undefined variable (random password)

[I-AM-OBODO]

Hi all.

 

pls what could be wrong with this code? its saying undefined variable "password".

 

ps, if there's a better way, pls I won't mind knowing it.

 

thanks

[I-AM-OBODO]

oops! I forgot the code earlier

 

<?php

$alphanum =
array('a','b','c','d','e','f','g','h','i','j','k','m','n','o',
'p','q','r','s','t','u','v','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','M','N','P','Q','R','S','T','U',
'V','W','X','Y','Z','2','3','4','5','6','7','8','9');
$chars = sizeof($alphanum);
$a = time();
mt_srand($a);
for ($i=0; $i < 6; $i++) {
$randnum = intval(mt_rand(0,56));
$password .= $alphanum[$randnum];

echo $password;
}

?>

[pmccall2]

http://us2.php.net/manual/en/language.operators.string.php

 

.= is like add to previous value. Since there is no previous value for $password it cant add anything...

[I-AM-OBODO]

oops! I forgot to declare what value $password holds. Incase anyone might this of value, the solution to this is to declare $password at the beginning of the password array. thus

$password ="";

[cyberRobot]

Have you considered using array_rand()?

http://php.net/manua....array-rand.php

 

<?php
$password = '';
$alphanum =
array('a','b','c','d','e','f','g','h','i','j','k','m','n','o',
'p','q','r','s','t','u','v','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','M','N','P','Q','R','S','T','U',
'V','W','X','Y','Z','2','3','4','5','6','7','8','9');
$rand_keys = array_rand($alphanum, 6);
foreach($rand_keys as $currKey) {
    $password .= $alphanum[$currKey];
}
echo $password;
?>

[Jessica]

Or even just md5 and substr? You'd get the exact same effect with one line of code.

 

substr(md5(microtime()), 0, 6);

 

Edit: I take it back, you wouldn't get capital letters.

 

You could however take advantage of range() to not have to type out every letter, just FYI.

$alphanum = array_merge(range('a', 'z'), range('A', 'Z', range(2, 9)); 

(Not sure why ou're skipping 1 and 0, maybe too close to l and O?)

Edited February 19, 2013 by Jessica

[I-AM-OBODO]

thanks Cyberrobot & Jessica.

@jessica, yes that's why I omitted 1 & 0 and thanks again.

[I-AM-OBODO]

hi all. I noticed that on the database, the password dont change even after multiple tries? I echoed out the password on the browser, it changes but on the database it doesn't. what could be the cause?

 

ps: I have modified the code to adapt to both your suggestions.

 

<?php

$alpha = array_merge(range('a','z'), range('A','Z'), range(2,9));
$rand_key = array_rand($alpha, ;
foreach ($rand_key as $curKey){
$password .= $alpha[$curKey];

echo $password;

?>

 

thanks

[Jessica]

Well based on your code you aren't doing any queries.

[I-AM-OBODO]

This is the complete code and query.

Thanks

 

<?php

if(isset($_POST['submit'])){

$email = addslashes(htmlentities($_POST['email']));

if($email == ''){
	echo "<font color='#990000'><b><center>Email field empty</center></b></font>";
}
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
	echo "<font color='#990000'><b><center>Invalid email address</center></b></font>";
}else{
	$q = "SELECT * FROM reg_users WHERE email = '$email' AND username = '$_SESSION[uname]' AND Security_no = '$_SESSION[sec_no]'";
	$r = mysql_query($q);
	if(mysql_num_rows($r)== 1){

	// Generate a random password
	$password = "";
	$alpha = array_merge(range('a','z'), range('A','Z'), range(2,9));
	$rand_key = array_rand($alpha, ;
	foreach ($rand_key as $curKey){
	$password .= $alpha[$curKey];
	echo $password;
}

	//update the user password
	$q = "UPDATE tablename SET password = '".md5('$password')."' WHERE email = '$email' AND Sec_no = '$_SESSION[sec_no]'";
	$r = mysql_query ($q) or die('Cannot complete update');

	//send mail
	$to = $_POST['email'];
	$from = "forgot@example.com";
	$subject = "New password";
	$msg = "You recently requested that we send you a new password for ubs-bank.com. Your new password is: $password.\n
			Please log in at this URL: http://localhost/login.html \n
			Then go to this address to change your password: http://localhost/changepass.php";

	$success = mail("$to","$subject","$msg","From: $from\r\nReply-To:webmaster@example.com");

	if($success){
		echo "Password have been sent to you email address";
	}

	}else{
		echo "<font color='#990000'><b>Sorry, no such record in our databsae</b></font>";
	}
}

}

?>

 

[Jessica]

'$password' is a literal string of $password. Not the value contained within $password. 

[I-AM-OBODO]

I don't understand what you mean by literal string of password? is not the value of the randomly generated password parsed to the $password variable? if not, why does the variable $password echo out the values? and how would the value be assigned to a variable?

 

thanks

[Jessica]

http://www.php.net/manual/en/language.types.string.php

[Christian F.]

On this very subject: Earlier today I've posted a function to properly generate a secure password, which you may be interested in. You can find it in the PHP snippets section.

 

PS: Note that there is a slight bug with it, as I managed to mess up the order of parameters for the strtr () function. The correct line should read like this:

$password = strtr ($password, $find, $replace);

 

Hopefully a friendly admin/mod will fix that for me, as I can't edit the post myself by now.