kisuka Posted January 20, 2008 Share Posted January 20, 2008 Hello, I use this control panel for my game server, but the creator of it seems to have stopped working on it and the forgot password thing seems to have never been finished or fixed or something, it says the mail was sent but you never get an email. I think some of the code he used is in some kinda brazilian php... please take a look at the forgot password thing here and tell me how to fix it o.o mail.php: http://phpfi.com/291064 recover.php: http://phpfi.com/291065 Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted January 20, 2008 Share Posted January 20, 2008 first off, I haven't read the code, but you should NEVER send the user their password, either they should get a "new" temporary password, or, they should be given a special link where they can create a new one. If the database contains readable user passwords the database is NOT secure. Quote Link to comment Share on other sites More sharing options...
kisuka Posted January 20, 2008 Author Share Posted January 20, 2008 oh o.o... could you tell me how i would make such a system? Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted January 20, 2008 Share Posted January 20, 2008 which way do you want to go? Temporary password, or choose their own password? Quote Link to comment Share on other sites More sharing options...
kisuka Posted January 20, 2008 Author Share Posted January 20, 2008 new password i think would be best, sometimes temp password can be messy(past exp). Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted January 20, 2008 Share Posted January 20, 2008 well, first in your database you would need to make a field that would change, for extra security. It would display whether or not the user requested a password change or not. For example use 0 and 1. 0 = no password request 1 = password change request so if the field is set to 1, you would send them a link in an email that would link them to a page with a form to change the password. When the password is submitted, you need to check the URL GET variable against multiple things in the database.... such as: email userid authentication code and password request number. if the number is set to 0 don't allow the password to change in the database. If it is zero, and the variables in the URL match the ones related to that user in the database allow for the password change. The more URL variable to match, the harder it will be to hack. Quote Link to comment Share on other sites More sharing options...
kisuka Posted January 20, 2008 Author Share Posted January 20, 2008 ah kk, hmm that sounds a bit to hard for my knowledge in php xD think temp password would be easier? o.O Quote Link to comment Share on other sites More sharing options...
revraz Posted January 20, 2008 Share Posted January 20, 2008 Yeah, you can set a temp pw in the DB and then just email them that temp pw. Do you allow them to change it once they log in? Quote Link to comment Share on other sites More sharing options...
kisuka Posted January 20, 2008 Author Share Posted January 20, 2008 ya they can change it when they login, u can see it here: www.ragnarokrevolution.com/RROCP Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.