Any help would be greatly appreciated.

Goals:
1: Send a username / password based on a username and not someone remembering their
email address.

2: If it's possible to send an encrypted key, which would be a link to pass_update.php which would make the user change their password.


This is the form I use:

<table border="0" cellpadding="3" cellspacing="1" >
<tr>
<td valign="top"><strong>Enter your Username : </strong></td>
<td valign="top"><form name="form1" method="post" action="lost.php">
<input name="email_to" type="text" id="mail_to" size="25">
<input type="submit" name="Submit" value="Submit">
</form>
</td>
</tr>
</table>

Php to send information:

<?php
 $host="localhost";                   // Host name 
 $username='username';          // Mysql username 
 $password='password';            // Mysql password 
 $db_name='database name';    // Database name 

  //Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); 
    mysql_select_db("$db_name")or die("cannot select DB");
 
  // value sent from form 
    $email_to=$_POST['email_to'];

  // table name 
    $tbl_name=table_name; 
  
  // retrieve password from table where e-mail = $email_to(name@url.com) 
    $sql="SELECT field,field FROM $tbl_name WHERE field='$email_to'";
    $result=mysql_query($sql);

  // if found this e-mail address, row must be 1 row 
  // keep value in variable name "$count" 
    $count=mysql_num_rows($result);

  // compare if $count =1 row
     if($count==1)
      {
       $rows=mysql_fetch_array($result);

     // keep password in $your_password
       $your_username=$rows['uname'];
       $your_password=$rows['pw'];
     
     // ---------------- SEND MAIL FORM ---------------- 
     
     // send e-mail to ...
       $to=$email_to; 
     
     // Your subject 
       $subject="Your login Information"; 
     
     // From 
       $header="from: email@url.com <email@url.com>"; 
     
     // Your message 
       $messages= "Your password for login to our website \r\n";
       $messages.="Your username is $your_username \r\n";
       $messages.="Your password is $your_password \r\n";
    
     // send email 
       $sentmail = mail($to,$subject,$messages,$header); 

     }

  // else if $count not equal 1 
     else 
      {
       echo "Not found your email in our database";
     } 

 // if your email succesfully sent 
    if($sentmail)
     {
      echo "Your Password Has Been Sent To Your Email Address.";
    }
     else 
      {
       echo "Cannot send password to your e-mail address";
     }
?>

Instead of sending him his username and password, why not send him a link pass_update.php followed by a string of encrypted key. For example,
pass_update.php?secure=hash(email).hash(prev_password_field)
When the user clicks on the link, check if hash of email and hash of previous_password is valid. If yes, then let him change his password. Once he changes his password, this link becomes inactive. You can add more hashes to the link to make it more secure.

can you show me an actual example?

Well, I dont have one. But it should be something like this.

$secure_id=md5($email).md5($password).md5("string"); // get $email, $password from the table for that username
$messages.="<a href='pass_update.php?sec=$secure_id&username=$username'>Update your password here! </a>"; 
...
?>

In pass_update.php,

$sec=$_GET['sec'];
//for that username, fetch his email and password from the table
$table_values=md5($email).md5($password).md5("string");
if($table_values == $sec ) { // valid link 
//show the fields to update the password
} else {
//  invalid link the user clicked on an expired link. 
echo "The link isn't valid anymore! ";
exit;
}

ok, I am sorry for this question:
This code would be in my password.php correct?

$secure_id=md5($email).md5($password).md5("string"); // get $email, $password from the table for that username$messages.="<a href='pass_update.php?sec=$secure_id&username=$username'>Update your password here! </a>"; ...?>

It would be in the mail you send to the users.

Ok, Now I am confused and unsure how to combine everything.

Instead of passing the strings (your username is.. your password is..) in $message, pass the link. So the user gets the link from where he can update his password.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.