1,105,395 Community Members

MD5 forgot password

Member Avatar
whiteyoh
Posting Pro in Training
486 posts since Jun 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 15 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi,

I have a working account generator, which passes the password to mysql with MD5.

I am currently working on a forgot password script, which generates a new password and stores as md5, then emails the user, however, the new password is not recognised.

This is the forgot script. Can anybody see where the issue lies?

If required i can post the login execution script

<?php
session_start();  // Start Session
session_register("session");
include 'connect.php';
// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables  
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {
?>
<h2>Recover a forgotten password!</h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <p class="style3"><label for="email_address">Email:</label>
    <input type="text" title="Please enter your email address" name="email_address" size="30"/></p>
    <p class="style3"><label title="Reset Password">&nbsp</label>
    <input type="submit" value="Submit" class="submit-button"/></p>
</form>
<?php
}
elseif (empty($email_address)) {
    echo $empty_fields_message;
}
else {
$email_address=mysql_real_escape_string($email_address);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
$msg="Your email address is not correct<BR>"; 
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  $query="SELECT * FROM members WHERE email = '$email_address'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email_address;// email is stored to a variable
 if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='http://www.jackgodfrey.org.uk/register'>Register</a> </center>"; exit;}
function makeRandomPassword() { 
          $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
          srand((double)microtime()*1000000);  
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
                $i++; 
          } 
          return $pass; 
    } 
    $random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
     
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'"); 
     
    $subject = "Your password at www.silverlinksoftware.com"; 
    $message = "Hi, we have reset your password. 
     
    New Password: $random_password 
     
    http://www.domaincom/admin/login-form.php
    Once logged in you can change your password 
     
    Thanks! 
    Site admin 
     
    This is an automated response, please do not reply!"; 
     
    mail($email_address, $subject, $message, "From: Silverlinksoftware.com Webmaster<me@hotmail.com>\n 
        X-Mailer: PHP/" . phpversion()); 
    echo "Your password has been sent! Please check your email!<br />"; 
    echo "<br><br>Click <a href='http://www.domain.com/admin/login-form.php'>here</a> to login";
 } 
 else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
}
?>
Member Avatar
TommyBs
Junior Poster in Training
61 posts since Mar 2008
Reputation Points: 1 [?]
Q&As Helped to Solve: 11 [?]
Skill Endorsements: 0 [?]
 
0
 

I take it you've tried the usual steps of displaying mysql_error(), using echo to display the results so that you can see the plain new password as well as the md5 password and then comparing that with what is in the database?

Member Avatar
hireaprogrammer
Junior Poster in Training
92 posts since Jul 2009
Reputation Points: -1 [?]
Q&As Helped to Solve: 2 [?]
Skill Endorsements: 0 [?]
 
0
 
$random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
      echo md5($db_password);
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'");
echo $db_password

You will see both Password and please match with database i hope you will get solution .

Please conform that your login working or not with MD5 please...

Member Avatar
sehr_an
Newbie Poster
1 post since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article