Learn VBA & Macros in 1 Week!

PHP - Php Password Recovery With Secret Question Script

Full Excel VBA Course - Beginner to Expert

Php Password Recovery With Secret Question Script	View Content

I am needing help designing password recover script.

This script must include a password recovery script.

I am needing for the person to reset there password, need to first answer a form named: Your Email.

If the email is found, it goes to another form that asks for the secret answer.

Then it goes to a form that asks the answer of there secret question that they entered when they first signed up.

If the answer is correct it updates the database table value of the password with a random string generated with:

abcdefghijklmnopqrstuvwxyz023456789

And it also, sends that password to the email provided.

What I am wanting to know, is how would the code with the if statements would be structured like and the column types and names.

Or if anyone has ever created something like this, and would be glad to post a snippet of there code would be great.

Full Excel VBA Course - Beginner to Expert

Similar Tutorials

Trouble With Password Recovery Script

Password Recovery Problem

Should "secret Questions" Be Used To Allow Password Changes?

Recovery Of Datafields From A Special Get Form

Lost Password Script

Update Password Script

Reset Password Script Help

Set Password Script Is Not Working

Lostpassword Secret Code Need Some Help!

Get Github Secret (env) Variable Value In Php

Lost Username/password Script

Forgot Password/username Script

Encrypt Password In Login Script

Php Password Change Script With Validation ??

Problem With Mysqli (password-reset Script)

Checking Password Length With If Statement Not Working! (register Script)

Change Password... Doesnt Seem To Work, Just Resets Password

How To Decrypt Password Which Is Encrypted By Sha($password) Technique.

Moved: Password Security During Password Reset

Question About After A Script Is Executed

Learn VBA & Macros for Excel in 1 Week!

Trouble With Password Recovery Script

Similar Tutorials

Hi,

I'm very new to PHP.

I've been working on this code for password recovery for a week and I'm pretty close, but I'm having problems understanding why I keep getting the:

"Can not send password to your email address". I know for certain that it has found the email in the table, but why is it still having problems sending? There are no other error messages thrown.

Code: [Select]
function frm_lostpass()
{
global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo;
if(isset($_GET['check']) and trim($_GET['check'])=='ok')
{
$email = $In->get('email',0,'');
$sql_check ="SELECT Count(m.Email) AS numrows FROM tbl_member AS m\n"
."WHERE m.Email = '$email'\n";
$numrow=$db->sql_get_first($sql_check);
if($numrow['numrows']!=1)
{
return "<center>Email not found !</center>";
}
else
{

global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo;

// value sent from form
$email_to=$_POST['email_to'];

// retrieve password from table where e-mail = $email_to
$sql ="SELECT m.Password FROM tbl_member AS m\n"
."WHERE m.Email = '$email'\n";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email_to;

// Your subject
$subject="Your password here";

// From
$header="example@example.com";

// Your message
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $your_password \r\n";
$messages.="more message... \r\n";

// send email
$sentmail = mail($to,$subject,$messages,$header);

}

// else if $count not equal 1
else {
return "That email address is not found in our database";
}

// if your email succesfully sent
if($sentmail){
return "&emsp;&emsp;Your Password Has Been Sent To Your Email Address.";
}
else {
return "&emsp;&emsp;Cannot send password to your e-mail address";
}

}
}
else
{
$skn ->set_file( 'lost_pass', 'member/frm_lostpass.html' );
return $skn -> output('lost_pass');
}
}

Password Recovery Problem

Similar Tutorials

Hi, im having trouble with the below code which is used in case user forgets password. If i enter username and ANY email, it will send there "Username" and "Password". off course i just want it to be sent only to existing email in db. any ideas? Thank you.

<?
include("fns.php");
include "config.php";
if(isset($_POST['Submit'])){
//1. Check if form fields are filled in
if(!filledin($_POST)){
header( "Location:Messages.php?msg=7" );
exit();
}
$name=$_POST['name'];
$em=$_POST['mail'];

//2. Check if entered name exist

$query="Select pw from user where uname='$name'" or die(mysql_error());
$result= mysql_query($query);

if(mysql_num_rows($result)>0){
for ($i=0; $i<mysql_num_rows($result); $i++) {
$row = mysql_fetch_assoc($result);

$pass=$row['pw'];
$to="$em\r\n";
$from="From: \r\n";
$msg="Password:$pass\r\n";
$msg .="Username:$name\r\n";
$msg .="Your login information\r\n";
$subject=" Your Login Password\r\n";
}
}else{
header( "Location:Messages.php?msg=8" );
exit();
}

//4. Send password to user
if(mail($to,$subject,$msg,$from)){
header( "Location:Messages.php?msg=9&email=<?php echo $em; ?>" );
exit();
//echo "Please click here to log";
}else{
header( "Location:Messages.php?msg=10");
exit();
}
}

Should "secret Questions" Be Used To Allow Password Changes?

Similar Tutorials

I've done the "what is your mother's maiden name" or "what is your favorite football team" in the past, but have started coming to the conclusion that that using such weak information is counterproductive. I've recently came across https://www.owasp.or...ord_Cheat_Sheet which recommends using secret question challenges. I typically feel owasp is on target, however, am not so sure on this occasion. Note that for my situation, I have the user's email. Please advise.
Edited by NotionCommotion, 19 December 2014 - 08:38 AM.

Recovery Of Datafields From A Special Get Form

Similar Tutorials

I generate php form lines from a database but cannot work out how to recover the text fields for lines 1, 2 & 4 using get or post - can anyone help?

The url string below(get to see what is happening) contains titles BF and SG in lines 1 and 2 for the field name 'book' and then TG for line 4 but no title for line 3:

http://localhost/test/test.php
?book%5BArray%3F%5D=BF&row_count=Array%3F
&book%5BArray%3F%5D=SG&row_count=Array%3F
&book%5BArray%3F%5D=&row_count=Array%3F
&book%5BArray%3F%5D=TG&row_count=Array%3F

Lost Password Script

Similar Tutorials

Okay I am a beginner and haven't coded in months. I am trying to find a tutorial or help figuring out how to build a lost password script for user log-in system I built a while ago.

Can anyone help with either something that works that I can learn from, a tutorial somewhere?

thanks
Tim

Update Password Script

Similar Tutorials

I have a script to let the user update their password, when I submit it i get a 500 error and I'm not sure.

Here is the code:
If (isset($_POST['update-password'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['oldpw'] || !$_POST['pass'] || !$_POST['pass2'] ) {
$error="<span style=";
$error .="color:red";
$error .=">";
$error .= "You did not complete all of the required fields";
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location /useredit.php');
exit;
}

// checks if the password is correct
$pass = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
$check = mysql_real_escape_string("SELECT * FROM YBK_Login WHERE pass = '{$pass}'");
mysql_query($check) or die( 'Query string: ' . $check . '<br />Produced an error: ' . mysql_error() . '<br />' );

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
$error="<span style=";
$error .="color:red";
$error .=">";
$error .= 'Your passwords did not match.';
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location: /useredit.php');
exit;
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['pass2'] = addslashes($_POST['pass2']);
}

// now we insert it into the database
mysql_real_escape_string($insert = "UPDATE `YBK_Login` SET `pass` = '{$_POST['pass']}', `HR` = '{$_POST['pass2']}', `comment` = '{$_POST['oldpw']}' WHERE `ID` = {$_COOKIE['UID_WatsonN']}");
mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );
$error="<span style=";
$error .="color:green";
$error .=">";
$error .= "<p>Thank you, your password has been updated.</p>";
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location: /useredit.php');
exit;
}

Reset Password Script Help

Similar Tutorials

This works up until if (email == email2){
What is wrong? Is it a problem with the queries?

if(isset($_SESSION['rest']) || isset($_SESSION['chef'])){ header('Location:index.php');}

if (isset($_POST['submit'])) {

$errors = array();

// VALIDATION SCRIPT HERE

$newpass = generatepassword();

$link = mysql_connect("****","*****","******") or die ("Could not connect!");
mysql_select_db("****");
$query = "SELECT `username`, `type` FROM `users` WHERE `username`='$username'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))

{$type = $row['type'];}

$numrows = mysql_num_rows($result);
if ($numrows!=1){

$errors[] = 'Username not Found (Usernames are case sensitive)';}

if($email == '' || $username == ''){

$errors[] = 'Please Fill in all Fields';}

if (empty($errors)){

if ($type = 1){

$res1 = mysql_query("SELECT `username`,`email` FROM `rests` WHERE `username`='$username'");

while($row1 = mysql_fetch_array($res1))

{$email2 = $row1['email'];}
}else{

$res2 = mysql_query("SELECT `username`,`email`

FROM `chefs` WHERE `username`='$username'");

while($row2 = mysql_fetch_array($res2))

{$email2 = $row2['email'];}

if ($email2 == $email)
{

echo $newpass;

mysql_query("UPDATE `users` SET `password` = '$newpass' WHERE `username`='$username'");

//SEND EMAIL

$my_email = 'enquiries@bakerdesigns.co.uk';

$email_from = 'Chef Match';

$email_subject = "Your New Password :: Chef Match";

$message = "Your new password is $newpass<br>You may change this via your control panel later.";

$referer = $_SERVER['HTTP_REFERER'];
    $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];
    if ($referer != $this_url) {
        echo "You do not have permission to use this script from another URL.";
        exit; }

$from = "From: $email2\r\n";
    mail($email2, $email_subject, $message, $from);

    $thanks = 'An email has been sent to $email2 containing your new password. Please check your junk folder.';

}}
}else{$errors[] = 'Email did not match Username';
$thanks = 'Email could not be sent.';}
}

Set Password Script Is Not Working

Similar Tutorials

here is my change password script (This is being done by the admin)

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

require 'connect.php';

if(isset($_POST['change'])) {

	$newp = trim($_POST['npass']);
	$confp = trim($_POST['cpass']);

	if(empty(trim($newp))) {

		echo "<h3><center>You did not enter a new password!</center></h3>";

		exit();

	} if(empty(trim($confp))) {

		echo "<h3><center>You must confirm the password!</center></h3>";

		exit();

	} if($confp !== $newp) {

		echo "Passwords do not match!, try again.";
	} else {

		$sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '";

		echo " ".$row['username']."\s password has been reset! ";
	}
}

?>

<html><title>  Change password  </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head>
<body>
<div id="form">
	<form action='' method='POST'>
	<h2><b><center>Change Password</center></b></h2><br>
	<tr>
	<td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br>
	<td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br>
	<td><input type="submit" name="change" value="Change!" /></td>
</tr>
</form>
</div><!-- end of form div -->
</body>
</html>

I'm getting

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32

And it say's

\s password has been reset!

It's saying that the variable row is undefined, it's defined in my edit user / select user page

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

session_start();

require 'connect.php';

echo "<title>  Edit a user  </title>";

$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
   	echo "<div id='l'><tr><td>{$row['username']}</td>&nbsp;|
        <td><a href='editUser.php?id={$row['id']}'>Edit User</a>&nbsp;|</td>
        <td><a href='changepassword.php?id={$row['id']}'>Change Password</a>&nbsp;|</td>
        <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br>
        </tr></div>\n";
}


?>

Also it doesn't actually UPDATE the password.

Lostpassword Secret Code Need Some Help!

Similar Tutorials

Hey my name is Byllan i search someone who can done my script? I have start a bit but im not the best one in .php im noob.

That i want with the script is the script check if username and that is true if yes it show up the password under the button. If no there will be a message. Something is wrong here please check it.
http://apelsinen.com/?p=lostpassword

If you enter http://apelsinen.com/?p=register
I think you will understand the whole thing with my idea!

lostpassword.php
<b>Forgot Password</b>
<?php

?>
<html>
<body>
<br>
<tr>
<td>Your Username:</td>
<td><input type="text" name="user" value=""></td>
</tr>
<br>
<tr>
<td>Your Mail:</td>
<td><input type="text" name="user" value=""></td>
</tr>
<br>
<tr>
<td>Your Name:</td>
<td><input type="text" name="user" value=""></td>
</tr>
<br>
<tr>
<td>Your Secret Code:</td>
<td><input type="text" name="user" value=""></td>
</tr>
<br>
<tr>
<td colspan="2">

<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="Get Password">
</td>
</tr>

</table>
</form>
<br>
<br>
</html>
</body>

Get Github Secret (env) Variable Value In Php

Similar Tutorials

Hi, I come to know that we can use secret vars of out GIT Project to store password. But can you tell me how can we access it in PHP and how I can get same data at localhost xamp server?

Thanks in advance.

Lost Username/password Script

Similar Tutorials

I've never actually done a username password, retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW?

thanks!

Forgot Password/username Script

Similar Tutorials

I'm having a little issue with this script. It's returning:

"Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89"
(Line 89 is: $num_rows1 = mysql_num_rows($result1)

and

"New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance."

I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why?

I also checked what is returned in the $result1 variable and it's the number 1.

Code: [Select]
elseif($_GET['forgot']=="password"){

function &generatePassword($length=9, $strength=0) {
$vowels = 'aeiuy';
$consonants = 'bcdfghjkmnpqrstwz';
if ($strength & 1) {
$consonants .= 'BCDFGJLMNPQRSTVXZ';
}
if ($strength & 2) {
$vowels .= "AEIUY";
}
if ($strength & 4) {
$consonants .= '23456789';
}
if ($strength & 8) {
$consonants .= '@#$%';
}

$password = '';
$alt = time() % 2;
for ($i = 0; $i < $length; $i++) {
if ($alt == 1) {
$password .= $consonants[(rand() % strlen($consonants))];
$alt = 0;
} else {
$password .= $vowels[(rand() % strlen($vowels))];
$alt = 1;
}
}
return $password;
}

$new_password =& generatePassword();

$username=$_POST['username'];
$sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'";
$result=mysql_query($sql);
$num_rows = mysql_num_rows($result);

if($num_rows==1){
$sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'";
$result1=mysql_query($sql1);
$num_rows1 = mysql_affected_rows($result1);

if($num_rows1==1){
$content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />';
$message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen.
Below is the newly generated password:

Password: '.$new_password.'

Once you log-in, please change your password.

Thank You,
Make the Movie Happen Support Team
';
mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com');
}

else{
$content.='New password could not be generated.
If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.';
}

}
else{
header("Location: ./index.php?forgot&e=1");
}
}

Encrypt Password In Login Script

Similar Tutorials

Hi.

I have made a login script, but I would wan't to encrypt the password.
I followed a tutorial and got this:
login.php
<?php
$password = "secret";

echo $password;
/* displays secret */

$password = sha1($password);

echo $password;
/* displays e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 */
?>
<form action="validate.php" method="post">
  <label for="username">Username</label>
  <input type="text" name="username" id="username" />
  <br />
  <label for="password">Password</label>
  <input type="password" name="password" id="password" />
  <br />
  <input type="submit" name="submit" value="Submit" />
</form>
<?php
?>

validate.php

<?php
include "setup.php";

/* get the incoming ID and password hash */
$username=$_POST['username'];
$password=$_POST['password'];
$password=md5($password); // Encrypted Password

/* establish a connection with the database */
$server = mysql_connect("$db_host", "$db_username","$db_password");
if (!$server) die(mysql_error());
mysql_select_db("$database");


/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'";

/* query the database */
$result = mysql_query($query);

/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
  echo "Access Granted: Welcome, $username!";
else
  echo "Access Denied: Invalid Credentials.";

mysql_close($server);
?>

Its the line $password=md5($password); // Encrypted Password
that messes everything up.
If I delete it and login, everything is fine, if I add it it says Code: [Select]
Access Denied: Invalid Credentials
I need help with this one!
And if someone have time, give me some ideas how to make PHP scripts safer!

Regards
Worqy

Php Password Change Script With Validation ??

Similar Tutorials

Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code :

<?php
session_start();
include "connection.php";
//include_once('header1.php');
$msg="";

if($_SERVER['REQUEST_METHOD']=='POST' &&
empty($_POST['username']) ||
empty($_POST['password']) ||
empty($_POST['newpass']) ||
empty($_POST['newpassconfirm'])

)
{
$msg="empty fields";
}

{
$user=$_POST['username'];
$pass=$_POST['password'];
$newpass=$_POST['newpass'];
$confirmpass=$_POST['newpassconfirm'];

$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result)
{
$msg="The Username You Entered Does not Exist";
}
elseif($pass!= mysql_result($result,0))
{
echo $msg="You Entered An Incorrect Password";
}
if($newpass != $confirmpass)
{ $msg = "Passwords do not match"; }
elseif($newpass=$confirmpass)
$sql=mysql_query("update user set password='$newpass' where username ='$user'");

if($sql)
{
echo "Congrats you have successfully changed your password.";
}
header('refresh:3 databases.php');
}
{
?>

<html>
<body>
<?php echo $msg ; ?>
<form class="changepass" action="changepass.php" method="POST"><P>
<table><tr><td>
Enter ur username :</td> <td> <input type="text" name="username" /></td></tr>
<tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr>
<tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr>
<tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr>
<tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr>

</table>

</form>
</body>
</html>

<?php }?>

Problem With Mysqli (password-reset Script)

Similar Tutorials

<?php

if (isset($_POST['reset-submit'])) {
    $selector = $_POST['selector'];
    $validator = $_POST['validator'];
    $password = $_POST['password'];
    $password2 = $_POST['password2'];

    // probably better to check this earlier
    if (empty($password) || empty($password2)) {
        header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator");
    } elseif ($password !== $password2) {
        header("Location: ../create-new-password.php?newpassword=passwordsnotmatch");
    }

    $currentDate = date("U");

    require "dbh.inc.php";
    
    $sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate";
    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo "SQL error 1";
        exit();
    } else {
        mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate);
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        
        if (!$row = mysqli_fetch_assoc($result)) {
            echo 'You need to re-submit your reset request.';
            exit();
        } else {
            $tokenBin = hex2bin($validator);
            $tokenCheck = password_verify($tokenBin, $row['token']);

            if (!$tokenCheck) {
                echo 'You need to re-submit your reset request.';
                exit();
            } else {
                $email = $row['email'];
                $sql = "SELECT * FROM users WHERE email = $email";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    echo "SQL error 2";
                    exit();
                } else {
                    mysqli_stmt_bind_param($stmt, 's', $email);
                    mysqli_stmt_execute($stmt);
                    $result = mysqli_stmt_get_result($stmt);
                    if (!$row = mysqli_fetch_assoc($result)) {
                        echo "SQL error 3";
                        exit();
                    } else {
                        $sql = "UPDATE users SET password=? WHERE email=?";
                        $stmt = mysqli_stmt_init($conn);
                        if (!mysqli_stmt_prepare($stmt, $sql)) {
                            echo "SQL error4 ";
                            exit();
                        } else {
                            $hashed_password = password_hash($password, PASSWORD_DEFAULT);
                            mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email);
                            mysqli_stmt_execute($stmt);
                            $sql = 'DELETE FROM reset_password WHERE email=?';
                            $stmt = mysqli_stmt_init($conn);
                            if (!mysqli_stmt_prepare($stmt, $sql)) {
                                echo 'SQL error5';
                                exit();
                            } else {
                                mysqli_stmt_bind_param($stmt, 's', $email);
                                mysqli_stmt_execute($stmt);
                                header("Location: ../signup.php?newpassword=updated");
                            }
                        }
                    }
                }
            }
        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);

    header('Location: ../reset-password.php?reset=success');
} else {
    header('Location: ../index.php');
}

I always get this errors:

Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 30
You need to re-submit your reset request.

But i dont find the mistake in the Code. Can someone help me please

Checking Password Length With If Statement Not Working! (register Script)

Similar Tutorials

This is my registering script:

<?php
include('connectvars.php');

$user_email = strip_tags(trim($_POST['email']));
$firstname = strip_tags(trim($_POST['firstname']));
$lastname = strip_tags(trim($_POST['lastname']));
$nickname = strip_tags(trim($_POST['nickname']));
$password = strip_tags($_POST['password']);
$repassword = strip_tags($_POST['repassword']);
$dob = $_POST['dob'];
$find_us_question = strip_tags(trim($_POST['find_us_question']));

if (isset($_POST['submit_signup'])) {

if ((empty($user_email)) || (empty($firstname)) || (empty($lastname)) || (empty($nickname)) || (empty($password)) || (empty($dob))) {

echo "Please fill out all the fields!";

} else {
// check char length of input data
if (($nickname > 30) || ($firstname > 30) || ($lastname > 30) || ($user_email > 50)) {

echo "Your nickname, first- and/or lastname seem to be too long, please make sure you have them below the maximum allowed length of 30 characters!";

} else {

// check password char length
if (($password > 25) || ($password < 6)) {
echo "Your password must be between 6 and 25 characters!";

} else {
// encrypt password
$password = sha1($password);
$repassword = sha1($repassword);

if ($password != $repassword) {
echo "Please make sure your passwords are matching!";

} else {

$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

$query = sprintf("INSERT INTO user (firstname, lastname, nickname, password, email, dob, doj) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', now())",
mysqli_real_escape_string($dbc, $firstname),
mysqli_real_escape_string($dbc, $lastname),
mysqli_real_escape_string($dbc, $nickname),
mysqli_real_escape_string($dbc, $password),
mysqli_real_escape_string($dbc, $user_email),
$dob);

mysqli_query($dbc, $query);

mysqli_close($dbc);

echo "You have been successfully registered!";

}

}
}
}
}

?>

A bunch of nested if statements, the read-ability gets worse after a while, I'm new to programming so I don't know if there's a better more read-able solution.

Anyway, every time I try to sign up it's printing out the echo message:
"Your password must be between 6 and 25 characters!"

Which derives from:

// check password char length
if (($password > 25) || ($password < 6)) {
echo "Your password must be between 6 and 25 characters!";

} else {

EVEN if I stay between 6 and 25 characters it's still printing out this error message, let's say I have a password of 8 characters, and I've entered everything else correctly, it's still giving me all the time this error message, and I can not figure out why.

Change Password... Doesnt Seem To Work, Just Resets Password

Similar Tutorials

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];

            echo "

               <h4>Options for:</h4>   $username
               <br />
               <br />
               First name:   $firstname

               <br />Last name:   $lastname

   <br /><br /><h3>Want to change your password:</h3><br />

      <form action='?do=option' method='post'>

      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />

      <center></div><input type='submit' value='Submit'/></center></form>";


         }else{
            echo 'Please login to view your options!';
         }

      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];

      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }

      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }

      //Find if entered data is correct

      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];


         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")

      ?>

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

How To Decrypt Password Which Is Encrypted By Sha($password) Technique.

Similar Tutorials

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
kc = e.keyCode?e.keyCode:e.which;
sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>

      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }



   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>

<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>

Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

Moved: Password Security During Password Reset

Similar Tutorials

This topic has been moved to Application Design.

http://www.phpfreaks.com/forums/index.php?topic=353345.0

Question About After A Script Is Executed

Similar Tutorials

so a user fills out a form, data gets sent to send.php then if successful redirects back to index.php, how on that index.php can i get it to say, sent successfully?