A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2008 yeara “forgot user password” standard class or script in php/mysql environment? - page 1
User InfoPosts
a “forgot user password” standard class or script in php/mysql environment?#1
I am hoping that there is a standard class/php script that we can use for the "forgot password" functionality. It seems almost every website has one, and I'd like to reduce the development time on it.

It appears that a common approach is:


click on Forgot password
User receives via email a "reset password" link
Click on the link allows typing in "new password" "retype password"
life is good


I don't want to do it from scratch, hoping someone who has thought through any nuances can point me to pre-existing code. It would seem that this is a pretty standardized.

All: got some responses, but I'm hoping perhaps someone can recommend a pretty standard class or CMS that meets generally accepted security guidelines.

posted date: 2008-12-26 12:08:00


Re: a “forgot user password” standard class or script in php/mysql environment?#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2008-12-26 12:08:01


Re: a “forgot user password” standard class or script in php/mysql environment?#3
hi, do my job for me, thanks

posted date: 2008-12-26 12:23:00


Re: a “forgot user password” standard class or script in php/mysql environment?#4
You can steal it from a wide variety of frameworks/CMSs. Drupal, Kohana, etc...

posted date: 2008-12-26 12:26:00


Re: a “forgot user password” standard class or script in php/mysql environment?#5
I use my own scripts for password resetting.I create a table to store a user_id, a random key and a time that the password reset initiated:// query is my own SQLite3 wrapper function which ensures I have a valid database connection then executes the SQL.// I would imagine small changes will be needed to the SQL for MY SQL.query("create table reset_password (user_id integer not null default 0, key text not null default '', time integer not null default 0)");query("create unique index reset_password_user_id on reset_password (user_id)");query("create index reset_password_key on reset_password (key)");Then when a password needs to be reset, the following code is called:// $user_id must be an integer that matches a valid user's ID.function reset_password($user_id) { query("delete from reset_password where user_id = $user_id"); $key = substr(base64_encode(crypt('', '')), 0, 32); query("insert into reset_password values ($user_id, '$key', " . time() . ")"); // fetch is my own wrapper function to fetch a row from the query. $f = fetch(query("select username from users where id = $user_id")); // smtp is my own function, you will probably want to use the php mail function. smtp( "do-not-reply@example.com", // sender $f['username'], // recepient "From: The example.com Web Site <do-not-reply@example.com>\r\n" . // email headers "To: {$f['username']} <{$f['username']}>\r\n" . // actual email address <put a nice friendly name in here if you have the the information> 'Subject: Reset Password' . "\r\n" . "\r\n" . "Hello\r\n" . // email body "\r\n" . "A request has been made to reset your example.com web site password.\r\n" . "\r\n" . "To complete the request, click on the following link within 48 hours of the transmision of this email and follow the on screen instructions.\r\n" . "\r\n" . /// URL is defined as the root of the URL used in the email, in this example it would be "http://example.com/" URL . "index.php?page=reset-password&user_id=" . urlencode($user_id) . "&key=" . urlencode($key) . "\r\n" . "\r\n" . "Kind regards,\r\n" . "\r\n" . "The example.com Web Site" );}When the link in the email is clicked a page is displayed which contains the following:// form, input_hidden, table, tr, td, label, input_password and input_submit are my own wrappers which return the appropriate HTML with escaped values where required.echo form('reset-password/ok', input_hidden('user_id', $_GET['user_id']) . input_hidden('key', $_GET['key']) . table( tr( td(label('New Password')) . td(input_password('new_password', '')) ) . tr( td(label('Confirm Password')) . td(input_password('confirm_password', '')) ) ) . input_submit('ok', 'OK') );When the above form is submitted, the following is executed:// The reset_password_message function displays the message to the user.if (!isset($_POST['user_id'])) { reset_password_message('You must enter a user ID. Please try again.');} else if (!isset($_POST['key'])) { reset_password_message('You must enter a key. Please try again.');} else if (!isset($_POST['new_password']) || !$_POST['new_password']) { reset_password_message('You must enter a new password. Please try again');} else if (!isset($_POST['confirm_password']) || $_POST['new_password'] != $_POST['confirm_password']) { reset_password_message('The new password and the confirmation do not match. Please try again.');} else if (!$f = fetch(query("select time from reset_password where user_id = " . (integer)$_POST['user_id'] . " and key = '" . escape($_POST['key']) . "'"))) { reset_password_message('The user ID and key pair are invalid. Please try again.');} else if ($f['time'] < time() - 60 * 60 * 24 * 2) { // 60 seconds * 60 minutes * 24 hours * 2 days (48 hours as explained in the email sent to the user above). reset_password_message('The user ID and key pair have expired. Please try again.');} else { query("update users set password = '" . crypt($_POST['new_password']) . "' where id = " . (integer)$_POST['user_id']); reset_password_message('Your password has been reset. Please login.');}You're welcome to use this code instead of "rolling your own", but you will need to make a few changes or add a few functions to make it complete.

posted date: 2008-12-26 13:25:00


Re: a “forgot user password” standard class or script in php/mysql environment?#6
I have been using qcodo which doesn't appear to have that built in...which I thought was odd....

posted date: 2008-12-30 22:28:00


Re: a “forgot user password” standard class or script in php/mysql environment?#7
guys, sorry for my first comment

posted date: 2009-01-01 15:43:00


Re: a “forgot user password” standard class or script in php/mysql environment?#8
Hello Stacey Richards, I'm following your method. Tell me, how should I handle multiple user names using a same e-mail? I believe I should generate a unique "random key" for every "user name" and then delivery mails...Thanks

posted date: 2013-01-17 09:56:00


select page: « 1 »
Copyright ©2008-2017 www.momige.com, all rights reserved.