I am working on a web site that uses an apache password file for security. I also store user information in a mySQL database. If a user forgets a password or username, I would like to accept their email address, get their username and password from mySQL, and email the username and password back to the user.
I tried to use the "ErrorDocument 401 /error401.html" in the Apache configuration file to open an html form that allows the user to post their email. The problem occurs when the error401.html file tries to call my PHP script. It requires the user to login to execute the script which is impossible because they don't know their username or password.
Am I going about this wrong? Is there a better model to accomplish this?
Apache PHP custom 401 error
Moderator: General Moderators
Re: Apache PHP custom 401 error
I may have misunderstood your original question; however I think I've written a simple script to do just this, although it works slightly different. User's enter their email address into a form field, after submission it checks the email address against the database and then resets the user's password with a random value using uniqid() which is then encrypted using md5(). The reset password is then sent to the user's email address stored in the database. This was written because I didn’t want to use the Mcrypt Library for my user’s passwords (two-way encryption) and PHP’s md5() and crypt() are both one-way encryption. So I needed a method that would reset their password automatically.