MD5 forgot password

Question

whiteyoh 0 Posting Pro in Training

15 Years Ago

Hi,

I have a working account generator, which passes the password to mysql with MD5.

I am currently working on a forgot password script, which generates a new password and stores as md5, then emails the user, however, the new password is not recognised.

This is the forgot script. Can anybody see where the issue lies?

If required i can post the login execution script

<?php
session_start();  // Start Session
session_register("session");
include 'connect.php';
// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables  
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {
?>
<h2>Recover a forgotten password!</h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <p class="style3"><label for="email_address">Email:</label>
    <input type="text" title="Please enter your email address" name="email_address" size="30"/></p>
    <p class="style3"><label title="Reset Password">&nbsp</label>
    <input type="submit" value="Submit" class="submit-button"/></p>
</form>
<?php
}
elseif (empty($email_address)) {
    echo $empty_fields_message;
}
else {
$email_address=mysql_real_escape_string($email_address);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
$msg="Your email address is not correct<BR>"; 
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  $query="SELECT * FROM members WHERE email = '$email_address'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email_address;// email is stored to a variable
 if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='http://www.jackgodfrey.org.uk/register'>Register</a> </center>"; exit;}
function makeRandomPassword() { 
          $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
          srand((double)microtime()*1000000);  
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
                $i++; 
          } 
          return $pass; 
    } 
    $random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
     
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'"); 
     
    $subject = "Your password at www.silverlinksoftware.com"; 
    $message = "Hi, we have reset your password. 
     
    New Password: $random_password 
     
    http://www.domaincom/admin/login-form.php
    Once logged in you can change your password 
     
    Thanks! 
    Site admin 
     
    This is an automated response, please do not reply!"; 
     
    mail($email_address, $subject, $message, "From: Silverlinksoftware.com Webmaster<me@hotmail.com>\n 
        X-Mailer: PHP/" . phpversion()); 
    echo "Your password has been sent! Please check your email!<br />"; 
    echo "<br><br>Click <a href='http://www.domain.com/admin/login-form.php'>here</a> to login";
 } 
 else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
}
?>

php

6 Contributors
7 Replies
2K Views
9 Years Discussion Span
Latest Post 5 Years Ago Latest Post by rproffitt

TommyBs 1 Junior Poster in Training

15 Years Ago

I take it you've tried the usual steps of displaying mysql_error(), using echo to display the results so that you can see the plain new password as well as the md5 password and then comparing that with what is in the database?

rproffitt 2,662 "Nothing to see here."

5 Years Ago

@Haile_3, burying your posts under such an old discussion usually gets nothing. Try again but in a new post with all the details about the problem.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

hireaprogrammer -1 Junior Poster in Training · Answer 1 · 2009-08-08T13:29:59+00:00

$random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
      echo md5($db_password);
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'");
echo $db_password

You will see both Password and please match with database i hope you will get solution .

Please conform that your login working or not with MD5 please...

sehr_an 0 Newbie Poster · Answer 2 · 2012-01-13T20:14:57+00:00

sehr_an 0 Newbie Poster

12 Years Ago

Thanks

Haile_3 0 Newbie Poster · Answer 3 · 2019-04-21T23:11:48+00:00

well stay, sis, thank you for wellcom, i like for join to this, i hope have agood interaction to the community. thank you again

Haile_3 0 Newbie Poster · Answer 4 · 2019-04-21T23:15:39+00:00

I would like to introduce my self, i am under graguate university student, do you can help me? i

Haile_3 0 Newbie Poster · Answer 5 · 2019-04-21T23:20:07+00:00

i need, to get digital signature by phph / java/ js o/ other you can help with this well, but you can't,
incipt and Decript by php/java or other, please?