Guest LALING Posted May 13, 2006 Share Posted May 13, 2006 I have this lost password form. But when I test it, it doesn't send a password at all. I also understand that it resets a password, and then sends it to the user. But I don't want it to reset the password. I just want it to send the current password to the user. Can someone help me out on why it's not showing a password in the email, and if it does reset the password, how can you change it to where it doesn't reset a user's password.Here's the script: lostpassword.php[code]<html><head><title>My Invoice</title><link rel="stylesheet" href="inc/style.css" type="text/css"></head><body> <p><img src="inc/title.gif" width="308" height="82"></p> <blockquote> <h1>Lost Password</h1> <?php include("inc/config.php");$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");?><?php$action = $HTTP_GET_VARS['action'];if(!$action){?><p> </p><form name="form1" method="post" action="<?$PHP_SELF?>?action=yes"> <table width="350" border="0" cellspacing="2" cellpadding="2" align="center"> <tr> <td><b>Username:</b></td> <td> <input type="text" name="username"> </td> </tr> <tr> <td><b>E-mail Address:</b></td> <td> <input type="text" name="email"> </td> <td> <input type="Submit" name="submit" value="Enter"> </td> </tr> <tr> <td> </td> <td> </td> </tr> </table></form><?php}else{ $username = $HTTP_POST_VARS['username']; $email = $HTTP_POST_VARS['email']; $query = "SELECT * FROM clients WHERE name = '$username' AND email = '$email'"; $result = mysql_db_query($database, $query, $connection); if (mysql_num_rows($result) == 1) { $npass = $username; $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'"; $uqry = mysql_query($usql); $subject = "Lost password for $username"; $extra = "From: [email]host@hostingcompany.com[/email]\r\n"; $recipient = "$email"; $message = "Dear Customer,\n\n A new password for your username \"$username\" have been issued. Your new password is: \n$password\n Regards, \n$yourtitle"; mail ($recipient, $subject, $message, $extra); echo("A new password have been issued and e-mailed to you."); } else { echo("<font color='red' size='2' face='verdana'>Sorry! but there is no such username and e-mail combination in our member database."); exit(); }}?><?include "inc/nav.inc";include "inc/footer.inc";?></body></html><!-- Copyright Notice:This add-on created by [email]omair@omair-haroon.com[/email]. This script was written by Rob Minto, and is free for you to use. Any improvements, please email [email]rob@widgetmonkey.com[/email]. Keep software free. And please leave this copyright notice. Thanks.-->[/code] Quote Link to comment Share on other sites More sharing options...
.josh Posted May 13, 2006 Share Posted May 13, 2006 not that this is in the right forum... but, take out this:[code] $npass = $username; $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'"; $uqry = mysql_query($usql);[/code]to keep it from changing the password.and it doesn't show your password in the email because $password was never set to anything. you need to retrieve the password from the database with a mysql_fetch_array or mysql_fetch_assoc after the query (inside your if num_rows == 1 condition) but just so you know since your database appears to use the password() function you won't get anything meaningful back. for instance, if you password was monkey it would not return monkey. it would return the encrypted version of monkey. and there's nothing you can do about that. so unless you want to remove that whole password() part of your update query you're gonna have to live with having the password changed. Quote Link to comment Share on other sites More sharing options...
Guest LALING Posted May 13, 2006 Share Posted May 13, 2006 [!--quoteo(post=373472:date=May 13 2006, 02:22 AM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ May 13 2006, 02:22 AM) [snapback]373472[/snapback][/div][div class=\'quotemain\'][!--quotec--]not that this is in the right forum... but, take out this:[code] $npass = $username; $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'"; $uqry = mysql_query($usql);[/code]to keep it from changing the password.and it doesn't show your password in the email because $password was never set to anything. you need to retrieve the password from the database with a mysql_fetch_array or mysql_fetch_assoc after the query (inside your if num_rows == 1 condition) but just so you know since your database appears to use the password() function you won't get anything meaningful back. for instance, if you password was monkey it would not return monkey. it would return the encrypted version of monkey. and there's nothing you can do about that. so unless you want to remove that whole password() part of your update query you're gonna have to live with having the password changed.[/quote]Really? I can't set it to where it grabs the current password, instead of resetting it? Quote Link to comment Share on other sites More sharing options...
trq Posted May 15, 2006 Share Posted May 15, 2006 No... its hashed and cannot be reversed. Why are you using MySql's PASSWORD() function anyway? This should be reserved for internal MySql usage.And oh yeah.... wrong forum. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.