Any help would be greatly appreciated.

1: Send a username / password based on a username and not someone remembering their
email address.

2: If it's possible to send an encrypted key, which would be a link to pass_update.php which would make the user change their password.

This is the form I use:

<table border="0" cellpadding="3" cellspacing="1" >
<td valign="top"><strong>Enter your Username : </strong></td>
<td valign="top"><form name="form1" method="post" action="lost.php">
<input name="email_to" type="text" id="mail_to" size="25">
<input type="submit" name="Submit" value="Submit">

Php to send information:

 $host="localhost";                   // Host name 
 $username='username';          // Mysql username 
 $password='password';            // Mysql password 
 $db_name='database name';    // Database name 

  //Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); 
    mysql_select_db("$db_name")or die("cannot select DB");
  // value sent from form 

  // table name 
  // retrieve password from table where e-mail = $email_to(name@url.com) 
    $sql="SELECT field,field FROM $tbl_name WHERE field='$email_to'";

  // if found this e-mail address, row must be 1 row 
  // keep value in variable name "$count" 

  // compare if $count =1 row

     // keep password in $your_password
     // ---------------- SEND MAIL FORM ---------------- 
     // send e-mail to ...
     // Your subject 
       $subject="Your login Information"; 
     // From 
       $header="from: email@url.com <email@url.com>"; 
     // Your message 
       $messages= "Your password for login to our website \r\n";
       $messages.="Your username is $your_username \r\n";
       $messages.="Your password is $your_password \r\n";
     // send email 
       $sentmail = mail($to,$subject,$messages,$header); 


  // else if $count not equal 1 
       echo "Not found your email in our database";

 // if your email succesfully sent 
      echo "Your Password Has Been Sent To Your Email Address.";
       echo "Cannot send password to your e-mail address";
9 Years
Discussion Span
Last Post by nav33n

Instead of sending him his username and password, why not send him a link pass_update.php followed by a string of encrypted key. For example,
When the user clicks on the link, check if hash of email and hash of previous_password is valid. If yes, then let him change his password. Once he changes his password, this link becomes inactive. You can add more hashes to the link to make it more secure.


Well, I dont have one. But it should be something like this.

$secure_id=md5($email).md5($password).md5("string"); // get $email, $password from the table for that username
$messages.="<a href='pass_update.php?sec=$secure_id&username=$username'>Update your password here! </a>"; 

In pass_update.php,

//for that username, fetch his email and password from the table
if($table_values == $sec ) { // valid link 
//show the fields to update the password
} else {
//  invalid link the user clicked on an expired link. 
echo "The link isn't valid anymore! ";

ok, I am sorry for this question:
This code would be in my password.php correct?

$secure_id=md5($email).md5($password).md5("string"); // get $email, $password from the table for that username$messages.="<a href='pass_update.php?sec=$secure_id&username=$username'>Update your password here! </a>"; ...?>

Ok, Now I am confused and unsure how to combine everything.


Instead of passing the strings (your username is.. your password is..) in $message, pass the link. So the user gets the link from where he can update his password.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.