Jump to content


Lost Password Form


  • Please log in to reply
3 replies to this topic

#1 Guest_LALING_*

Guest_LALING_*
  • Guests

Posted 13 May 2006 - 01:46 AM

I have this lost password form. But when I test it, it doesn't send a password at all. I also understand that it resets a password, and then sends it to the user. But I don't want it to reset the password. I just want it to send the current password to the user. Can someone help me out on why it's not showing a password in the email, and if it does reset the password, how can you change it to where it doesn't reset a user's password.

Here's the script: lostpassword.php

<html>
<head>
<title>My Invoice</title>
<link rel="stylesheet" href="inc/style.css" type="text/css">
</head>
<body>

  <p><img src="inc/title.gif" width="308" height="82"></p>
  <blockquote> 
  <h1>Lost Password</h1>
  
<?php 
include("inc/config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
?>

<?php
$action = $HTTP_GET_VARS['action'];

if(!$action)
{
?>

<p>&nbsp;</p>
<form name="form1" method="post" action="<?$PHP_SELF?>?action=yes">
  <table width="350" border="0" cellspacing="2" cellpadding="2" align="center">
    <tr>
      <td><b>Username:</b></td>
      <td>
        <input type="text" name="username">
      </td>
    </tr>
    <tr>
      <td><b>E-mail Address:</b></td>
      <td>
        <input type="text" name="email">
      </td>
      <td>
        <input type="Submit" name="submit" value="Enter">
      </td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>

<?php
}
else
{
    $username = $HTTP_POST_VARS['username'];
    $email = $HTTP_POST_VARS['email'];
    $query = "SELECT * FROM clients WHERE name = '$username' AND email = '$email'";
    $result = mysql_db_query($database, $query, $connection);
    if (mysql_num_rows($result) == 1)
    {
        $npass = $username;
        $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'";
        $uqry = mysql_query($usql);
        
        $subject = "Lost password for $username";
        $extra = "From: [email]host@hostingcompany.com[/email]\r\n";
        $recipient = "$email";
        $message = "Dear Customer,\n\n A new password for your username \"$username\" have been issued. Your new password is: \n$password\n Regards, \n$yourtitle";
        
        mail ($recipient, $subject, $message, $extra);
        
        echo("A new password have been issued and e-mailed to you.");
    }
    else
    {
        echo("<font color='red' size='2' face='verdana'>Sorry! but there is no such username and e-mail combination in our member database.");
        exit();
    }
}
?>

<?
include "inc/nav.inc";
include "inc/footer.inc";
?>
</body>
</html>
<!-- 
Copyright Notice:
This add-on created by [email]omair@omair-haroon.com[/email]. 

This script was written by Rob Minto, and is free for you to use. 
Any improvements, please email [email]rob@widgetmonkey.com[/email]. 
Keep software free. 
And please leave this copyright notice. Thanks.
-->


#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 13 May 2006 - 09:22 AM

not that this is in the right forum... but, take out this:

     $npass = $username;
        $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'";
        $uqry = mysql_query($usql);

to keep it from changing the password.

and it doesn't show your password in the email because $password was never set to anything. you need to retrieve the password from the database with a mysql_fetch_array or mysql_fetch_assoc after the query (inside your if num_rows == 1 condition)

but just so you know since your database appears to use the password() function you won't get anything meaningful back. for instance, if you password was monkey it would not return monkey. it would return the encrypted version of monkey. and there's nothing you can do about that. so unless you want to remove that whole password() part of your update query you're gonna have to live with having the password changed.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 Guest_LALING_*

Guest_LALING_*
  • Guests

Posted 13 May 2006 - 09:32 AM

[!--quoteo(post=373472:date=May 13 2006, 02:22 AM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ May 13 2006, 02:22 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
not that this is in the right forum... but, take out this:

     $npass = $username;
        $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'";
        $uqry = mysql_query($usql);

to keep it from changing the password.

and it doesn't show your password in the email because $password was never set to anything. you need to retrieve the password from the database with a mysql_fetch_array or mysql_fetch_assoc after the query (inside your if num_rows == 1 condition)

but just so you know since your database appears to use the password() function you won't get anything meaningful back. for instance, if you password was monkey it would not return monkey. it would return the encrypted version of monkey. and there's nothing you can do about that. so unless you want to remove that whole password() part of your update query you're gonna have to live with having the password changed.
[/quote]


Really? I can't set it to where it grabs the current password, instead of resetting it?

#4 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 15 May 2006 - 03:03 AM

No... its hashed and cannot be reversed. Why are you using MySql's PASSWORD() function anyway? This should be reserved for internal MySql usage.

And oh yeah.... wrong forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users