PDA

View Full Version : reset a forgot password via email


deafboyzaudio
02-09-2010, 09:41 PM
Hi,
I have sha1 encryption on my passwords. I am making a 'forgot password' functionality in my user login system.

This is what I have so far:
1. The user forgets their password.
2. They enter their email and then an email gets sent to them with their username.
3. This is where i need help.

I want mine to send a link in the email, a link you can click and it takes you to a reset Pass Word page where you have to reset it.

Of course this page can ONLY be accesed through this link so how would i even start to do something like this. I need a tutorial or a good push in the right direction.

Adobe.com does this exact process for their forgot passwords if you need an example.

thanks

davidj
02-10-2010, 10:21 AM
what are you stuck with

The mail bit or everything in general

deafboyzaudio
02-10-2010, 04:20 PM
I can get the mail to send.... I just need help putting a link in it that will enable the user to reset their password.

here is the code I have so far:
$colname_Recordset1 = $_POST['eMail'];
mysql_select_db($database_db294582132, $db294582132);
$query_Recordset1 = sprintf("SELECT * FROM user_data WHERE e_mail = %s", GetSQLValueString($colname_Recordset1, "text"));
$Recordset1 = mysql_query($query_Recordset1, $db294582132) or die(mysql_error());
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

//see if email exists
if($totalRows_Recordset1 == 0){
echo 'that E-mail address was not found. Please make sure you have entered it correctly';
}
//if email exists, get login info for each instance of that email
elseif($totalRows_Recordset1 >= 1){
while($row_Recordset1 = mysql_fetch_assoc($Recordset1)){
$email = $row_Recordset1['e_mail'];
$username = $row_Recordset1['username'];
$first_name = $row_Recordset1['first_name'];


$from = 'Deaf Boyz Audio';
$to = "$email";
$subject = 'Login Info';
$message = 'Hello '.$first_name.','."\r\n\n".'Here is the login info that your requested'."\r\n\n\n".'Username: '.$username."\r\n\n".
'Please follow this link to reset your password'."\r\n\n".'This E-mail was sent by an automatic response system. DO NOT reply to this email... It WILL NOT be received.'"\r\n\n".'If you would like to contact us please do it on our feedback from at www.deafboyzaudio.com/feedback.php';
$reply = 'no_reply@deafboyzaudio.com';


$headers = 'From: ' .$from. "\r\n" .
'Reply-To: ' .$reply. "\r\n" .
'X-Mailer: PHP/' . phpversion();

mail ($to, $subject, $message, $headers);
}
}

davidj
02-10-2010, 06:16 PM
you using Dreamweaver to write your PHP?

deafboyzaudio
02-10-2010, 07:49 PM
I have been writing everything by hand lately except for this one query, I decided to give DW's record set a try....

I do know how to code by hand though if thats what your asking... at a moderate level at least

davidj
02-12-2010, 06:09 AM
I kept on looking at your name and code. I couldn't believe it was your code as I know your ability!

Never touch those wizards again!! Hold your head in shame!!

Anyhoo. back to your question.

I suggest the following. When the user clicks the 'forgot password' link they are taken to a page with a email field. The user keys an email addy and submits. The address must be one which is registered already.

The address will be matched to the account in the db

If its matched then a session is created with a random value. This value is used within the link construction

Create an email function and when you create the the link to access your 'reset password' page create a querystring and use the session value

link_to_page.php?key=4527345698uuhyvvwhen the user clicks this then you catch the session value and match them both. If they match allow them to reset passwords

simples

deafboyzaudio
02-13-2010, 06:55 AM
Never touch those wizards again!! Hold your head in shame!!

Your a funny guy... Im sorry, This really was the first time, I was feeling lazy... besides, the mouse made me do it... I swear.:mrgreen:

But lesson learned... The time I saved I wasted 10 fold keeping track of all the caps DW mixes in the $vars and the weird way they organize it, never again.


Not only did I get the link to work but I setup custom error messages depending on how the process was invalidated... you know got all the bases covered.


After the user resets their password they are redirected to the login page where their username is Automatically filled into the login form.... first time ive really used query strings

pretty cool huh?

Thanks for the idea on how to do it David, appreciate it. Ill post up the code here some other time... im sittin on the Lay-z-boy now and I aint goin upstairs to get all my code.

deafboyzaudio
02-17-2010, 05:01 PM
Hey David,
I got some questions on this same issue for ya...

First here is my source code for the userPassRetrieval.php page:
//start to get email from DB
$colname_Recordset1 = "-1";
$colname_Recordset1 = $_POST['eMail'];
mysql_select_db($database_db294582132, $db294582132);
$query_Recordset1 = sprintf("SELECT * FROM user_data WHERE e_mail = %s", GetSQLValueString($colname_Recordset1, "text"));
$Recordset1 = mysql_query($query_Recordset1, $db294582132) or die(mysql_error());
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

//see if email exists
if($totalRows_Recordset1 == 0){
echo 'that E-mail address was not found. Please make sure you have entered it correctly';
}
//if email exists, get login info for each instance of that email
elseif($totalRows_Recordset1 >= 1){


//print_r($_SESSION);

//loop through each instance of that email and send email to address
while($row_Recordset1 = mysql_fetch_assoc($Recordset1)){
$email = $row_Recordset1['e_mail'];
$username = $row_Recordset1['username'];
$first_name = $row_Recordset1['first_name'];

//function for generating session variable

function generateSession($strlen){
return substr(md5(uniqid(rand(),1)),1,$strlen);
}
$sessionVar = generateSession(25);
$_SESSION["$sessionVar"] = $sessionVar;


//call randomn session value


$from = 'Deaf Boyz Audio';
$to = "$email";
$subject = 'Login Info';
$message = 'Hello '.$first_name.','."\r\n\n".'Here is the login info that your requested'."\r\n\n\n".'Username: '.$username."\r\n\n".
'if you remember your password then its all good, just go to the Login page and login'."\r\n".
'if you don\'t remember your password then follow this link to reset your password'."\r\n\n".
'<http://www.deafboyzaudio.com/resetPassword.php?key='.$sessionVar.'&user='.$username.'>'."\r\n\n".
'This E-mail was sent by an automatic response system. DO NOT reply to this email... It WILL NOT be received.'."\r\n\n".'If you would like to contact us please do it on our feedback from at <http://www.deafboyzaudio.com/feedback.php>';
$reply = 'no_reply@deafboyzaudio.com';


$headers = 'From: ' .$from. "\r\n" .
'Reply-To: ' .$reply. "\r\n" .
'X-Mailer: PHP/' . phpversion();

mail ($to, $subject, $message, $headers);
}
}
And the reset password page, although I dont know if you'll need it for my question... someone else might though
<?php
if (!isset($_SESSION)) {session_start();}
require_once('Connections/db294582132.php');
//invalidate form
$valid = FALSE;
if(isset($_GET['user'])){
$username = $_GET['user'];
}
if(isset($_GET['key'])){
$key = $_GET['key']
;}
else{
$key = 0
;}

if(isset($_SESSION["$key"])){
$emailGenSession = $_SESSION["$key"]
;}
else{
$emailGenSession = 1
;}

if($key == $emailGenSession){
$valid = TRUE;
}

//form submission
if(isset($_POST['submit'])){

$pass = (sha1($_POST['choose']));
//insert SQL
$query1 = "UPDATE user_data SET user_password = '$pass' WHERE username = '$username'";
mysql_select_db($database_db294582132, $db294582132);
mysql_query($query1, $db294582132) or die(mysql_error());

//redirect
if(($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_SERVER["HTTP_REFERER"]) && strpos(urldecode($_SERVER["HTTP_REFERER"]), urldecode($_SERVER["SERVER_NAME"].$_SERVER["PHP_SELF"])) > 0) && isset($_POST)){

$WA_Redirect_URL = 'passwordResetSuccessfully.php?user='.$username;
$WA_Redirect_KeepQS = false;
if ($WA_Redirect_URL != "") {
if ($WA_Redirect_KeepQS && $WA_Redirect_URL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "") {
$WA_Redirect_URL .= ((strpos($WA_Redirect_URL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_Redirect_URL);
}
}





}



?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/master.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php include('includes/titleGen.php');?>
<title><?php echo"$title"; ?></title>
<!-- InstanceBeginEditable name="doctitle" -->
<!-- InstanceEndEditable -->
<style type="text/css">
<!--
@import url("styles/main.css");

-->
</style>
</head>
<body>
<div id="container">
<?php include("includes/bannerNav.php"); ?>
<!-- InstanceBeginEditable name="mainContent" -->
<div id="mainContent">
<?php
if($valid == TRUE){
echo'<form id="form" name="form" method="POST" action="">';
echo'<fieldset>';
echo'<p><b>Your Username is: '.$username.'</b></p>';
echo'<br />';
echo'<label for="choose">Choose Password:</label>';
echo'<br />';
echo'<input name="choose" type="password" class="indent" tabindex="10" id="choose" maxlength="40" />';
echo'<br />';
echo'<label for="confirm">Confirm Password:</label>';
echo'<br />';
echo'<input name="confirm" type="password" class="indent" tabindex="20" id="choose" maxlength="40" />';
echo'<br />'
echo'<input name="submit" tabindex="20" type="submit" value="Reset Password" />';
echo'</fieldset>';
echo'</form>';

}elseif($key !==0 && $emailGenSession == 1){
echo 'The link you have followed here to reset your password is expired. Please visit the <a href ="userPassRetrieval.php">forgot Username/Password page</a> to have your user info resent to your E-mail. If you have forgotten your password make sure to click the link in the email shortly after receiving it and use the same browser window throughout the whole process.';
}
else{
echo 'You must have permission to access this page.';}


?>
</div>

<!-- InstanceEndEditable -->

<div id="footer">
<?php include("includes/footer.php"); ?>
</div>
</div>
</body>
<!-- InstanceEnd --></html>
My qusetions:

When the email is sent to me(hotmail) It flags the message as dangerous and I have to click open to verify the safety of the message. When I requested my username from Adobe.com, hotmail verified the safety of the message for me.

How do I get the message to not throw a flag as a "dangerous message"

And...

How do i get the link in the email to look all pretty like a normal <href> can. I want the link to say "reset password" in the email instead of that huge long link, but still function the same.

thanks

davidj
02-17-2010, 05:12 PM
a relevant link

http://windowslivehelp.com/community/t/8298.aspx

deafboyzaudio
02-17-2010, 05:36 PM
ok cool, i should be able to figure it out..



Do you know howi get the link in the email to look all pretty like a normal <href> can?

I want the link to say "reset password" in the email instead of that huge long link, but still function the same... is this possible?

domedia
02-17-2010, 05:47 PM
Unless you're making a HTML email, you can't.

tux
02-17-2010, 07:53 PM
I posted a script in this post that you should be able to adapt that will send html emails.

http://www.dreamweaverclub.com/forum/showthread.php?t=35227

Hope it helps.

Regards Paul