Send login information

Question

Vai 2 Junior Poster in Training

16 Years Ago

Any help would be greatly appreciated.

Goals:
1: Send a username / password based on a username and not someone remembering their
email address.

2: If it's possible to send an encrypted key, which would be a link to pass_update.php which would make the user change their password.

This is the form I use:

<table border="0" cellpadding="3" cellspacing="1" >
<tr>
<td valign="top"><strong>Enter your Username : </strong></td>
<td valign="top"><form name="form1" method="post" action="lost.php">
<input name="email_to" type="text" id="mail_to" size="25">
<input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</table>

Php to send information:

<?php
 $host="localhost";                   // Host name 
 $username='username';          // Mysql username 
 $password='password';            // Mysql password 
 $db_name='database name';    // Database name 

  //Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); 
    mysql_select_db("$db_name")or die("cannot select DB");
 
  // value sent from form 
    $email_to=$_POST['email_to'];

  // table name 
    $tbl_name=table_name; 
  
  // retrieve password from table where e-mail = $email_to(name@url.com) 
    $sql="SELECT field,field FROM $tbl_name WHERE field='$email_to'";
    $result=mysql_query($sql);

  // if found this e-mail address, row must be 1 row 
  // keep value in variable name "$count" 
    $count=mysql_num_rows($result);

  // compare if $count =1 row
     if($count==1)
      {
       $rows=mysql_fetch_array($result);

     // keep password in $your_password
       $your_username=$rows['uname'];
       $your_password=$rows['pw'];
     
     // ---------------- SEND MAIL FORM ---------------- 
     
     // send e-mail to ...
       $to=$email_to; 
     
     // Your subject 
       $subject="Your login Information"; 
     
     // From 
       $header="from: email@url.com <email@url.com>"; 
     
     // Your message 
       $messages= "Your password for login to our website \r\n";
       $messages.="Your username is $your_username \r\n";
       $messages.="Your password is $your_password \r\n";
    
     // send email 
       $sentmail = mail($to,$subject,$messages,$header); 

     }

  // else if $count not equal 1 
     else 
      {
       echo "Not found your email in our database";
     } 

 // if your email succesfully sent 
    if($sentmail)
     {
      echo "Your Password Has Been Sent To Your Email Address.";
    }
     else 
      {
       echo "Cannot send password to your e-mail address";
     }
?>

php

2 Contributors
7 Replies
118 Views
8 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by nav33n

nav33n 472 Purple hazed!

16 Years Ago

Instead of sending him his username and password, why not send him a link pass_update.php followed by a string of encrypted key. For example,
pass_update.php?secure=hash(email).hash(prev_password_field)
When the user clicks on the link, check if hash of email and hash of previous_password is valid. If yes, then let him change his password. Once he changes his password, this link becomes inactive. You can add more hashes to the link to make it more secure.

nav33n 472 Purple hazed!

16 Years Ago

Well, I dont have one. But it should be something like this.

$secure_id=md5($email).md5($password).md5("string"); // get $email, $password from the table for that username
$messages.="<a href='pass_update.php?sec=$secure_id&username=$username'>Update your password here! </a>"; 
...
?>

In pass_update.php,

$sec=$_GET['sec'];
//for that username, fetch his email and password from the table
$table_values=md5($email).md5($password).md5("string");
if($table_values == $sec ) { // valid link 
//show the fields to update the password
} else {
//  invalid link the user clicked on an expired link. 
echo "The link isn't valid anymore! ";
exit;
}

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Vai 2 Junior Poster in Training · Answer 1 · 2008-02-25T09:34:48+00:00

Vai 2 Junior Poster in Training

16 Years Ago

can you show me an actual example?

Vai 2 Junior Poster in Training · Answer 2 · 2008-02-25T10:01:16+00:00

ok, I am sorry for this question:
This code would be in my password.php correct?

$secure_id=md5($email).md5($password).md5("string"); // get $email, $password from the table for that username$messages.="<a href='pass_update.php?sec=$secure_id&username=$username'>Update your password here! </a>"; ...?>

nav33n 472 Purple hazed! Team Colleague Featured Poster · Answer 3 · 2008-02-25T10:02:53+00:00

nav33n 472 Purple hazed!

16 Years Ago

It would be in the mail you send to the users.

Vai 2 Junior Poster in Training · Answer 4 · 2008-02-25T10:05:30+00:00

Ok, Now I am confused and unsure how to combine everything.

nav33n 472 Purple hazed! Team Colleague Featured Poster · Answer 5 · 2008-02-25T11:56:01+00:00

Instead of passing the strings (your username is.. your password is..) in $message, pass the link. So the user gets the link from where he can update his password.