0

I need a lost password script for my existing login script. I need one that sends an email to the person once they enter their username. It is in a database with other things but the tables name is "profiles". The rows in that table are "id" "email" "username" "password". (the password is enscripted). I use phpMyadmin


Please help me! This is urgent!!

6
Contributors
9
Replies
38
Views
6 Years
Discussion Span
Last Post by pritaeas
1

Hello there, and welcome to DaniWeb.

I'm not a moderator or anything other than a regular old poster here, but I can tell you that two things will not get you the help you are looking for:

1. Requesting things to be made for you. As I understand it, this forum is for people who are looking for help and/or advice concerning their code/configurations/errors, etc.

2. Spamming the forum by making one thread and then making the exact same one a bit later with the word 'URGENT!!!!!!'.


I'm not trying to be a jerk here- this is just my understanding. And my perception is that you are requesting that contributors to this forum 'make code' for you, and that you demand it be done quickly (lest you create a new thread insisting you receive help sooner). Having urgent projects that require immediate assistance is why people hire programmers, or extra programmers. And if you're looking for a pre-made script, then that's what search engines are for.


However, I for one would be quite happy to assist you if you could provide some code that you are having issues with and needed help looking it over, or had a question about a concept or methodology. If you're asking about pre-made scripts, maybe you have a list of certain possibles and would like some help deciding which one to use?

Edited by TySkby: n/a

1

Sorry i am new here.
The code i have so far (found on google search) is:

<?

$host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 


//Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); 
mysql_select_db("$db_name")or die("cannot select DB");

// value sent from form 
$email_to=$_POST['email_to'];

// table name 
$tbl_name=profiles; 

// retrieve password from table where e-mail = $email_to(mark@phpeasystep.com) 
$sql="SELECT password FROM $tbl_name WHERE email='$email_to'";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row 
// keep value in variable name "$count" 
$count=mysql_num_rows($result);

if($count==1){

$rows=mysql_fetch_array($result);

$your_password=$rows['password'];

$to=$email_to; 

$subject="Your password here"; 

$header="from: your name <your email>"; 

$messages= "Your password for login to our website \r\n";
$messages.="Your password is $your_password \r\n";
$messages.="more message... \r\n";

// send email 
$sentmail = mail($to,$subject,$messages,$header); 

}

// else if $count not equal 1 
else {
echo "Not found your email in our database";
}

// if your email succesfully sent 
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}

?>

This would work fine but the passwords are enscripted. When i run this code it shows the password enscripted in the email.

This is in register.php which enscripts it:

 $encryptedpassword=md5($password);

Edited by Nick Evan: Fixed formatting

-1

Hello Max i look after your script , i was also looking same script for my own website .I think this may be helpful to me.Here i got enough idea to build the forget password page script .

0

do NOT send the password via email,
defeats the whole purpose of security,
send a link via email, to the email address of registration ONLY,
to a page that logs them in, and requires they reset the password

Edited by almostbob: n/a

0

Agreeing with almostbob here. A registration email with a reset password link/form would be best for security.

Additionally, if you are storing an encrypted form of the password in the database, it's not possible* to retrieve the original password. The point of encrypting it is that only the original password will match an md5 encryption. It's good that the password is encrypted in the DB, and it really makes almostbob's solution the most appropriate way to reset your users' passwords.


*By which I mean 'not feasible' or 'not possible in theory'.

2

There are lots of ways to do this, but here's a relatively simple example. Maybe others can chip in a few other ways of doing this.


1. Create a new nullable column in MySQL 'profiles' table (maybe call it 'reset_token')
2. If a user needs a password reset, give them a form to type their email address and hit 'submit'.
3. When the form is submitted, generate a random unique value for 'reset_token' and save it to that user's row in MySQL. Then send an email with the 'reset token' value to the user and a link that takes them to a password reset page.
4. On the password reset page, have a form for the user to type their email address, their provided reset token, and a new password.
5. When that form is submitted, check to see that the reset token matches with the email address in the 'profiles' table. If it does, md5() encrypt the new password and replace the old encrypted password with the new one.

Votes + Comments
like it
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.