Forgot password logic

 / Published in: PHP

  1. $alert = "";
  2. if(isset($_POST['btnsubmit']) && $_POST['email'] != "")
  3. {
  4. $email = mysql_real_escape_string($_POST['email'], $db->db);
  5. $db->query("SELECT username, password FROM users WHERE email = '$email'");
  6. if(mysql_num_rows($db->result) == 0)
  7. $alert = "<div class='alert'>We're sorry, but we could not find a user with that email address.</div>";
  8. else
  9. {
  10. $alert = "<div class='alert'>Your username and password have been emailed to you.</div>";
  11. $row = mysql_fetch_array($db->result, MYSQL_ASSOC);
  12. $username = $row['username'];
  13. $password = $row['password'];
  14. $msg = "Your login information is:\n\n";
  15. $msg .= "Username: $username\n";
  16. $msg .= "Password: $password\n";
  17. mail($email, "Login Information", $msg, "From:[email protected]");
  18. }
  19. }

Report this snippet  


RSS Icon Subscribe to comments
Posted By: emuman on January 30, 2008

password stored as clear text?

Posted By: Nix on January 7, 2009

You can encrypt them when registering user and reverse the process when recovering pass.

Posted By: Bhawk1990 on October 18, 2010

Excuse me if I'm wrong, but an encryption is good as long as it cannot be decrypted. The usual "Forgot Password Logic" in my opinion is: 1.) User forgots password, requests a new password 2.) User fills a form requesting the e-mail address 3.) The script sends out an e-mail a.) (Optional) The script sends out an e-mail with a link, telling that you have requested a new password and you must click a link in it b.) User receives a new, randomized password. (And the script updates the pass in the database)

Never store passwords in plain text format in your database, it is not secure!

You need to login to post a comment.