Php forgot password script
Closed
dm corporation
Posts
327
Registration date
Monday December 15, 2008
Status
Member
Last seen
January 15, 2016
-
Dec 19, 2013 at 02:58 PM
dm corporation Posts 327 Registration date Monday December 15, 2008 Status Member Last seen January 15, 2016 - Dec 20, 2013 at 05:35 PM
dm corporation Posts 327 Registration date Monday December 15, 2008 Status Member Last seen January 15, 2016 - Dec 20, 2013 at 05:35 PM
Related:
- Php forgot password script
- Facebook forgot password - Guide
- Anvi folder locker forgot password - Guide
- Nokia factory reset code forgot - Guide
- Badoo forgot password - Guide
- Www facebook com profile php id 100017858869382 ✓ - Facebook Forum
7 responses
WOW, what a question.....Is this production, or beta?
If production, Who else is having this problem?
So, let me see, you have access to the script, but you are not certain where the script connects?
"$query = sprintf("UPDATE 'users' SET 'password' = '%s'
WHERE 'email' = '$forgotpassword'",
mysql_real_escape_string($newpassword));
"
So, where does the USERS table reside? Either you are failing to connect, or you are failing to update the USERS table with the newly created password in the variable - $strforgotpassword.
So, I would troubleshoot by gaining access to the DB and seeing the index of USERS!
IS your DB being connected to? I notice in your code that you check for all sort of server side stuff, but not if the DB makes a valid connection. Maybe you might want to give feedback if DB is not connected to.
Also, the browser may be injecting ascii codes for characters, therfore never finding a match. Also, I would suggest not making changes based on the email, but get the user ID from the email, and change the QUERY based on the ID, and not the email. Just an idea.
Check the DB is ONline.
//ark
-Moderator/Contributor
If production, Who else is having this problem?
So, let me see, you have access to the script, but you are not certain where the script connects?
"$query = sprintf("UPDATE 'users' SET 'password' = '%s'
WHERE 'email' = '$forgotpassword'",
mysql_real_escape_string($newpassword));
"
So, where does the USERS table reside? Either you are failing to connect, or you are failing to update the USERS table with the newly created password in the variable - $strforgotpassword.
So, I would troubleshoot by gaining access to the DB and seeing the index of USERS!
IS your DB being connected to? I notice in your code that you check for all sort of server side stuff, but not if the DB makes a valid connection. Maybe you might want to give feedback if DB is not connected to.
Also, the browser may be injecting ascii codes for characters, therfore never finding a match. Also, I would suggest not making changes based on the email, but get the user ID from the email, and change the QUERY based on the ID, and not the email. Just an idea.
Check the DB is ONline.
//ark
-Moderator/Contributor
dm corporation
Posts
327
Registration date
Monday December 15, 2008
Status
Member
Last seen
January 15, 2016
Dec 20, 2013 at 04:57 AM
Dec 20, 2013 at 04:57 AM
Hello , Thank you ac3mark for your reply, I am not sure that I am failing to update because I saw that the password change in the DB. I would like follow your idea about get the user ID from the email but I don't know how to do it you know I am a big beginner in PHP. Thanks again
No problem..before you try to update the password, get the id with a Query that says something like "SELECT [ID] FROM tblUSERS WHERE EMAIL = $somestring".
Store the return value in a variable called intID (int - integer so that your code will be uniform).
The record would look like:
ID-------user-------email
845------Mark------mark@someemailaddress.com
So your query would return 845.
Now use your update to update the record with ID, and not the email:
UPDATE USERS SET PASSWORD = '$somerandom' WHERE ID=$intID.
Helpful note......
Do not store your password in the same table as your users. Make a seperate table that links ID with passwords, adn any other data you wish to store regarding password (last time loggged in, changed, ip of change....ie).
Second note....I really hope you are not storing your password in the table as plain language. So if I were to gain access to the DB, I would be able to see that User ID of 849 has a password of "PASSWORDXYZ". You should use a HASH - One way crypto-so you run the PASSWORDXYZ through YOUR HASH.PHP and HASH.PHP turns that plain word into another encrypted word , (IE. #JIFDJS&SKSHUUHHHHGG&HHSBBUH*UHHHKAJS).
Now, when you get a password, see if the two HASH.PHP returns match, if they do, then the password is the same, and access is gained.
I have a VERY SIMPLE HASH in ASP, if you wish to use as a template. I will share with you if you understand the techniques that I am describing to you.
Store the return value in a variable called intID (int - integer so that your code will be uniform).
The record would look like:
ID-------user-------email
845------Mark------mark@someemailaddress.com
So your query would return 845.
Now use your update to update the record with ID, and not the email:
UPDATE USERS SET PASSWORD = '$somerandom' WHERE ID=$intID.
Helpful note......
Do not store your password in the same table as your users. Make a seperate table that links ID with passwords, adn any other data you wish to store regarding password (last time loggged in, changed, ip of change....ie).
Second note....I really hope you are not storing your password in the table as plain language. So if I were to gain access to the DB, I would be able to see that User ID of 849 has a password of "PASSWORDXYZ". You should use a HASH - One way crypto-so you run the PASSWORDXYZ through YOUR HASH.PHP and HASH.PHP turns that plain word into another encrypted word , (IE. #JIFDJS&SKSHUUHHHHGG&HHSBBUH*UHHHKAJS).
Now, when you get a password, see if the two HASH.PHP returns match, if they do, then the password is the same, and access is gained.
I have a VERY SIMPLE HASH in ASP, if you wish to use as a template. I will share with you if you understand the techniques that I am describing to you.
dm corporation
Posts
327
Registration date
Monday December 15, 2008
Status
Member
Last seen
January 15, 2016
Dec 20, 2013 at 03:10 PM
Dec 20, 2013 at 03:10 PM
Firstly Thanks for everything that you are doing for me, may God bless you. I will start with your indication and try it . Regarding to the password in DB I hashed by using sha1. Thanks you again . Please check your inbox I sent you a private message. thanks alot.
Didn't find the answer you are looking for?
Ask a question
dm corporation
Posts
327
Registration date
Monday December 15, 2008
Status
Member
Last seen
January 15, 2016
Dec 20, 2013 at 04:08 PM
Dec 20, 2013 at 04:08 PM
I tried what you shown me but still the same problem . My last request is can you please code one forgot password script for me ?
Ok.... well one last question that was never answered; Is this production and broke, or beta and for a grade? If it is for your job and a production site is broke, I am concerned.
Let me know what situation it is?
I am going to tell you up front, I will not do homework....
You have to have echo statment and debuggin steps to break down each and every step in your code. Turn on a switch in your code that says "if I am in debugging, then display every ACK!"
Have fun....
Let me know what situation it is?
I am going to tell you up front, I will not do homework....
You have to have echo statment and debuggin steps to break down each and every step in your code. Turn on a switch in your code that says "if I am in debugging, then display every ACK!"
Have fun....
dm corporation
Posts
327
Registration date
Monday December 15, 2008
Status
Member
Last seen
January 15, 2016
Dec 20, 2013 at 05:35 PM
Dec 20, 2013 at 05:35 PM
that's not a homework . Also they don't teach PHP in my School . it's for an attachement. Thanks I will do your last option to see what will happen