Forgot Password

The passwords stored in the database are encrypted using MySQL's SHA1() function (http://www.faqs.org/rfcs/rfc3174), there's no way to retrieve an unencrypted version. The alternative is to create a new, random password and change the existing password to this value. The new password will be emailed to the address with which the user registered. 

<?php

// This is the forgot password page
include ('start.php');

if (isset($_POST['submit'])) {
		process_form();
	}
	else {
		display_form();// display form for the first time
	}

function display_form() {
	echo <<<HTML
	<h2>Reset Password</h2>
	<p>Please enter your email to reset your password.</p>
	<form action = "$_SERVER[SCRIPT_NAME]" method="post">
	Email Address:
	<input type="text" name="email" size="40" maxlength="40" value="sohann@fhda.edu" />
	<br />
	<input type="submit" name="submit" value="Reset Password" />
	</form>
HTML;
}

function process_form() {

	// assume invalid value
	$uid = FALSE;

	// check for an email address
	if (!empty($_POST['email'])) {
		$e = mysql_real_escape_string($_POST['email']);
		// connect to the database server
		include ('db_connect.php');

		// create the query
		$query = "SELECT user_id FROM " . TABLE_NAME . " WHERE email= " . "'$e'";
		// run the query
		$r = mysql_query($query) or trigger_error("Query: $query<br />MySQL Error: " . mysql_error());
		// if data
		if (mysql_num_rows($r) == 1) {
			// found the user
			// retrieve the user_id
			// using MYSQL_NUM to get number indices
			list($uid) = mysql_fetch_array($r, MYSQL_NUM);
		}
		else {
			echo '<p>The submitted email does not match those in file.</p>';

		}
	}
	else {
		echo '<p>You forgot to enter your email address!</p>';
	}  // end email

	if ($uid) {
		// got the user_id
		// create a new random password
		// pull out 10 characters staring with the third one
		$p = substr(md5(uniqid(rand(), true)), 3, 10);
		$newp = SHA1($p);
		//update the database
		// create the query
		$query = "UPDATE " . TABLE_NAME . " SET pass= " . "'$p' WHERE user_id=$uid LIMIT 1";
		// run the query
		$r = mysql_query($query) or trigger_error("Query: $query<br />MySQL Error: " . mysql_error());
		// if data
		if (mysql_affected_rows($link) == 1) {
			// if it ran OK
			//send the email
			$body = "Your password has been temporarily changed to $p. Please login using this password and this email. You can then change your password.\n\n";
			mail($_POST['email'], 'Your temporary password', $body, 'From: hso@voyager.deanza.edu');

			// finish the page
			echo '<h3>Your password has been changed. You will receive the new , temporary password at the email with which you registered. Once you have logged in with this password, you may change it.</h3>';
		}
		else {
			echo '<p>Your password could not be changed due to a system error. We apologize for any inconvenience.</p>';

		}

	} // end uid

// close the connection
mysql_close($link);
include('footer.html');

}

?>

View the effect


Registration Example | Start | Header | Footer | Connect to a Database | Create a Table | Register | Activation | Login | Logout | Forgot Password | Change Password
© 2008: Hann So
email: hso@voyager.deanza.edu