1.11M Members

MD5 forgot password

 
0
 

Hi,

I have a working account generator, which passes the password to mysql with MD5.

I am currently working on a forgot password script, which generates a new password and stores as md5, then emails the user, however, the new password is not recognised.

This is the forgot script. Can anybody see where the issue lies?

If required i can post the login execution script

<?php
session_start();  // Start Session
session_register("session");
include 'connect.php';
// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables  
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {
?>
<h2>Recover a forgotten password!</h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <p class="style3"><label for="email_address">Email:</label>
    <input type="text" title="Please enter your email address" name="email_address" size="30"/></p>
    <p class="style3"><label title="Reset Password">&nbsp</label>
    <input type="submit" value="Submit" class="submit-button"/></p>
</form>
<?php
}
elseif (empty($email_address)) {
    echo $empty_fields_message;
}
else {
$email_address=mysql_real_escape_string($email_address);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
$msg="Your email address is not correct<BR>"; 
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  $query="SELECT * FROM members WHERE email = '$email_address'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email_address;// email is stored to a variable
 if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='http://www.jackgodfrey.org.uk/register'>Register</a> </center>"; exit;}
function makeRandomPassword() { 
          $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
          srand((double)microtime()*1000000);  
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
                $i++; 
          } 
          return $pass; 
    } 
    $random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
     
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'"); 
     
    $subject = "Your password at www.silverlinksoftware.com"; 
    $message = "Hi, we have reset your password. 
     
    New Password: $random_password 
     
    http://www.domaincom/admin/login-form.php
    Once logged in you can change your password 
     
    Thanks! 
    Site admin 
     
    This is an automated response, please do not reply!"; 
     
    mail($email_address, $subject, $message, "From: Silverlinksoftware.com Webmaster<me@hotmail.com>\n 
        X-Mailer: PHP/" . phpversion()); 
    echo "Your password has been sent! Please check your email!<br />"; 
    echo "<br><br>Click <a href='http://www.domain.com/admin/login-form.php'>here</a> to login";
 } 
 else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
}
?>
 
0
 

I take it you've tried the usual steps of displaying mysql_error(), using echo to display the results so that you can see the plain new password as well as the md5 password and then comparing that with what is in the database?

 
0
 
$random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
      echo md5($db_password);
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'");
echo $db_password

You will see both Password and please match with database i hope you will get solution .

Please conform that your login working or not with MD5 please...

 
0
 

Thanks

You
This article has been dead for over six months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article