Jump to content

help with forgot password script

kisuka

By kisuka
in PHP Coding Help

 Share

Recommended Posts

kisuka Newbie

kisuka

Posted
Posted

Hello,

I use this control panel for my game server, but the creator of it seems to have stopped working on it and the forgot password thing seems to have never been finished or fixed or something, it says the mail was sent but you never get an email. I think some of the code he used is in some kinda brazilian php... please take a look at the forgot password thing here and tell me how to fix it o.o

 

mail.php: http://phpfi.com/291064

recover.php: http://phpfi.com/291065

Link to comment
https://forums.phpfreaks.com/topic/86953-help-with-forgot-password-script/
Share on other sites
The Little Guy Prolific Member

The Little Guy

Posted
Posted

first off, I haven't read the code, but you should NEVER send the user their password, either they should get a "new" temporary password, or, they should be given a special link where they can create a new one.

 

If the database contains readable user passwords the database is NOT secure.

The Little Guy Prolific Member

The Little Guy

Posted
Posted

well, first in your database you would need to make a field that would change, for extra security. It would display whether or not the user requested a password change or not. For example use 0 and  1.

 

0 = no password request

1 = password change request

 

so if the field is set to 1, you would send them a link in an email that would link them to a page with a form to change the password.

 

When the password is submitted, you need to check the URL GET variable against multiple things in the database.... such as:

 

email

userid

authentication code

and password request number.

 

if the number is set to 0 don't allow the password to change in the database.

If it is zero, and the variables in the URL match the ones related to that user in the database allow for the password change. The more URL variable to match, the harder it will be to hack.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.