|
PHP - Anyway Of Decrypting A Md5 Password? Forgot Pw Form - Help
Hello,
My user login script saves their passwords into my SQL in a md5 encryption. I am currently working on a 'forgot password' that sends the password to their email. The code that pulls out the password is this: echo $req_user_info['pass']; Now is there a way to decrypt the 'pass' (currently nothing is displayed - not even the encryption code) Please help - Ollie Similar TutorialsI am sure this is a simple fix and I am total beginner but thanks to these forums learn alot Here is the code: Code: [Select] http://$host/forgot.php?doReset=Reset&VeriCode=$new_code And when I click the link in email I get the following error The requested URL /forgot.php?doReset=Reset&VeriCode=60dea138b76c71acccfe34d4fab3e004 was not found on this server. If someone needs the full code to help, please PM me. I paid someone to develop my site and for some reason the Forgot Password page is not working. Once the user types in their email address and submits, nothing happens. The user should get a message displayed instantly letting them know if the password was sent or if their account was not found. Any help would be greatly appreciated! Code: [Select] [php] <? include_once "connect.php"; if(isset($_SESSION['RES_LoginID']) && $_SESSION['RES_LoginID']!="") { echo "<script>window.location='myprofile.php';</script>"; exit; } // code to send mail to user (account details) if(isset($_REQUEST["btnLogin"])) { $sel="select name,email,password from users where email='".$_REQUEST['RES_EMAIL']."'"; $urs=mysql_query($sel); if (mysql_affected_rows()>0) // send mail if mail existing in database { $row=mysql_fetch_array($urs); $name=$row['name']; $username=$row['email']; $password=$row['password']; $message="<link href='".WEBSITEURL."site.css' rel='stylesheet' type='text/css' /> <body> <table border=0 cellspacing='5' cellpadding=0 width=600 align='center' class='purple_11'> <tr><td> $SITE_LOGO<br><br> Dear <b>".$name."</b>,<br><br> Your login details a <br> Username : $username<br> Password : $password<br> <br><br> Login at: <a href='".WEBSITEURL."login.php' target='_blank'>$SITE_NAME</a><br><br><br> Thank You,<br> $SITE_NAME </td></tr></table> </body>"; $sub="Forgot Password?"; SendHTMLMail($username,$sub,$message,ADMIN_MAIL); $redirect="<script>window.location='forgot_password.php?msgs=1';</script>"; } else // if mail doesnot match { $redirect="<script>window.location='forgot_password.php?msgs=2';</script>"; } echo $redirect; exit; } // generate message for display $msg=""; if(isset($_REQUEST['msgs'])) { switch($_REQUEST['msgs']) { case 1 : $msg="Your password sent successfully."; break; case 2 : $msg="Email Address does not exists."; break; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]"> <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="<?=$KEYWORD?>" /> <link rel="shortcut icon" href="images/favicon.gif"> <title><?=$SITE_TITLE?></title> <link href="site.css" rel="stylesheet" type="text/css" /> <script language="javascript"> function valid_login() { form=document.frmLogin; if(form.RES_EMAIL.value=="") { alert("Please enter your email.") form.RES_EMAIL.focus(); return false; } else if (!(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(form.RES_EMAIL.value))) { alert("Please enter a proper email address."); form.RES_EMAIL.focus(); return false; } else { form.submit(); } } </script> </head> <body onload="MM_preloadImages('images/about-us-hover.jpg','images/my-pofile-hover.jpg','images/help-hover.jpg','images/home.jpg')"> <table width="1000" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="1251" align="center" valign="top" class="main_bg"><table width="850" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="153" align="left" valign="top"><? include_once "top.php"; ?></td> </tr> <tr> <td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="18"></td> </tr> <tr> <td><table width="822" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="11" align="left" valign="top"><img src="images/white-crv1.jpg" width="11" height="11" /></td> <td width="100%" height="11" class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td> <td width="11" align="right" valign="top"><img src="images/white-crv2.jpg" width="11" height="11" /></td> </tr> <tr> <td width="11" class="gray-left-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td> <td align="center"><? include("gad_hori.php");?></td> <td width="11"class="gray-rightt-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td> </tr> <tr> <td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv3.jpg" width="11" height="11" /></td> <td height="11" class="gray-bot-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td> <td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv4.jpg" width="11" height="11" /></td> </tr> </table></td> </tr> <tr> <td height="73" align="left" valign="top"></td> </tr> <tr> <td align="left" valign="top"><table width="822" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="587" align="left" valign="top"><table width="587" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="19"><img src="images/gray-left-crv.jpg" width="19" height="247" /></td> <td width="321" align="left" valign="top" class="gry-bg-rpt"> <form name="frmLogin" id="frmLogin" action="" method="post"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="20"></td> </tr> <tr> <td height="27" class="gray-bot-bdr red-txt20" valign="top">Forgot Password?</td> </tr> <tr> <td height="25" align="center" valign="middle" class="red-txt12"><?=$msg;?></td> </tr> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2" height="22" align="left" style="padding-left:15px;"><strong>Please enter your E-mail address to get the password .</strong></td> </tr> <tr height="15"><td> </td></tr> <tr> <td width="33%" align="center"><strong>Email Address :</strong></td> <td width="67%"><input name="RES_EMAIL" type="text" class="input" style="width:176px; height:20px;"/></td> </tr> <tr> <td> </td> <td height="40" align="center"> <input type="submit" name="btnLogin" value="" class="btn_submit" title="Sign In" onclick="return valid_login();" /> </td> </tr> <tr> <td> </td> <td height="25" align="left" valign="bottom">Know your password? <a href="login.php">Login here</a></td> </tr> </table></td> </tr> </table> </form> </td> <td width="247" align="left" valign="top" class="red-box2"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="88"> </td> <td> </td> </tr> <tr> <td width="77"> </td> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="85" align="left" valign="top"><img src="images/dont-acc.jpg" width="135" height="65" hspace="10" /></td> </tr> <tr> <td height="40" align="left" valign="top"><a href="register.php"><img src="images/register-but.jpg" alt="Register Here" width="146" height="30" border="0" /></a></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> <td width="235" align="right" valign="top"><? include("square_ads.php");?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td valign="top"><? include_once "bottom.php"; ?></td> </tr> </table></td> </tr> </table> </body> </html>[/php] I'm having a little issue with this script. It's returning: "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89" (Line 89 is: $num_rows1 = mysql_num_rows($result1) and "New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance." I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why? I also checked what is returned in the $result1 variable and it's the number 1. Code: [Select] elseif($_GET['forgot']=="password"){ function &generatePassword($length=9, $strength=0) { $vowels = 'aeiuy'; $consonants = 'bcdfghjkmnpqrstwz'; if ($strength & 1) { $consonants .= 'BCDFGJLMNPQRSTVXZ'; } if ($strength & 2) { $vowels .= "AEIUY"; } if ($strength & 4) { $consonants .= '23456789'; } if ($strength & 8) { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; } $new_password =& generatePassword(); $username=$_POST['username']; $sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if($num_rows==1){ $sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1 = mysql_affected_rows($result1); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ $content.='New password could not be generated. If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.'; } } else{ header("Location: ./index.php?forgot&e=1"); } } Howdy, I am new to PHP and I have not worked on the forum for a couple of months. Well, I can't sign in!!! I am a real noob at this. Any help greatly appreciated. The return email is not set up. So, I can't get a reset going. Can I pull the password file and start again? How can I go about doing this? Thanks in advance. Hello, I have just bought a script off a company. They have decrypted the class, making it impossible for me to know what code it is that I am running or to fully integrate it in to my site. Here's what it looks like: [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]if(!function_exists('findsysfolder')){function findsysfolder($fld){$fld1=dirname($fld);$fld=$fld1.'/scopbin';clearstatcache();if(!is_dir($fld))return findsysfolder($fld1);else return $fld;}}require_once(findsysfolder(__FILE__).'/911006.php'); $REXISTHEDOG4FBI("8541EB75D3956449047EA6AE75337415AC4A68CBB1BC16FEA 2769327ABBF05680D978A350362754371D6ABFE6513761FA2 DD93E984AF55EDAD7A2EBC2F825CA7FD07199B81345FD21 73890B692C2 B44F453FE5080B12DA556216D35698FB3E411 82FE26DED E3595C77EE448C0FD4B102A 71E7ADB7BD4 A68EA6A8DEF1ACA 228D2C51FB76E9D85"); eval(y0666f0acdeed38d4cd9084ade1739498('B69BBFC0CD739DF84C',$REXISTHEDOG4FBI));[/quote] Is it possible for me to decrypt this code? I totally respect why they do it, to stop the distribution of the product, but I just need it so that I can actually see what the code it so that I can USE what I've paid for! I don't know how it works... so How can I possibly integrate it in to my current site? Thanks for any help - Luke [img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /] I'm using mcrypt to encrypt a field and decrypt it. That works OK. But when I insert the encrypted field into a mySQL table, select it, decrypt it and try to display it, I get garbage. What am I missing? Thanks for any suggestions. Here's the code: echo "The encrypt and decrypt example...<br/>"; // Designate string to be encrypted $string = "Ed O'Reilly"; // Encryption/decryption key $key = "arG4thaker2"; // Encryption Algorithm $cipher_alg = MCRYPT_RIJNDAEL_128; // Create the initialization vector for added security. $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), MCRYPT_RAND); // Output original string print "Original string: $string <p>"; // Encrypt $string $encrypted_string = mcrypt_encrypt($cipher_alg, $key, $string, MCRYPT_MODE_CBC, $iv); // Convert to hexadecimal and output to browser print "The encrypted string: ".bin2hex($encrypted_string)."<p>"; $decrypted_string = mcrypt_decrypt($cipher_alg, $key, $encrypted_string, MCRYPT_MODE_CBC, $iv); print "The decrypted string: ".rtrim($decrypted_string).""; echo "<br/>testing db storing & retrieval for the encryption/decryption...<br/>"; # make connection (Game server connections are variable and are done later when needed) if (!$cxnAdmin = mysqli_connect($hostAdmin, $userAdmin, $passwordAdmin, $dbnameAdmin)) { die("Could not connect to MySQL server Admin (".mysqli_connect_error().")"); } $sql="INSERT INTO testdb.nametable ( name, ) VALUES ( '$encrypted_string', 'test@test.com' ) ; "; $result = mysqli_query($cxnAdmin,$sql); if($result == false) { echo "<h4>Error on nametable Insert: ".mysqli_error($cxnAdmin)."</h4>"; } $sql="SELECT name FROM testdb.nametable WHERE email='test@test.com'"; if (!$result = mysqli_query($cxnAdmin,$sql)) { echo "<h4>Error on nametable Select: ".mysqli_error($cxnAdmin)."</h4>"; } $row = mysqli_fetch_assoc($result); extract($row); // Convert to hexadecimal and output to browser print "The encrypted string from db: ".bin2hex($name)."<p>"; $decrypted_name = mcrypt_decrypt($cipher_alg, $key, $name, MCRYPT_MODE_CBC, $iv); print "The decrypted string from db: ".rtrim($decrypted_name).""; and here's the output: The encrypt and decrypt example... Original string: Ed O'Reilly The encrypted string: 01bc70f5dc5a7ca204cb45bd2eeb0214 The decrypted string:Ed O'Reilly testing db storing & retrieval for the encryption/decryption... The encrypted string from db: 5938f7fc81961d2efc6db64607baf465 The decrypted string from db: <garbage characters I can't display here> I'm using PHP and MySQL. I have an application where I'd like to keep certain database (character) fields encrypted when added to the database and stored, but when I need to display them at the appropriate time, I can call a function and quickly decrypt them for display. Does anyone know of a simple way to do this? Thanks! Hi there all, I want to pull news feeds, from a web site and display them .... I have forgot what commands to use to do this. please help. Any example, i am most grateful. Incorrect login attempt 1 \/ Incorrect login attempt 2 \/ Incorrect login attempt 3 -->> ?forgot your login details? What's the most effecient way of achieving this? Is it to: 1. create a session for the user who hasn't logged in 2. the user login fails once, session['fail']=1 3. the user login fails twice, session['fail']=2 4. the user login fails for a third time pushing the session['fail'] count to three: this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system" However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site?? As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can ]) Hello, I'm working on a register script, and basically I would like the user to repeat their password. And I would like PHP to compare the to passwords, and if they both match then it continues, whereas if they don't match it calls an error. Here is what I have so far: Form: Consists of 2 text fields - subpass, and subconfirmpass PHP: $field = "subpass"; if(!$subpass == $subconfirmpass){ $form->setError($field, "* Passwords do not match"); } $field is referring to the text fields in where the user inputs their password $form is keeping track of errors in user submitted forms and the form field values that were entered correctly. I would appreciate your help, Thanks Hello: I wanted to see if I can make my password protected pages in my admin area, and the login form "more secure." I was told I should use MD5 / SALTING / HASHING to do this. I have tried some online tutorials, but am not understanding it, so I wanted to start from what I have and build upon it> This is my database table storing the myAdmins data (when I initially insert it into the database): Code: [Select] CREATE TABLE `myAdmins` ( `id` int(4) NOT NULL auto_increment, `myUserName` varchar(65) NOT NULL default '', `myPassword` varchar(65) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; INSERT INTO myAdmins VALUES("1","abc","123"); This is the login form I use: Code: [Select] <?php include('../include/myConn.php'); include('include/myAdminNav.php'); session_start(); session_destroy(); $message=""; $Login=$_POST['Login']; if($Login){ $myUserName=$_POST['myUserName']; $myPassword=$_POST['myPassword']; $result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'"); if(mysql_num_rows($result)!='0'){ session_register("myUserName"); header("location:a_Home.php"); exit; }else{ $message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>"; } } ?> <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>"> <? echo $message; ?> Username: <input name="myUserName" type="text" id="myUserName" size="40" /> Password: <input name="myPassword" type="password" id="myPassword" size="40" /> <input name="Login" type="submit" id="Login" value="Login" /> </form> This is the code on top of each page I password protect: Code: [Select] <? session_start(); if(!session_is_registered(myUserName)){ header("location:Login.php"); } ?> Works well, but can it be "better"?? And, if I am allowing the admin to update his/her username or password, I do it this way: Code: [Select] <?php include('../include/myConn.php'); include('include/myCheckLogin.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myUserName = mysql_real_escape_string($_POST['myUserName']); $myPassword = mysql_real_escape_string($_POST['myPassword']); $sql = " UPDATE myAdmins SET myUserName = '$myUserName', myPassword = '$myPassword' "; mysql_query($sql) && mysql_affected_rows() ?> <?php } $query=mysql_query("SELECT * FROM myAdmins") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myUserName=$result['myUserName']; $myPassword=$result['myPassword']; } ?> <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> Username: <input type="text" size="60" maxlength="60" name="myUserName" value="<?php echo $myUserName; ?>"> Password: <input type="password" size="60" maxlength="60" name="myPassword" value="<?php echo $myPassword; ?>"> <input type="submit" value="Submit" /> </form> Should it be "better" .. ?? I don't seem to understand how to "encrypt" all of this to make it "stronger" .. Ideas? Improvements? how could we put this into a form? Code: [Select] $username = "@yahoo.com"; $password = "pass"; // do login to facebook $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, "https://login.facebook.com/login.php?m&next=http://m.facebook.com/home.php"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_POSTFIELDS, "email=" . $username . "&pass=" . $password . "&login=Log In"); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . '/cookies_facebook.cookie'); $curlData = curl_exec($curl); curl_close($curl); // do get post url $urlPost = substr($curlData, strpos($curlData, "action=\"/a/home") + 8); $urlPost = substr($urlPost, 0, strpos($urlPost, "\"")); $urlPost = "http://m.facebook.com" . $urlPost; // do get some parameters for updating the status $fbDtsg = substr($curlData, strpos($curlData, "name=\"fb_dtsg\"")); $fbDtsg = substr($fbDtsg, strpos($fbDtsg, "value=") + 7); $fbDtsg = substr($fbDtsg, 0, strpos($fbDtsg, "\"")); $postFormId = substr($curlData, strpos($curlData, "name=\"post_form_id\"")); $postFormId = substr($postFormId, strpos($postFormId, "value=") + 7); $postFormId = substr($postFormId, 0, strpos($postFormId, "\"")); // do update facebook status $statusMessage = "Status updated :-)"; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $urlPost); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, "fb_dtsg=" . $fbDtsg . "&post_form_id=" . $postFormId . "&status=" . $statusMessage . "&update=Update Status"); curl_setopt($curl, CURLOPT_ENCODING, ""); curl_setopt($curl, CURLOPT_COOKIEFILE, getcwd() . '/cookies_facebook.cookie'); curl_setopt($curl, CURLOPT_COOKIEJAR, getcwd() . '/cookies_facebook.cookie'); $curlData = curl_exec($curl); curl_close($curl); echo "Your Facebook status already updated with '" . $statusMessage . "'"; I am trying to use the new way of validating the entered email in a register form. Code: [Select] /* REGISTER FORM */ // check if submit button has been clicked if (isset($_POST['submit_signup'])) { // process and assign variables after post submit button has been clicked $user_email = strip_tags(trim($_POST['email'])); $user_email = filter_var($user_email, FILTER_VALIDATE_EMAIL); $nickname = strip_tags(trim($_POST['nickname'])); $password = $_POST['password']; $repassword = $_POST['repassword']; $month = $_REQUEST['month']; $day = $_REQUEST['day']; $year = $_REQUEST['year']; $dob = $year . "-" . $month . "-" . $day; $find_us_question = strip_tags(trim($_POST['find_us_question'])); // connect to database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $check_query = "SELECT * FROM user WHERE nickname = '$nickname'"; $check_connect = mysqli_query($dbc, $check_query) or die(mysqli_error($dbc)); $check_count = mysqli_num_rows($check_connect); // Check if the email exists twice $query_get = "SELECT email FROM user WHERE email = '$user_email'"; $query_run = mysqli_query($dbc, $query_get); $num_rows = mysqli_num_rows($query_run); // check if username is already taken if ($check_count != 0) { echo "Username already exists!"; } elseif ($num_rows != 0) { echo "This email address is already registered in the database, you can not register it twice."; // check if fields are empty } elseif (empty($user_email) || empty($nickname) || empty($password) || empty($day) || empty($month) || empty($year)) { echo "Please fill out all the fields!"; // check char length of input data } elseif (strlen($nickname) > 30 || strlen($user_email) > 50) { echo "Maximum allowed character length for nickname/firstname/lastname are 30 characters!"; // check password char length } elseif (strlen($password) > 25 || strlen($password) < 6) { echo "Your password must be between 6 and 25 characters!"; // check if passwords match with each other } elseif ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { // encrypt password $password = sha1($password); I would like to implement now an error message stating something along the lines that the entered email address is not valid, how would I have to do the if statement to check the condition? Code: [Select] <?php include 'config.php'; //include 'dbc.php'; ?> <?php function filter($data) { // <--line 6 $data = trim(htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } ?> <?php /******************* ACTIVATION BY FORM**************************/ if ($_POST['doReset']=='Reset') { $err = array(); $msg = array(); foreach($_POST as $key => $value) { $data[$key] = filter($value); } if(!isEmail($data['email'])) { $err[] = "ERROR - Please enter a valid email"; } $email = $data['email']; //check if activ code and user is valid as precaution $rs_check = mysql_query("select id from users where email='$email'") or die (mysql_error()); $num = mysql_num_rows($rs_check); // Match row found with more than 1 results - the user is authenticated. if ( $num <= 0 ) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); } if(empty($err)) { $new_pass = GenPwd(); $pass_reset = MD5($new_pass); //$sha1_new = sha1($new); //set update sha1 of new password + salt $rs_activ = mysql_query("update users set pass='$pass_reset' WHERE email='$email'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); //send email $message = "Here are your new password details ...\n User Email: $email \n Passwd: $new_pass \n Thank You Administrator $host_upper ______________________________________________________ THIS IS AN AUTOMATED RESPONSE. ***DO NOT RESPOND TO THIS EMAIL**** "; mail($email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@$host>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; //$msg = urlencode(); //header("Location: forgot.php?msg=$msg"); //exit(); } } ?> <html> <head> <title>Forgot Password</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#actForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"> <h3 class="titlehdr">Forgot Password</h3> <p> <?php /******************** ERROR MESSAGES************************************************* This code is to show error messages **************************************************************************/ if(!empty($err)) { echo "<div class=\"msg\">"; foreach ($err as $e) { echo "* $e <br>"; } echo "</div>"; } if(!empty($msg)) { echo "<div class=\"msg\">" . $msg[0] . "</div>"; } /******************************* END ********************************/ ?> </p> <p>If you have forgot the account password, you can <strong>reset password</strong> and a new password will be sent to your email address.</p> <form action="forgot.php" method="post" name="actForm" id="actForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="36%">Your Email</td> <td width="64%"><input name="email" type="text" class="required email" id="txtboxn" size="25"></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doReset" type="submit" id="doLogin3" value="Reset"> </p> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> <p align="left"> </p></td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> Fatal error: Cannot redeclare filter() (previously declared in/forgot.php:6) what is wrong ? Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection): $id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'"; $realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena]; $func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];
//Login if(!empty($username)) { // Check the email with database I am having some trouble getting this to pull the password correctly from the database. I believe the problem is from the password being in md5 format. I am not sure how to fix the issue. Much thanks Code: [Select] <?php //signin.php include 'connect.php'; include 'header.php'; echo '<h3>Sign in</h3><br />'; //first, check if the user is already signed in. If that is the case, there is no need to display this page if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true) { echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.'; } else { if($_SERVER['REQUEST_METHOD'] != 'POST') { /*the form hasn't been posted yet, display it note that the action="" will cause the form to post to the same page it is on */ echo '<form method="post" action=""> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password"><br /> <input type="submit" value="Sign in" /> </form>'; } else { /* so, the form has been posted, we'll process the data in three steps: 1. Check the data 2. Let the user refill the wrong fields (if necessary) 3. Varify if the data is correct and return the correct response */ $errors = array(); /* declare the array for later use */ if(!isset($_POST['username'])) { $errors[] = 'The username field must not be empty.'; } if(!isset($_POST['password'])) { $errors[] = 'The password field must not be empty.'; } if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ { echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />'; echo '<ul>'; foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ { echo '<li>' . $value . '</li>'; /* this generates a nice error list */ } echo '</ul>'; } else { //the form has been posted without errors, so save it //notice the use of mysql_real_escape_string, keep everything safe! //also notice the sha1 function which hashes the password $sql = "SELECT userid, username, userlevel FROM users WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . sha1($_POST['password']) . "'"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Something went wrong while signing in. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed, there are 2 possibilities //1. the query returned data, the user can be signed in //2. the query returned an empty result set, the credentials were wrong if(mysql_num_rows($result) == 0) { echo 'You have supplied a wrong user/password combination. Please try again.'; } else { //set the $_SESSION['signed_in'] variable to TRUE $_SESSION['signed_in'] = true; //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages while($row = mysql_fetch_assoc($result)) { $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; } echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.'; } } } } } include 'footer.php'; ?> Hi all, I am trying to make a 'forgot password' script. The passwords in the database are md5 encrypted. Is there a way to reverse this md5 password and send the forgotten password in its orginal for to the user through email? Thanks. <?PHP include("cxn.php"); $sql = "SELECT password FROM Members WHERE email='$_POST[email]'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query"); $num = mysqli_num_rows($result); if ($num >0) // Email Address Found { $password = md5($_POST['password']); // Trying to take the md5 off the password here. $to = "$_POST[email]"; $subj = "Password for website.co.uk"; $mess = "Your password for www.website.co.uk is: \n $_POST['password'] \n Please login with your email address and this password. Thank you."; $mailsend = mail($to,$subj,$mess,$headers); $update= "An email containing your password has been sent to". $_POST['email']."."; include("signin-redirect.php"); } else // Email Address Not Found { $registrationerror = "The email address '$_POST[email]' is already registered!"; include("signin-redirect.php"); } ?> |
|||||||