Forgot Password / Register
Site Statistics
Total Members: 520
Total Tutorials: 242
Newsest User: 8884244477
Todays Unique Hits: 125
0 Users 2 Guests Online

Forgot Password.

Forgot Password Tutorial.
Insert this using phpmyAdmin
It adds a pincode to the user.
Code

ALTER TABLE `members` ADD `pincode` INT( 3 ) NOT NULL DEFAULT '123';


This is our random password generator.
Creates our random sting. to send to our user.
Call it random.php
Code

<?
function generateRandStr($length)
{
$randstr = "";
for($i=0; $i<$length; $i++)
{
$randnum = mt_rand(0,61);
if($randnum < 10)
{
$randstr .= chr($randnum+48);
}
}
return $randstr;
}
?>


This is the actual form where the user can retrieve a lost password.
call this forgotpass.php.
Code

<?php
include ("dbconnect.php");
include("random.php");
switch($_GET[p])
{
default:
echo ("
<form method=\"POST\" action=\"?p=send\">
<center>
<font face=\"Verdana\" size=\"1\">Your Username:</font><br>
<input type=\"text\" name=\"username\"><br>
<font face=\"Verdana\" size=\"1\">Your Pincode:</font><br>
<input type=\"password\" name=\"pincode\" size=\"3\"><br>
<input type=\"submit\" name=\"submit\" value=\"Recover Password\"></center>
</form>
");
break;
case 'send':
$profile = mysql_query("SELECT * from `members` where username = '$_POST[username]'");
$fetch = mysql_fetch_array($profile);
if($_POST[pincode] == $fetch[pincode])
{
$rand = generateRandStr(6);
$username = $_POST[username];
$email = $fetch[email];
$hpassword = sha1(md5(md5(sha1(md5(sha1(sha1(md5($rand))))))));

$emailbody = "
Username: $username
Email Address: $email
New Password: $rand \n
Your new password.
The password is case sesitive so when you enter it make sure you use capital letters where it is displayed so.
And try not to forget it. LOL
";

$update = mysql_query("UPDATE members SET password = '$hpassword' WHERE username = '$username'") or die(mysql_error());
mail("$fetch[email]", "Password Recovery", "$emailbody", "From: no-reply@YOURSITENAME.com");
echo ("<font face=\"Verdana\" size=\"1\">Your Password has been updated and emailed to you</font><meta http-equiv=\"refresh\" content=\"2;url=login.php\">");
}
else
{
echo ("<font face=\"Verdana\" size=\"1\">Incorrect Pin Code</font><meta http-equiv=\"refresh\" content=\"5;url=forgotpass.php\">");
}
break;
}
?>

Thats the end of the codes. Now I will define parts.

Code

$profile = mysql_query("SELECT * from `members` where username = '$_POST[username]'");
$fetch = mysql_fetch_array($profile);
if($_POST[pincode] == $fetch[pincode])
{

This makes sure that the pincode the user entered with its username is the same as in the database.

Code

$rand = generateRandStr(6);
$username = $_POST[username];
$email = $fetch[email];
$hpassword = sha1(md5(md5(sha1(md5(sha1(sha1(md5($rand))))))));

These are our variables $rand defines the length of the string that is returned.
$hpassword secures our new radom string.

Code

$emailbody = "
Username: $username
Email Address: $email
New Password: $rand \n
Your new password.
The password is case sesitive so when you enter it make sure you use capital letters where it is displayed so.
And try not to forget it. LOL
";

This is our email body it determines what we see when we view the email.

Code

$update = mysql_query("UPDATE members SET password = '$hpassword' WHERE username = '$username'") or die(mysql_error());

This inserts the new password into the database overwriting the old one.

Code

mail("$fetch[email]", "Password Recovery", "$emailbody", "From: no-reply@YOURSITENAME.com");

This string send our email out.
The first section is where the email is sent.
The second is the subject.
The third is our email body.
And fourth is who its from.
Be sure to change YOURSITENAME and enter your site in.

Code

echo ("<font face=\"Verdana\" size=\"1\">Your Password has been updated and emailed to you</font><meta http-equiv=\"refresh\" content=\"2;url=login.php\">");
}
else
{
echo ("<font face=\"Verdana\" size=\"1\">Incorrect Pin Code</font><meta http-equiv=\"refresh\" content=\"5;url=forgotpass.php\">");
}

Shows the email has been sent and the database has been updated.
Otherwise it will show that the pincode you entered is incorrect.


Thats it for my tut on forgot password.
Be sure to look out for more from me.
SkillMaster
Views:
2371
Rating:
Posted on Tuesday 29th May 2007 at 01:33 AM
MCP
MCP
One question. How does the user know their pincode to begin with?
Posted on Saturday 12th May 2007 at 10:40 PM
SkillMaster
SkillMaster
I added a pincode change script if you were wondering.
Posted on Monday 7th May 2007 at 11:03 PM
Diablosblizz
Diablosblizz
Edit: I rechecked the Password code above, I just figured out that 1. The password thingy was not Sha1 (thats a one) and MD5 format, so I did that, then.. I figured out that there is no variable $pass so I changed it to $rand.

I shoulda just re looked the code.

But anyways, it works!
Posted on Monday 7th May 2007 at 10:27 PM
Diablosblizz
Diablosblizz
Also, I received the email, but when I tried to login with the username and pass, it gives me an invalid password.

Also, in the code you must change the word "users" to "members" if you are using RMB's member system..

Anybody have any comments on the password problem?
Posted on Monday 7th May 2007 at 07:26 PM
Diablosblizz
Diablosblizz
You should, because the default PinCode is 123. I don't want to tell every single member their pincode, so you should make a page where it allows them to change their pincode.

Would be a good idea.
Posted on Monday 7th May 2007 at 05:36 AM
SkillMaster
SkillMaster
If you want ill add lol.
Posted on Monday 7th May 2007 at 04:14 AM
gbt91
gbt91
yeah, u r right..
i have a more better way for who forgot his password..
i will post it as soon as possibile
Posted on Monday 7th May 2007 at 12:54 AM
Diablosblizz
Diablosblizz
One question for this... how does the users change his/her pincode?