FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Change password and forgot password script





cemica
Hi!
I know PHP only a little. So, I've made "member area" using a script from a web. There's no way to change password in member page. I was looking for this in the web, and I found some scripts, but they are to hard for me to understand. I don't know, how I must insert the mysql tabel information...
Here is my SQL table structure:

Code:
CREATE TABLE `members` ( `member_id` int(11) unsigned NOT NULL auto_increment, `firstname` varchar(100) default NULL, `lastname` varchar(100) default NULL, `login` varchar(100) NOT NULL default '', `passwd` varchar(32) NOT NULL default '', PRIMARY KEY (`member_id`) ) TYPE=MyISAM


Maybe somebody is good and shares password changing and forgot password script and helps me understand, what I've to change to get script work. I've tried a couple of scrips, but I can't get them work, always come errors or just blank page.
Thanks! Very Happy
Nemesis234
cemica wrote:

Code:
CREATE TABLE `members` (
`member_id` int(11) unsigned NOT NULL auto_increment,
`firstname` varchar(100) default NULL,
`lastname` varchar(100) default NULL,
`login` varchar(100) NOT NULL default,
`passwd` varchar(32) NOT NULL default,
PRIMARY KEY (`member_id`) ) TYPE=MyISAM



well first off, doesnt the user have to submit their email when they register? it is always useful and generally expected when signing up to anything to have to input an email address for communications. if you didnt want a password reset area than maybe you wouldnt need email, but if you want a secure password reset area its always best to have an email address on file so you can have confirmation from the user.

i could code it all for you, but im not going to, i will tell you a good way to do it but if you cannot code php maybe you should go and learn it first before creating this website you have in mind.

im assuming you are using md5 encryption as that is generally what most people use. with md5 there is no way to retrieve a users password as the process of encryption is ireversible. however a simple password reset is easy enough to do.

for password reset/forgotten.
first you need 2 more table columns, 1 for email and 1 for confirmation code
on a new page have the user input their username and email address
on submit a code is created and inputted into the database, rand(1,9999999999) will work fine
this code is then emailed to the user with a link to another page
on this page the user must again input their username,email, and this code, and the new password they want
if all parts match update database with thier new password and let them login
once done remove the confimation code from the database so it cannot be changed multiple times.

for a password change
just have the user input thier current password and the new password they want, if the password matches database update it with the new one they just inputted.

i hope this is of some help, i doubt it somehow tho, but good luck anyway.
cemica
Nemesis234 wrote:
cemica wrote:

Code:
CREATE TABLE `members` (
`member_id` int(11) unsigned NOT NULL auto_increment,
`firstname` varchar(100) default NULL,
`lastname` varchar(100) default NULL,
`login` varchar(100) NOT NULL default,
`passwd` varchar(32) NOT NULL default,
PRIMARY KEY (`member_id`) ) TYPE=MyISAM



well first off, doesnt the user have to submit their email when they register? it is always useful and generally expected when signing up to anything to have to input an email address for communications. if you didnt want a password reset area than maybe you wouldnt need email, but if you want a secure password reset area its always best to have an email address on file so you can have confirmation from the user.

i could code it all for you, but im not going to, i will tell you a good way to do it but if you cannot code php maybe you should go and learn it first before creating this website you have in mind.

im assuming you are using md5 encryption as that is generally what most people use. with md5 there is no way to retrieve a users password as the process of encryption is ireversible. however a simple password reset is easy enough to do.

for password reset/forgotten.
first you need 2 more table columns, 1 for email and 1 for confirmation code
on a new page have the user input their username and email address
on submit a code is created and inputted into the database, rand(1,9999999999) will work fine
this code is then emailed to the user with a link to another page
on this page the user must again input their username,email, and this code, and the new password they want
if all parts match update database with thier new password and let them login
once done remove the confimation code from the database so it cannot be changed multiple times.

for a password change
just have the user input thier current password and the new password they want, if the password matches database update it with the new one they just inputted.

i hope this is of some help, i doubt it somehow tho, but good luck anyway.


Yes, I know i need email for this and the email field is in the form. And the password is MD5, so I know, that users can't restore their real password, they have to make the new one. You're "story" is confusing me, so much facts Very Happy I try to do something and then post it here and maybe someone can check, is all right.
But thanks to you Nemesis234.
cemica
I found a good script to restore your password. I changed this code a little bit to get everything work. So, now everything works (it sends an e-mail with new password activation link), expect the error:
Quote:
Column count doesn't match value count at row 1
Can anyone tell me, why this error is coming? (NB! I changed my SQL a little bit too (added two columns).) PHP code is here:
Code:
<?
include "session.php";

include "config.php";
$email=$_POST['email'];
// Change the URL below to match your site
$site_url="http://website.com/";
?>
<!doctype html public "-//w3c//dtd html 3.2//en">

<html>

<head>
<title>Title</title>
<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
<LINK href="loginmodule.css" rel="stylesheet" type="text/css">
</head>

<?
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}


echo "<br><br>";
if($status=="OK"){  $query="SELECT login,email FROM members WHERE members.email = '$email'";
$st=mysql_query($query);
 $recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
 if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>"; exit;}

/// check if activation is pending /////
$tm=time() - 86400;
if(mysql_num_rows(mysql_query("SELECT login FROM members WHERE login = '$row->login' and time > $tm and status='pending'"))){
echo "<center><font face='Verdana' size='2' color=red><b>Your password activation Key is already posted to your email address, please check your Email address & bulk mail folder. ";
exit;
}

/////////////// Let us send the email with key /////////////
/// function to generate random number ///////////////
function random_generator($digits){
srand ((double) microtime() * 10000000);
//Array of alphabets
$input = array ("A", "B", "C", "D", "E","F","G","H","I","J","K","L","M","N","O","P","Q",
"R","S","","","T","U","V","W","","","","","X","Y","Z");

$random_generator="";// Initialize the string to store random numbers
for($i=1;$i<$digits+1;$i++){ // Loop the number of times of required digits

if(rand(1,2) == 1){// to decide the digit should be numeric or alphabet
// Add one random alphabet
$rand_index = array_rand($input);
$random_generator .=$input[$rand_index]; // One char is added

}else{

// Add one numeric digit between 1 and 10
$random_generator .=rand(1,10); // one number is added
} // end of if else

} // end of for loop

return $random_generator;
} // end of function


$key=random_generator(10);
$key=md5($key);
$tm=time();
$rt=mysql_query("insert into members(login,passwd) values('$row->login','$key','$tm','pending')");
echo mysql_error();


$headers4="my@email.com";         ///// Change this address within quotes to your address ///
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;// for html mail un-comment this line
$site_url=$site_url."activepassword.php?ak=$key&login=$row->login";
 
if(mail("$em","Your Request for login details","This is in response to your request for login detailst at site_name \n \nLogin ID: $row->login \n To reset your password, please visit this link( or copy and paste this link in your browser window )\n\n
\n\n
$site_url
\n\n
<a href='$site_url'>$site_url</a>

 \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";}
else{ echo " <center><font face='Verdana' size='2' color=red >There is some system problem in sending login details to your address. Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}


   }

   else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
?>

</body>

</html>
rickylau
Code:
insert into members(login,passwd) values('$row->login','$key','$tm','pending')

You have added two values (4 values in total) but without assigning what columns they are (specified 2 columns only), so the MySQL database simply unable to perform the process.

Actually I'm quite confused about your SQL statement, you are going to reset one's password, how come you insert one more record instead of altering the existing record?
- I assume login name should be unique in the table
- If you insert as new record, the member requesting password reset would have a new member ID, then anything linked to the previous ID would be lost (I assumed there are something too, otherwise the member ID field just does nothing)

Also, the 2 values you've added (I believe so), $tm the timestamp and the string 'pending' seems not sensible to describe any columns of the table (if using the before-mentioned structure)


BTW, is that "key" used for checking if the user is valid to renew password only but not the password itself? if so, why don't simply md5 the timestamp? Wink
jmraker
Quote:
Column count doesn't match value count at row 1


The sql is invalid because you specified it should expect 2 values, login and passwd, but there's 4 values.

You should use an update command to update the password's md5 hash

Code:
mysql_query('UPDATE members SET passwd="' . $key . '" WHERE login="' . $row->login  . '"');


That way there are no duplicate records for users and a user has only one record.
cemica
Sorry for a late post - I wasn't at home for couple of days. I tried jmraker solution (entered this command in phpmyadmin
Code:
mysql_query('UPDATE members SET passwd="' . $key . '" WHERE login="' . $row->login  . '"');
), but I got error:
Quote:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mysql_query('UPDATE members SET passwd="' . $key . '" WHERE login="' . $row->log' at line 1

What's wrong?
Fire Boar
The fact that you're entering it into phpMyAdmin. It's PHP code to execute a MySQL query, not the query itself.
cemica
Thanks, now it's working, no errors. Very Happy
Related topics
how can i change password in my database?
Chatroom Script
looking for password gate script
Members script with pm and admin area
Forgot Your Password On XP?
Windows XP SP3 comming soon
PHP Username And Password Login Script, Using those to creat
Problem with Member system(or template) and $_GET[id]
TOS
HELP! My account unactivated itself!!!!!
Javascript password checker
URGENT!!! Scripts modified after hosted on frih account!!!
Password change
You too may be the victim of this Virus
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.