Can anyone tell me how to allow users to retrieve a password by e-mail?

What I want to do is have them enter their e-mail address (which is the primary key for users in the MySQL database) in a form, press submit, and have their record sent by e-mail to that address. How can I do that?

I posted an example of my script to do just this at the link below, you will probably have to change it. Let me know if it helps.
Mike.

www.udzone.com/forum/topic.asp?TOPIC_ID=11408&FORUM_ID=67&CAT_ID=5&Topic_Title=Forgotton+Username+or+Password+Retrieval&Forum_Title=PHP

I have looked over your post. It is probably really good, My problem is that I am very new to php and have been using phakt for most of it. How would I use a query from phakt and tell it to do this? (below is my attempt at adapting this:

<?php
$rsForgot__MMColParam = "email_user";
if (isset($MM_EmptyValue))
{$rsForgot__MMColParam = $MM_EmptyValue;}
?><?php
$rsForgot=$connSignup->Execute("SELECT * FROM Registrants WHERE email_user = '" . ($rsForgot__MMColParam) . "'" or DIE($connSignup->ErrorMsg());
$rsForgot_numRows=0;
$rsForgot__totalRows=$rsForgot->RecordCount();
if ($num_results < 1)
{
$header = "No Such Username!"; //displays this if no username exists
}
else
{
$row = mysql_result($result, 0, "password"; //send password reminder
$row2 = mysql_result($result, 0, "email";
$toaddress = $row2;
$subject = "your subject";
$mailcontent = "Your password is ".$row;
$fromaddress = "from address";
$additional_headers = "From: from address";
mail($toaddress, $subject, $mailcontent,$additional_headers);
$header = "Your password has been sent to ".$row2;
}
?>

Also, How do I call the form? Sorry to be such a Newbie.

You are not alone, I am very new to php myself and I am not at all happy trying to meddle with the UD behaviours. I put my code in a different page called forgot.php and passed it the necessary variables eg. username. I just made the form post to forgot.php and put a redirect at the bottom of the script so that the user would be returned to the sending page.
It is maybe not the most refined solution but hey it works for me!. If this makes sense great, if not I would be happy to post the full script if you can make use of it.

Mike.

If you would post the script, that would be great. I think it would allow me to better understand the process. Thanks Mike!

When I get this all figured out, I think I might post a tutorial on logins, passwords etc. on this site. It would help a lot of people I think.

--Ryan



Edited by - ryans on 10/26/2001 15:01:48

Here is the code as promised. I included the database structure also. All you have to do to make this page work is save it as password2.php and change the MySql and From: email settings to your own settings. I use this script in all my sites which are built with PHAkt.
If I can make the function of any of the code any clearer please let me know.

Remember to remove this before saving the page!
# ---------- MySQL dump ----------
#
# Table structure for table 'myuser'
#
CREATE TABLE myuser (
username varchar(16) DEFAULT '' NOT NULL ,
password varchar(16) DEFAULT '' NOT NULL ,
PRIMARY KEY (username)
);

# ----------- Dump ends -----------


<?php
// CONNECT TO THE DATABASE CATCHING ERRORS IF THEY OCCUR
@ $db = mysql_pconnect("localhost", "dbname", "password";
if (!$db)
{
echo "ERROR: could not connect to the database at this time. Please try later.";
}


// IF THE USERNAME VARIABLE IS SET CHECK IT FOR DAMAGING CODE
// AND RELOAD THE PAGE SHOWING THE WARNING INVALID PASSWORD
if ($username)
{
$username = trim($username);
$username = strip_tags($username);
if(!ereg('^[a-zA-Z0-9]{6,12}$',$username))
{
header("Location: password2.php?warn=Invalid Password";
}

// SELECT THE APPROPRIATE DATABASE AND SEE IF THE USERNAME EXISTS
// RELOAD PAGE IF USERNAME DOES NOT EXIST AND SHOW WARNING
mysql_select_db("dbname";
$query = "SELECT * from myuser WHERE username = '$username'";
$result = mysql_query($query);
$num_results = mysql_num_rows($result);
if ($num_results < 1)
{
header("Location: password2.php?warn=User does not exist";
}
else
// IF USERNAME EXISTS GET PASSWORD & EMAIL ADDRESS
// FROM DATABASE AND MAIL PASSWORD TO THE REGISTERED EMAIL ADDRESS
{
$row = mysql_result($result, 0, "password";
$row2 = mysql_result($result, 0, "email";
$toaddress = $row2;
$subject = "Password Reminder";
$mailcontent = "Your password is ".$row;
$additional_headers = "From: your ";
mail($toaddress, $subject, $mailcontent,$additional_headers);
}
}
?>


<html>
<head>
<title>Remind Me</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<?php echo $warn ?>
<form name="form1" method="post" action="password2.php">
Enter Username
<input type="text" name="username">
<input type="submit" name="Submit" value="Get new Password">
</form>
</body>
</html>



Edited by - carphone on 10/26/2001 17:45:55

OOPS! forgot to read your first post.
If your primary key is an email address you will have to do away with or modify this part of the code. It only allows usernames containing letters and numbers, strips off html tags / spaces etc. for security, and makes sure usernames are between 6 and 12 digits long.

$username = trim($username);
$username = strip_tags($username);
if(!ereg('^[a-zA-Z0-9]{6,12}$',$username))
{
header("Location: password2.php?warn=Invalid Password";
}

Have fun
Mike.

Well, Im close, but this still does not work. I can see where you're going with this, and I know it should work. I think the problem is that I cant make the db connedtion this way: @ $db = mysql_pconnect("localhost", "dbname", "password"; I think this has to do with the way I installed PHP. I don't think I allowed for MySQL Variables. My connection to MySQL is through adodb. I'll just keep at it but thanks for the help.

Folk's

It's bad practice to store plain text passwords in a database.
Mysql has a password function already,but if you wish to allow a user to retrieve his/her password then look at the mycrypt() functions which is a two way encryption method.
www.php.net/manual/en/function.mcrypt-encrypt.php

George


Everybody has got to be somewhere

I completely agree with george statement.

Further, I'd suggest you not to resend the password, but instead, generate a new aleatory password, then eventually, store it in mysql, with PASSWORD() function or with any other crypt function (md5,...)

Bruno


--- Better to die trying, than never try at all ---

The guys are spot on about the password encryption, I intend to convert to this before the database goes live.

You can do without the @ and chenge pconnect to connect. Don't know if this will help but it is worth a try.
Mike.

I am planning on using the 'user authentication extras' extension to store passwords (or something similar). My site is not live yet either.

The truth is, I would first rather see this work. I am getting closer, but I still cannot properly query the database to to send anything by email. It simply wont make the query.

I have figured out how to make the adodb connection that's with:
include("./adodb/adodb.inc.php";
$db = NewADOConnection('mysql');
$db the actual connection

I'd be open to learning how to reset the password to something else and sending that to the user, but I dont know where to begin with that. Any hints?



Edited by - ryans on 11/01/2001 16:15:22

Eureka!! I got it, and it is everything I hoped it could be. I even changed the code to use the password() function to encrypt the passwords. I'll post the code if anyone would benefit from it. Let me know! Thanks to all of you for your suggestions!