencrypted passwords in your database. Passwords should be one-way encrypted, meaning they cannot ever return their original value. Furthermore, you should never send a user's password to them in their email - a compromised email ccount has just given an attacker a user's password that's likely used at every other site they belong to, including banks. There are two more appropriate approaches to the 'forgotten password' scenario: Security Questions and Password Resets. Security Questions You've surely seen these before. A user has access to set up security Q&As in the event they forget their login credentials. This is often preferred. Password Resets This is the avenue you're approaching in your OP. The practical approach follows these general steps: > User clicks the 'forgot my password' link > User enters identifying details (email) > Query the database for this address and if successful, prompt the user if they want a reset link sent > If the user accepts the email link, update their row with some sort of identifying string > Send this string to the user's email address in link form example.com/activate?id=234;aldsfjk324 > That link performs a DB query, returning the user's row > The user can now create a new password that you will securely hash Quote Link to comment Share on other sites More sharing options...
scootstah Posted September 2, 2012 Share Posted September 2, 2012 Security Questions You've surely seen these before. A user has access to set up security Q&As in the event they forget their login credentials. This is often preferred. Security questions are very susceptible to social engineering. The only real way to have secure security questions is if the user just types in random, arbitrary data and then keeps it somewhere safe, like a password vault. This means that the user can authenticate themselves with the security questions by providing the stored answers, but noone else is ever going to guess that their mother's maiden name is "asdf9iq459adsfka435dfah". Furthermore, you should never send a user's password to them in their email - a compromised email ccount has just given an attacker a user's password that's likely used at every other site they belong to, including banks. It's true that you shouldn't send plaintext passwords to someone's email, but not for the reason above. In my opinion, whether or not a user's email is compromised is out of your control. Out of convenience to the user, some things just have to rely on the fact that their email is not compromised. Security is often about sacrificing usability. You could make a more secure system that relied on SMS or phone calls to provide authentication, but that is less convenient for the users. The fact that people might use the same password for their bank as they do for your forum is also irrelevant and out of the hands of the developer. You can discourage it, tell them that it's bad, whatever. But, at the end of the day, you have no control over it - so there's no point worrying about it. With that said, sending plaintext passwords to an email is bad, because in some circumstances the email can be intercepted, and the password retrieved. Foremost, you're committing a cardinal programmer's / webmaster's sin by storing unencrypted passwords in your database. Passwords should be one-way encrypted Hashing. Sorry, pet peeve.... Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted September 2, 2012 Share Posted September 2, 2012 The fact that people might use the same password for their bank as they do for your forum is also irrelevant and out of the hands of the developer. You can discourage it, tell them that it's bad, whatever. But, at the end of the day, you have no control over it - so there's no point worrying about it. While I concur with what you've said, I believe the dev community as a whole can help each other by eliminating the potential headaches that occur with compromised users. That's the only reason I mentioned this as a reason to not send plaintext PWs. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted September 2, 2012 Share Posted September 2, 2012 Since it hasn't been posted yet, I strongly recommend that you read this article about secure login systems. Will help you understand the issue a lot better, and hopefully also help you find a proper solution to your problem. Quote Link to comment Share on other sites More sharing options...
gabe22 Posted September 3, 2012 Author Share Posted September 3, 2012 Hey No offence to any of you but I'm not really asking for your expertise/opinion on security issues (I have my reasons for doing it this way )... please stay on the topic and if you can provide a solution, if you can't, don't bother replying. If you would like to discuss security issues, I'm sure there are other places in this forum. Thank you. Quote Link to comment Share on other sites More sharing options...
scootstah Posted September 3, 2012 Share Posted September 3, 2012 (I have my reasons for doing it this way ) And what would those be? There is absolutely no reason to store plaintext passwords in the database. When people ask for help here, and we see that they are doing something catastrophically wrong, it is our job to point that out and offer better ways to handle the problem. Storing plaintext passwords is one such situation. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 3, 2012 Share Posted September 3, 2012 For your existing code, you would NEVER select all the rows from a database table and scan through them using relatively slow parsed/tokenized/interpreted php code to find if a value exists. You would use a WHERE clause in the query to directly find any row(s) that match the desired value. Also, the foreach(){} loop you have makes no sense. Even if you were selecting more than one column, the value you are trying to find is in one specific column. You would not loop over all the columns trying to find it. You would test the one specific column the value is in. Since you are selecting only one column in the query, the foreach loop is looping over one thing and is a waste of typing to have it in the code. Lastly, since the posted code is attempting to find one (or no) specific email address in the table (with a WHERE clause in the query), you would not use a while(){} loop anyway. To address finding if an entered email address exists in the table - <?php if(isset($_POST['pass-reset'])){ // find if the entered email exists $query = sprintf("SELECT * FROM users WHERE email = '%s'", mysql_real_escape_string(trim($_POST['email']))); $result = mysql_query($query) or die("Query failed: $query<br />Error: " . mysql_error()); if(mysql_num_rows($result) > 0){ // a matching row was found, fetch and use the data here... echo "Email found."; $row = mysql_fetch_assoc($result); } else { // no matching row, handle that condition here... echo "Email not found."; } } Quote Link to comment Share on other sites More sharing options...
trq Posted September 3, 2012 Share Posted September 3, 2012 No offence to any of you but I'm not really asking for your expertise/opinion on security issues (I have my reasons for doing it this way )... please stay on the topic and if you can provide a solution, if you can't, don't bother replying. If you would like to discuss security issues, I'm sure there are other places in this forum. Coming to a forum where actual developers hang out your bound to get this type of advice. It's in our nature to try and fix bad code / design / logic. Most people appreciate it. Your current code has some obvious faults that lead us to believe your not a developer. That coupled with the idea of storing plain text passwords leaves your application open to security concerns. Sorry if people with more experience feel the need to point some of these out. If you don't want good advice, you should find a board where non programmers help out. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.