Php User Password Recovery Script

Nairaland Forum | Technology | Programming (Moderator: Dual Core) | Php User Password Recovery Script

Pages: (1)

Author

Topic: Php User Password Recovery Script (Read 311 views)

LiquidMind (m)

Php User Password Recovery Script

« on: April 11, 2007, 01:14 AM »

Hello Programmers,

I need a simple PHP password recovery script to put on my site for user who have forgotten there password,

Am still a newbie to programming and i would really appreciate any help I can get from this forum,

ALL CONTRIBUTION IS APPRECIATED : THANKS

naijaguru (m)

Re: Php User Password Recovery Script

« #1 on: April 11, 2007, 02:03 PM »

My brother,

There are two options, and it depends on your signup form / user DB. If you encrypted the password using md5($password) for example, which is recommended, you would have to reset the password and not resend

I can't start coding because I am in a cafe right now, but let me give you a guideline which is better.

1. For Resend, Simple set up a page with a form of one field or two if you like:

Something like

username,
email,
submit

Then check ur db for a correlation between this two fields. Your CODE should be like

//Write SQL
$sql = "SELECT * FROM user_table WHERE username = '$username' AND email = '$email' LIMIT 1";
$result = mysql_query($sql) or die ('Could not check username with email: '.mysql_error());
//Check if query return an empty result set
if(mysql_num_rows($result) < 1)
{
$error = "Username and Email doesn't match, please try again";
}
else
{
$row = mysql_fetch_assoc($result);
//extract the $row array to get an email and password variable of the user's email and password
extract($row); //The u have the variable $password (if not encrypted) and $email

//use the mail() function to send the details to the email address from ur DB! and not the one provided.
}

2. For Reset

When you get to the else clause, you generate a password, you can use the rand() function, then use the mail() function to send before updating the password in the DB! don't update before sending, because if sending failed, u would have reset the poor guys password.

If you need a better script, go onlie, but try coding one yourself for learning purpose. More help use naijaguru [at] the free email service provided by google.

Cheers

Otuyelu (m)

Re: Php User Password Recovery Script

« #2 on: April 11, 2007, 03:20 PM »

If you are in early development stages in your application, you may be better off using a "Development Framework", which already have fully developed user management modules and tons of other useful modules. I personally used http://codeigniter.com which has a very light code weight and is easy to get started with watch these introductory video http://codeigniter.com/tutorials/.

However if you are doing major application development with a team behind you, you may chose one of the more optimized frameworks such as http://www.cakephp.org/ or http://www.symfony-project.com/.

If all you simply want is a prepackaged set of authentication scripts, you will find them here http://www.hotscripts.com/search/14908215.html Simply follow and modify the code to suite your application to your heart's content.

Lest I forget my favorite resource, http://sourceforge.net/ you will find tons of full fledged PHP OpenSource applications with scripted authentication systems, whose code you may peruse to learn tested OOP based secure auth variable/logic layouts, including all important concepts such as "filtering input and escaping output" of variables.

oleku (m)

Re: Php User Password Recovery Script

« #3 on: April 11, 2007, 03:27 PM »

I want to believe that naijaguru has fixed your problem. If you still need any help paste your table structure here we would help you write a complete script.

Oleku
www.oleku.org
www.faceoffestac.net *Activated

LiquidMind (m)

Re: Php User Password Recovery Script

« #4 on: April 14, 2007, 02:58 AM »

(THANK YOU ALL FOR SUPPORTING ME, I APPRECIATE ALL YOUR COMMENT ),

CHECK IF THERE IS ANY SECURITY HOLE IN THIS SCRIPT ,

<?php

$conn = mysql_connect("localhost","root","root");
mysql_select_db("user");

$email=strip_tags($email);
if (!preg_match("/^([a-zA-Z0-9])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)+/", $email=$_POST['email']))
{
die("Please Enter A valid e-mail address");
}

$query="SELECT email,username,password FROM user WHERE email = '$email'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center>No Password Sorry Your address is not there in our database . You can signup and login to use our site. 
 <a href='SIGHNUP.HTML'> Sign UP </a> </center>";
exit;}

// formating the mail posting
// headers here
$headers4="admin@someone.net"; // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// for html mail un-comment the above line
// mail funciton will return true if it is successful
if(mail("$em","Your Request for login details","This is in response to your request for login detailst at Holly Faith \n \nLogin ID: $row->username \n Password: $row->password \n\n Thank You \n \n siteadmin","$headers")){echo "<center>THANK YOU Your password is posted to your emil address . Please check your mail after some time. </center>";}

?>

Microfinance Bank Software Converting Stand-alone Application To Network-based(client-server) Who Is Microsoft - The Reasons Why. Page 2

Pages: (1)