webguync Posted March 25, 2008 Share Posted March 25, 2008 I have a username/password registration script where you enter info. from a PHP page and the results populate a MySQL table with ID, username and password, which is encrypted in the DB eg: e***1c127***45bc***34***20***394 I would like to add a link to a page where if the user loses their username or PW then that can be sent to their email address. I need assistance in how to create this. The code for the username/PW creation is below: <?php // Connects to your Database mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("bruceg_login") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now <a href="login_db.php"> login</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?> Link to comment https://forums.phpfreaks.com/topic/97858-lost-password-script/ Share on other sites More sharing options...
cooldude832 Posted March 25, 2008 Share Posted March 25, 2008 if its a md5 encrypted password it can not be "decrypted" and there for is unrecoverable 2 ways to circumnavigate this 1) You store user/pass data unencrypted in a second table for recovery purposes. 2) You regenerate a new password when they request a recovery. Link to comment https://forums.phpfreaks.com/topic/97858-lost-password-script/#findComment-500716 Share on other sites More sharing options...
papaface Posted March 25, 2008 Share Posted March 25, 2008 NEVER EVER do this: 1) You store user/pass data unencrypted in a second table for recovery purposes. Do this instead 2) You regenerate a new password when they request a recovery. Link to comment https://forums.phpfreaks.com/topic/97858-lost-password-script/#findComment-500725 Share on other sites More sharing options...
webguync Posted March 25, 2008 Author Share Posted March 25, 2008 thanks, I believe generating a new password is best also. I probably also need to be able to retrieve their username as well. Link to comment https://forums.phpfreaks.com/topic/97858-lost-password-script/#findComment-500726 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.