Jump to content

Password reminder

Daslee

By Daslee
in PHP Coding Help

 Share

Recommended Posts

Daslee Newbie

Daslee

Posted
Posted

Hi, im trying to make a password reminder for my game server accounts. Ok, so now in mysql i have table with 2 fields: email and pass. Here is my php coding to remind password:

<?php
session_start();
include "./global.php";
?>
<html>
<head>
<title>Password Reminder</title>
</head>
<body>
<?php

if(!isset ($_POST['submit'])) {
echo "Your e-mail: <input type='input' name='email'> <input type='submit' name='submit' value='Ok'>\n";
}else{
$to = $_POST['email'];
if($to) {
	$sql = "SELECT pass FROM fpass WHERE email='".$to."'";
	$res = mysql_query($sql) or die(mysql_error());
	if(mysql_num_rows($res) > 0) {
		$rrow = mysql_fetch_assoc($res);
		echo "Your password is: '".$rrow['pass']."'";
	}else{
		echo "The e-mail that you supplied does not exist!\n";
	}
}else{
	echo "E-Mail field is empty! Please fill it up.\n";
}
}
?>
</body>
</html>

 

global.php connects to mysql. But now when i typing email, the it should select password from table fpass where email = my typed email. But when i click Ok button, then it don't doing anything...

It should show me this: Your password is: blabla...

Link to comment
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

"then it don't doing anything..." isn't a productive description of your problem.  What would be better would be telling us exactly what it DOES do (even if it's only producing a blank page) versus what you are trying to make it do.

 

In addition to that, a couple of things you should be aware of :

1- you should never store passwords in plain text

2- all I or anyone else would need to gain someones password would be their email address (you should at least think about mailing the associated password to the address given)

3- you have no data sanitisation what so ever going on in the page, and as such your form is completly open to attack.

Link to comment
Share on other sites
coolcam262 Newbie

coolcam262

Posted
Posted

Like what is said in the above post you shouldn't ever store a users password in a text format. You should at least md5 encrypt it and then if a user forgets their password either allow them to enter their username and email and give them a new, randomly generated password or make them choose a new one when emailed a specific link. Then just update the database with the md5ed new password.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.