MD5 password change

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
NAT
Forum Newbie
Posts: 24
Joined: Tue Mar 21, 2006 3:13 am

MD5 password change

Post by NAT »

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


HI,

I am trying to make a password_forgot script with md5. The registrate script is made with md5 function, all passwords are stored in DB md5 encrypted. I made a script for users who forget there password, they can send a email and ask for there password. The script have to generate a new password and   storen the password in DB md5 enscrypted, end then send a email to a user a normal password.

My registration script work like this:

$temppass = $password;
$password = md5($password);

And this is myn forgot_password.php script:

Code: Select all

<?php

@mysql_connect(localhost,"xxxxx","xxxxxx");
@mysql_select_db("xxxxx_DB") or die( "<CENTER> The DB could not be found.");

if ($HTTP_POST_VARS['command'] == 'forgot' &&
strlen($_POST['email'] <= 50)) {

$email = addslashes($_POST['email']);
$query = "select * FROM users WHERE email = '$email'";
$result = mysql_query($query);
$num = mysql_numrows($result);
if ($num > 0) {


$alphanum =
array('a','b','c','d','e','f','g','h','i','j','k','m','n','o',
'p','q','r','s','t','u','v','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','M','N','P','Q','R','S','T','U',
'V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');

srand((double)microtime()*1000000);
$chars = sizeof($alphanum);
$a = time();
mt_srand($a);
for ($i=0; $i < 6; $i++) {
$randnum = intval(mt_rand(0,56));
$password .= $alphanum[$randnum];
}
$sql = "UPDATE $users SET password='".md5($password)."', .temppass($password) = 1 WHERE users = '$email' en password = '$password'";

$result = mysql_query($sql); 
$to = $_POST['email'];
$from = "xxxx@xxxx.xxx";
$subject = "New password";
$msg = <<< EOMSG
Your new password is:
$password
Please log in at this URL:
http://localhost/login.html
Then go to this address to change your password:
http://localhost/changepass.php
EOMSG;
$mailsend = mail("$to","$subject","$msg","From:
$from\r\nReply-To:xxxx@xxxx.xxx");

if ($email) {
echo "The information is been send succenfully; $email";
} else {
echo "Failes sending a email<br><br>";
}

} else {
echo "This email adress could not be found in DB.<br><br>";}
}

?>
I registerd my self, i login and logout(so the register and login script works fine). Then i tryt to ask for a new password to test forgot_passowrd.php script. I get the email with a new password, but when i try to login, i cant.

I am trying to figure it out, what is not working in forgot_password.php script . Can anyone help me with this problem?

Thanks in advance,

NAT


feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Code: Select all

$sql = "UPDATE $users SET password='".md5($password)."',
you should probably take the $ of of users

if that doesn't work

change

$result = mysql_query($sql);

to
$result = mysql_query($sql) or die(mysql_error());
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

also, get rid of the @ infront of mysql_connect() and mysql_select_db() because maybe you are not even connecting to the database!
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

also

$password .= $alphanum[$randnum];

doesn't need the dot there

$password = $alphanum[$randnum];
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
NAT
Forum Newbie
Posts: 24
Joined: Tue Mar 21, 2006 3:13 am

Post by NAT »

I took $ from the users and i also changd in to $result = mysql_query($sql) or die(mysql_error());

i get this error;

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '(7F2cRT) = 1 WHERE users = 'azeri_x@hotmail.com' en password =


Then i also changed $password = $alphanum[$randnum]; removed the DOT from there, i get this message after a test:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '(K) = 1 WHERE users = 'azeri_x@hotmail.com' en password = 'K''

i think i am 1 step fearther, somethink is wrong between the query and genrating for a password.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

show us your code after the changes you made
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

I also think this is the query you're looking for

Code: Select all

$sql = "UPDATE `users` SET `password` = '" . md5($password) . "' WHERE `users` = '$email'";
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
NAT
Forum Newbie
Posts: 24
Joined: Tue Mar 21, 2006 3:13 am

Post by NAT »

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Code: Select all

<form action="?action=pass" method="Post">
<br>
Email: <input type="text" name="email"><br />
<br /><br />
<input type="hidden" name="command" value="forgot">
<input type="submit" value="Send password">
</form>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

<?php

@mysql_connect(localhost,"xxxxxxx","xxxxxxxx");
@mysql_select_db("xxxxx_DB") or die( "<CENTER> The DB could not be found.");

if ($HTTP_POST_VARS['command'] == 'forgot' &&
strlen($_POST['email'] <= 50)) {

$email = addslashes($_POST['email']);
$query = "select * FROM users WHERE email = '$email'";
$result = mysql_query($query);
$num = mysql_numrows($result);
if ($num > 0) {


$alphanum =
array('a','b','c','d','e','f','g','h','i','j','k','m','n','o',
'p','q','r','s','t','u','v','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','M','N','P','Q','R','S','T','U',
'V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');

srand((double)microtime()*1000000);
$chars = sizeof($alphanum);
$a = time();
mt_srand($a);
for ($i=0; $i < 6; $i++) {
$randnum = intval(mt_rand(0,56));
$password = $alphanum[$randnum];
}
$sql = "UPDATE users SET password='".md5($password)."', .temppass($password) = 1 WHERE users = '$email' en password = '$password'";
$result = mysql_query($sql) or die(mysql_error()); 
$to = $_POST['email'];
$from = "xxxxxx@xxxxxxx.xx";
$subject = "New password";
$msg = <<< EOMSG
Your new password is:
$password
Please log in at this URL:
http://localhost/login.html
Then go to this address to change your password:
http://localhost/changepass.php
EOMSG;
$mailsend = mail("$to","$subject","$msg","From:
$from\r\nReply-To:xxxxxxxx@xxxx.xx");

if ($email) {
echo "The information is been send succenfully; $email";
} else {
echo "Failde sending a email.<br><br>";
}

} else {
echo "This email adress could not be found in DB.<br><br>";}
}

?>

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Last edited by NAT on Tue Mar 21, 2006 4:53 am, edited 1 time in total.
NAT
Forum Newbie
Posts: 24
Joined: Tue Mar 21, 2006 3:13 am

Post by NAT »

scrotaye wrote:I also think this is the query you're looking for

Code: Select all

$sql = "UPDATE `users` SET `password` = '" . md5($password) . "' WHERE `users` = '$email'";
I tryd that one i get :

Unknown column 'users' in 'where clause'

So i changed in to

$sql = "UPDATE 'users' SET 'password' = '" . md5($password) . "' WHERE 'users' = '$email'";

i get this:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''users' SET 'password' = '5206560a306a2e085a437fd258eb57ce' WHE
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

You need to read up on basic MySQL, start with the manual.

As for now, let me try to help you.

scrotaye's code was probably correct, he is presuming your field for the user email is called users, by looking at your error, he guessed wrong. Use scrotaye's suggestion, but change `users` = '$email' to `whateveryourfieldnameis` = '$email'.

Also, you are attempting to use single quotes instead of backticks. Single quotes need to surround strings in MySQL, whereas backticks can be used to surround field/table names optionally.

A single quote is

Code: Select all

'
A backtick is

Code: Select all

`
So just use scrotaye's example, but change the field name, and it might work.
NAT
Forum Newbie
Posts: 24
Joined: Tue Mar 21, 2006 3:13 am

Post by NAT »

you whore right, i did not c that. it works now. :)

Thanks all
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

I hope not...;) Spelling...
NAT
Forum Newbie
Posts: 24
Joined: Tue Mar 21, 2006 3:13 am

Post by NAT »

You r right :?
Post Reply