Jump to content

undefined variable (random password)


Go to solution Solved by Christian F.,

Recommended Posts

oops! I forgot the code earlier

 

<?php

$alphanum =
array('a','b','c','d','e','f','g','h','i','j','k','m','n','o',
'p','q','r','s','t','u','v','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','M','N','P','Q','R','S','T','U',
'V','W','X','Y','Z','2','3','4','5','6','7','8','9');
$chars = sizeof($alphanum);
$a = time();
mt_srand($a);
for ($i=0; $i < 6; $i++) {
$randnum = intval(mt_rand(0,56));
$password .= $alphanum[$randnum];

echo $password;
}

?>

Have you considered using array_rand()?

http://php.net/manua....array-rand.php

 

<?php
$password = '';
$alphanum =
array('a','b','c','d','e','f','g','h','i','j','k','m','n','o',
'p','q','r','s','t','u','v','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','M','N','P','Q','R','S','T','U',
'V','W','X','Y','Z','2','3','4','5','6','7','8','9');
$rand_keys = array_rand($alphanum, 6);
foreach($rand_keys as $currKey) {
    $password .= $alphanum[$currKey];
}
echo $password;
?>

Or even just md5 and substr? You'd get the exact same effect with one line of code.

 

substr(md5(microtime()), 0, 6);

 

Edit: I take it back, you wouldn't get capital letters.

 

You could however take advantage of range() to not have to type out every letter, just FYI.

$alphanum = array_merge(range('a', 'z'), range('A', 'Z', range(2, 9)); 

(Not sure why ou're skipping 1 and 0, maybe too close to l and O?)

Edited by Jessica

hi all. I noticed that on the database, the password dont change even after multiple tries? I echoed out the password on the browser, it changes but on the database it doesn't. what could be the cause?

 

ps: I have modified the code to adapt to both your suggestions.

 

<?php

$alpha = array_merge(range('a','z'), range('A','Z'), range(2,9));
$rand_key = array_rand($alpha, ;
foreach ($rand_key as $curKey){
$password .= $alpha[$curKey];

echo $password;

?>

 

thanks

This is the complete code and query.

Thanks

 

<?php

if(isset($_POST['submit'])){

$email = addslashes(htmlentities($_POST['email']));

if($email == ''){
	echo "<font color='#990000'><b><center>Email field empty</center></b></font>";
}
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
	echo "<font color='#990000'><b><center>Invalid email address</center></b></font>";
}else{
	$q = "SELECT * FROM reg_users WHERE email = '$email' AND username = '$_SESSION[uname]' AND Security_no = '$_SESSION[sec_no]'";
	$r = mysql_query($q);
	if(mysql_num_rows($r)== 1){

	// Generate a random password
	$password = "";
	$alpha = array_merge(range('a','z'), range('A','Z'), range(2,9));
	$rand_key = array_rand($alpha, ;
	foreach ($rand_key as $curKey){
	$password .= $alpha[$curKey];
	echo $password;
}

	//update the user password
	$q = "UPDATE tablename SET password = '".md5('$password')."' WHERE email = '$email' AND Sec_no = '$_SESSION[sec_no]'";
	$r = mysql_query ($q) or die('Cannot complete update');

	//send mail
	$to = $_POST['email'];
	$from = "forgot@example.com";
	$subject = "New password";
	$msg = "You recently requested that we send you a new password for ubs-bank.com. Your new password is: $password.\n
			Please log in at this URL: http://localhost/login.html \n
			Then go to this address to change your password: http://localhost/changepass.php";

	$success = mail("$to","$subject","$msg","From: $from\r\nReply-To:webmaster@example.com");

	if($success){
		echo "Password have been sent to you email address";
	}

	}else{
		echo "<font color='#990000'><b>Sorry, no such record in our databsae</b></font>";
	}
}

}

?>

 

I don't understand what you mean by literal string of password? is not the value of the randomly generated password parsed to the $password variable? if not, why does the variable $password echo out the values? and how would the value be assigned to a variable?

 

thanks

  • Solution

On this very subject: Earlier today I've posted a function to properly generate a secure password, which you may be interested in. You can find it in the PHP snippets section.

 

PS: Note that there is a slight bug with it, as I managed to mess up the order of parameters for the strtr () function. The correct line should read like this:

$password = strtr ($password, $find, $replace);

 

Hopefully a friendly admin/mod will fix that for me, as I can't edit the post myself by now. :(

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.