Jump to content

forgot password script issue


Go to solution Solved by PaulRyan,

Recommended Posts

Hi

 

I got a registration, login script in my little test project I am working on and it all works perfect and the forgot password works but it is set to enter username and I am trying to change it to email as users remember their email address more than what username they use

 

I got the script from the following link, it is all in mysqli etc.

 

https://app.box.com/s/zrwnsa36x8iifou1zdim

 

the coding looks like it is attached to four different php files which I have posted in pastebin and provided the links below

 

I have had a go myself at changing it from username to email but not had any joy so far

 

http://pastebin.com/N8G3Ua0T - forgotpass.php

 

http://pastebin.com/mV5w28ni - process.php

 

http://pastebin.com/N8RApV6m - include/session.php

 

http://pastebin.com/RyceNBFK - include/database.php

 

I have not changed the session.php and database.php as could not see anything in there to change so just changed the forgotpass.php and process.php file from username to email

 

I have commented out the coding for username in process.php and put the email coding just below it, it starts on line 120

 

Sorry

Link to comment
https://forums.phpfreaks.com/topic/297061-forgot-password-script-issue/
Share on other sites

  • Solution

The forgot password function you are trying to implement isn't really viable.

 

Anyone could go on to your website, enter someone elses username and then reset that persons password.

 

The best method is to firstly, allow a person to enter their username.

Send an e-amil to their e-mail address with a password reset link.

The link will go to your website, and you will then send out a new password for them to log in with.

 

The benefits of the above is that, if I went to your website and entered a username, the password wouldn't change, unless the user associated with that username clicked on the link sent to them.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.