Lost your password? HOW TO

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
zplits
Forum Contributor
Posts: 158
Joined: Sun Aug 03, 2008 8:59 pm

Lost your password? HOW TO

Post by zplits »

Good day everyone.

I have a login system which has a feature of retrieving the user's password. Is this possible? Because the password are hashed using md5, and i can't get it done, because when the user doesn't have to enter the password again, i can't compare the entered password and the password stored in the database.

If you may, here is my login form http://ioacjci.org/admin/ please login, after you failed to login, a link will appear just below log in button which says lost your password? Click it and it will load the forget password page, and in there, you will be asked for your username. Is there any other way to get this done? The username field is useless. I have tried it and it mailed me the hashed password in the database. It has done it because there is no string that the script will compare from the form and to the database.

Do you know how to fix this?
Thanks in advance.
User avatar
ghurtado
Forum Contributor
Posts: 334
Joined: Wed Jul 23, 2008 12:19 pm

Re: Lost your password? HOW TO

Post by ghurtado »

You cant "retrieve" an encrypted password. The only course of action is to reset it and then send the user the new password.
User avatar
zplits
Forum Contributor
Posts: 158
Joined: Sun Aug 03, 2008 8:59 pm

Re: Lost your password? HOW TO

Post by zplits »

thanks for the response. But how should i do that? I mean after i send the new password to his new email, for example i send a new password namely 1234 and then he fills up the password field 1234. The system will still give him an error message. because at first, it checks the user password and md5 it and check it to the database if it matched.

Do you have a sample script for it? so that i can better understand what you mean
Thanks a lot
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Lost your password? HOW TO

Post by onion2k »

When you generate the new password of 1234 update the record in the database to be the hashed version of that - eg

Code: Select all

mysql_query("UPDATE `user` SET `password` = ".sha1($new_password)." WHERE `user_id` = ".$user_id);
User avatar
zplits
Forum Contributor
Posts: 158
Joined: Sun Aug 03, 2008 8:59 pm

Re: Lost your password? HOW TO

Post by zplits »

Thanks onion2k. Gotta try it. Sir, are you familiar with amfphp?
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Lost your password? HOW TO

Post by onion2k »

I know what it is, but I don't use Flash so I've never had any call to use it.
User avatar
zplits
Forum Contributor
Posts: 158
Joined: Sun Aug 03, 2008 8:59 pm

Re: Lost your password? HOW TO

Post by zplits »

Oh, it's okay sir, Coz I'm trying to get data from the database and display it in the dynamic textfield in flash.

And by the way sir, I got the password retrieval working. Thanks a lot for you help onion2k and ghurtado. GOD bless.
User avatar
zplits
Forum Contributor
Posts: 158
Joined: Sun Aug 03, 2008 8:59 pm

Re: Lost your password? HOW TO

Post by zplits »

Is there a POST here which talks about automatic logged out during X time of inactivity?
desmi
Forum Commoner
Posts: 64
Joined: Sun Jun 15, 2008 4:55 am

Re: Lost your password? HOW TO

Post by desmi »

There's a search function for that.. ;)

but you can do it with cookies for example..

When logged in, set cookie for x time, and on every page, check if there is one, if there is, update it to x time, if there isn't, logout
User avatar
zplits
Forum Contributor
Posts: 158
Joined: Sun Aug 03, 2008 8:59 pm

Re: Lost your password? HOW TO

Post by zplits »

i have searched for "Automatic logout" found few results but didn't find what i was looking for, can i post a new topic regarding it?
User avatar
ghurtado
Forum Contributor
Posts: 334
Joined: Wed Jul 23, 2008 12:19 pm

Re: Lost your password? HOW TO

Post by ghurtado »

zplits wrote:... can i post a new topic regarding it?
Absolutely, ask and you shall receive
Post Reply