Jump to content

Archived

This topic is now archived and is closed to further replies.

Guest LALING

Lost Password Form

Recommended Posts

Guest LALING
I have this lost password form. But when I test it, it doesn't send a password at all. I also understand that it resets a password, and then sends it to the user. But I don't want it to reset the password. I just want it to send the current password to the user. Can someone help me out on why it's not showing a password in the email, and if it does reset the password, how can you change it to where it doesn't reset a user's password.

Here's the script: lostpassword.php

[code]
<html>
<head>
<title>My Invoice</title>
<link rel="stylesheet" href="inc/style.css" type="text/css">
</head>
<body>

  <p><img src="inc/title.gif" width="308" height="82"></p>
  <blockquote>
  <h1>Lost Password</h1>
  
<?php
include("inc/config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
?>

<?php
$action = $HTTP_GET_VARS['action'];

if(!$action)
{
?>

<p>&nbsp;</p>
<form name="form1" method="post" action="<?$PHP_SELF?>?action=yes">
  <table width="350" border="0" cellspacing="2" cellpadding="2" align="center">
    <tr>
      <td><b>Username:</b></td>
      <td>
        <input type="text" name="username">
      </td>
    </tr>
    <tr>
      <td><b>E-mail Address:</b></td>
      <td>
        <input type="text" name="email">
      </td>
      <td>
        <input type="Submit" name="submit" value="Enter">
      </td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>

<?php
}
else
{
    $username = $HTTP_POST_VARS['username'];
    $email = $HTTP_POST_VARS['email'];
    $query = "SELECT * FROM clients WHERE name = '$username' AND email = '$email'";
    $result = mysql_db_query($database, $query, $connection);
    if (mysql_num_rows($result) == 1)
    {
        $npass = $username;
        $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'";
        $uqry = mysql_query($usql);
        
        $subject = "Lost password for $username";
        $extra = "From: [email]host@hostingcompany.com[/email]\r\n";
        $recipient = "$email";
        $message = "Dear Customer,\n\n A new password for your username \"$username\" have been issued. Your new password is: \n$password\n Regards, \n$yourtitle";
        
        mail ($recipient, $subject, $message, $extra);
        
        echo("A new password have been issued and e-mailed to you.");
    }
    else
    {
        echo("<font color='red' size='2' face='verdana'>Sorry! but there is no such username and e-mail combination in our member database.");
        exit();
    }
}
?>

<?
include "inc/nav.inc";
include "inc/footer.inc";
?>
</body>
</html>
<!--
Copyright Notice:
This add-on created by [email]omair@omair-haroon.com[/email].

This script was written by Rob Minto, and is free for you to use.
Any improvements, please email [email]rob@widgetmonkey.com[/email].
Keep software free.
And please leave this copyright notice. Thanks.
-->
[/code]

Share this post


Link to post
Share on other sites
not that this is in the right forum... but, take out this:

[code]
     $npass = $username;
        $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'";
        $uqry = mysql_query($usql);
[/code]

to keep it from changing the password.

and it doesn't show your password in the email because $password was never set to anything. you need to retrieve the password from the database with a mysql_fetch_array or mysql_fetch_assoc after the query (inside your if num_rows == 1 condition)

but just so you know since your database appears to use the password() function you won't get anything meaningful back. for instance, if you password was monkey it would not return monkey. it would return the encrypted version of monkey. and there's nothing you can do about that. so unless you want to remove that whole password() part of your update query you're gonna have to live with having the password changed.

Share this post


Link to post
Share on other sites
Guest LALING
[!--quoteo(post=373472:date=May 13 2006, 02:22 AM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ May 13 2006, 02:22 AM) [snapback]373472[/snapback][/div][div class=\'quotemain\'][!--quotec--]
not that this is in the right forum... but, take out this:

[code]
     $npass = $username;
        $usql = "update clients set password=PASSWORD('$username') where email='$email' and name='$username'";
        $uqry = mysql_query($usql);
[/code]

to keep it from changing the password.

and it doesn't show your password in the email because $password was never set to anything. you need to retrieve the password from the database with a mysql_fetch_array or mysql_fetch_assoc after the query (inside your if num_rows == 1 condition)

but just so you know since your database appears to use the password() function you won't get anything meaningful back. for instance, if you password was monkey it would not return monkey. it would return the encrypted version of monkey. and there's nothing you can do about that. so unless you want to remove that whole password() part of your update query you're gonna have to live with having the password changed.
[/quote]


Really? I can't set it to where it grabs the current password, instead of resetting it?

Share this post


Link to post
Share on other sites
No... its hashed and cannot be reversed. Why are you using MySql's PASSWORD() function anyway? This should be reserved for internal MySql usage.

And oh yeah.... wrong forum.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.