webguync Posted March 25, 2008 Share Posted March 25, 2008 I have a username/password registration script where you enter info. from a PHP page and the results populate a MySQL table with ID, username and password, which is encrypted in the DB eg: e***1c127***45bc***34***20***394 I would like to add a link to a page where if the user loses their username or PW then that can be sent to their email address. I need assistance in how to create this. The code for the username/PW creation is below: <?php // Connects to your Database mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("bruceg_login") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now <a href="login_db.php"> login</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 25, 2008 Share Posted March 25, 2008 if its a md5 encrypted password it can not be "decrypted" and there for is unrecoverable 2 ways to circumnavigate this 1) You store user/pass data unencrypted in a second table for recovery purposes. 2) You regenerate a new password when they request a recovery. Quote Link to comment Share on other sites More sharing options...
papaface Posted March 25, 2008 Share Posted March 25, 2008 NEVER EVER do this: 1) You store user/pass data unencrypted in a second table for recovery purposes. Do this instead 2) You regenerate a new password when they request a recovery. Quote Link to comment Share on other sites More sharing options...
webguync Posted March 25, 2008 Author Share Posted March 25, 2008 thanks, I believe generating a new password is best also. I probably also need to be able to retrieve their username as well. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.