Tuesday 12 July 2011

Sending Forgotten Password

Sending Forgotten Password
How you send password via email address when they forgotten their password
Suppose any member forgot his password to login any website.We will send him his password to his email address.

1. forgot_password.php
2. send_password_ac.php

Database
1. members


Syntax
$email_to=$_POST['email_to'];

"SELECT password FROM table_name WHERE email='$email_to'";

Create table "members"
This is our database, table "Members" MS saha's password is "951412dwe" and his e-mail is "mark@phpeaststep.com"


CREATE TABLE `members` (
`id` int(4) NOT NULL auto_increment,
`name` varchar(65) NOT NULL default '',
`lastname` varchar(65) NOT NULL default '',
`email` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;
--
-- Dumping data for table `test_mysql`
--
INSERT INTO `members` VALUES (1, 'Billly', 'Blueton', 'email_1@somewhere.com', '789789');
INSERT INTO `members` VALUES (2, 'Jame', 'Campbell', 'email_2@somewhere.com', '654123ddf');
INSERT INTO `members` VALUES (3, 'Mark', 'Jackson', 'email_4@somewhere.com', '951412dwe');
* replace email_1, 2 , 3 with your e-mail address for testing

forgot_password.php

Create form and text field, name it "email_to" action at "send_password_ac.php"

############### Code

<table width="380" border="0" cellpadding="3" cellspacing="1" >
<tr>
<td width="33%"><strong>Enter your email : </strong></td>
<td width="67%">
<form name="form1" method="post" action="send_password_ac.php">
<input name="email_to" type="text" id="mail_to" size="25">
<input type="submit" name="Submit" value="Submit">
</form>

</td>
</tr>
</table>
send_password_ac.php
What to do?
1. after press submit button the form will send e-mail address to "send_password_ac.php".
2. at "send_password_ac.php" we have to find this e-mail address in our database.
3. if found this e-mail in our database give password to variable name "$your_password" and send this variable to e-mail that sent from our form.
4. if not found this e-mail in database, displays message "Not found your e-mail in our database"

  ############### Code
<?
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name


//Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect to server");
mysql_select_db("$db_name")or die("cannot select DB");
// value sent from form
$email_to=$_POST['email_to'];

// table name

$tbl_name=members;

// retrieve password from table where e-mail = $email_to(mark@phpeasystep.com)
$sql="SELECT password FROM $tbl_name WHERE email='$email_to'";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"

$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];
// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email_to;

// Your subject
$subject="Your password here";

// From
$header="from: your name <your email>";

// Your message
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $your_password \r\n";
$messages.="more message... \r\n";
// send email
$sentmail = mail($to,$subject,$messages,$header);


}

// else if $count not equal 1
else {
echo "Not found your email in our database";
}

// if your email succesfully sent
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}

?>

  ***Update***
I've got a lot of complains about security of sending the real password that exists in dababase. This may cause some troubles.

a new way to send password you can adapt from my verifying email tutorial

concept
- your user insert email to request password form
- find that email in our database
- if found, random a confirmation code and send it to email address to verify the email and also keep confirmation code in temp_database(don't forget to creates it first)
- when your user open email and click on confirmation link
- random and send new random password to email address again
- random new password you can use this code

<?

$random_password=md5(uniqid(rand()));
$new_password=substr($random_password, 0, 8);
echo $new_password;
?>
- After email has been sent, update an old password in database to a new random password.

- If you can wait i'm writing on it now, waits for a few day 

1 comment: