Learn VBA & Macros in 1 Week!

PHP - Set Password Script Is Not Working

Full Excel VBA Course - Beginner to Expert

Set Password Script Is Not Working	View Content

here is my change password script (This is being done by the admin)

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

require 'connect.php';

if(isset($_POST['change'])) {

	$newp = trim($_POST['npass']);
	$confp = trim($_POST['cpass']);

	if(empty(trim($newp))) {

		echo "<h3><center>You did not enter a new password!</center></h3>";

		exit();

	} if(empty(trim($confp))) {

		echo "<h3><center>You must confirm the password!</center></h3>";

		exit();

	} if($confp !== $newp) {

		echo "Passwords do not match!, try again.";
	} else {

		$sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '";

		echo " ".$row['username']."\s password has been reset! ";
	}
}

?>

<html><title>  Change password  </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head>
<body>
<div id="form">
	<form action='' method='POST'>
	<h2><b><center>Change Password</center></b></h2><br>
	<tr>
	<td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br>
	<td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br>
	<td><input type="submit" name="change" value="Change!" /></td>
</tr>
</form>
</div><!-- end of form div -->
</body>
</html>

I'm getting

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32

And it say's

\s password has been reset!

It's saying that the variable row is undefined, it's defined in my edit user / select user page

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

session_start();

require 'connect.php';

echo "<title>  Edit a user  </title>";

$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
   	echo "<div id='l'><tr><td>{$row['username']}</td>&nbsp;|
        <td><a href='editUser.php?id={$row['id']}'>Edit User</a>&nbsp;|</td>
        <td><a href='changepassword.php?id={$row['id']}'>Change Password</a>&nbsp;|</td>
        <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br>
        </tr></div>\n";
}


?>

Also it doesn't actually UPDATE the password.

Full Excel VBA Course - Beginner to Expert

Checking Password Length With If Statement Not Working! (register Script)

Similar Tutorials

View Content

This is my registering script:

<?php
include('connectvars.php');

$user_email = strip_tags(trim($_POST['email']));
$firstname = strip_tags(trim($_POST['firstname']));
$lastname = strip_tags(trim($_POST['lastname']));
$nickname = strip_tags(trim($_POST['nickname']));
$password = strip_tags($_POST['password']);
$repassword = strip_tags($_POST['repassword']);
$dob = $_POST['dob'];
$find_us_question = strip_tags(trim($_POST['find_us_question']));

if (isset($_POST['submit_signup'])) {

if ((empty($user_email)) || (empty($firstname)) || (empty($lastname)) || (empty($nickname)) || (empty($password)) || (empty($dob))) {

echo "Please fill out all the fields!";

} else {
// check char length of input data
if (($nickname > 30) || ($firstname > 30) || ($lastname > 30) || ($user_email > 50)) {

echo "Your nickname, first- and/or lastname seem to be too long, please make sure you have them below the maximum allowed length of 30 characters!";

} else {

// check password char length
if (($password > 25) || ($password < 6)) {
echo "Your password must be between 6 and 25 characters!";

} else {
// encrypt password
$password = sha1($password);
$repassword = sha1($repassword);

if ($password != $repassword) {
echo "Please make sure your passwords are matching!";

} else {

$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

$query = sprintf("INSERT INTO user (firstname, lastname, nickname, password, email, dob, doj) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', now())",
mysqli_real_escape_string($dbc, $firstname),
mysqli_real_escape_string($dbc, $lastname),
mysqli_real_escape_string($dbc, $nickname),
mysqli_real_escape_string($dbc, $password),
mysqli_real_escape_string($dbc, $user_email),
$dob);

mysqli_query($dbc, $query);

mysqli_close($dbc);

echo "You have been successfully registered!";

}

}
}
}
}

?>

A bunch of nested if statements, the read-ability gets worse after a while, I'm new to programming so I don't know if there's a better more read-able solution.

Anyway, every time I try to sign up it's printing out the echo message:
"Your password must be between 6 and 25 characters!"

Which derives from:

// check password char length
if (($password > 25) || ($password < 6)) {
echo "Your password must be between 6 and 25 characters!";

} else {

EVEN if I stay between 6 and 25 characters it's still printing out this error message, let's say I have a password of 8 characters, and I've entered everything else correctly, it's still giving me all the time this error message, and I can not figure out why.

Password Reset Not Working

Similar Tutorials

View Content

Hi, I have a php password reset script that is not updating the database, or there is some other reason the new password reset is giving me a "wrong password" error on trying to use it. Any help Greatly appreciated! Thank you.

Code: [Select]
<?php

define('IN_SCRIPT', true);
// Start a session
session_start();

ini_set ("display_errors", "1");
error_reporting(E_ALL);

$host = " ";
$database = " ";
$username = " ;
$password = " ";
$tbl_name = " ";

$conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error());

if($conn)
{
mysql_select_db($database);
echo "connected to database!!";
} else {
echo "failed to select database";
}

//this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info
//use error('foobar');
function error($msg) {
?>
<html>
<head>
<script language="JavaScript">

</script>
</head>
<body>
</body>
</html>
<?
exit;
}

//This functions checks and makes sure the email address that is being added to database is valid in format.
function check_email_address($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}

if (isset($_POST['submit'])) {

if ($_POST['forgotpassword']=='') {
error('Please Fill in Email.');
}
if(get_magic_quotes_gpc()) {
$forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
}
else {
$forgotpassword = htmlspecialchars($_POST['forgotpassword']);
}
//Make sure it's a valid email address, last thing we want is some sort of exploit!
if (!check_email_address($_POST['forgotpassword'])) {
error('Email Not Valid - Must be in format of name@domain.tld');
}
// Lets see if the email exists
$sql = "SELECT COUNT(*) FROM users WHERE email = '$forgotpassword'";
$result = mysql_query($sql)or die('Could not find member: ' . mysql_error());
if (!mysql_result($result,0,0)>0) {
error('Email Not Found!');
}

//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, 8);

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

// Make a safe query
$query = sprintf("UPDATE `users` SET `password` = '%s'
WHERE `email` = '$forgotpassword'",
mysql_real_escape_string($newpassword));

mysql_query($query)or die('Could not update members: ' . mysql_error());

//Email out the infromation

$site_name = "MYSITECOM";
$site_email = "noreply@MYSITE.COM";
$subject = "Your New Password";
$message = "Your new password is as follows:
----------------------------
Password: $emailpassword
----------------------------
Please make note this information has been encrypted into our database

This email was automatically generated.";

if(!mail($forgotpassword, $subject, $message, "FROM: $site_name <$site_email>")){
die ("Sending Email Failed, Please Contact Site Admin! ($site_email)");
}else{
error('New Password Sent!.');
}

}

else {
?>
<form name="forgotpasswordform" action="" method="post">
<table border="0" cellspacing="0" cellpadding="3" width="100%">
<caption>
<div>Forgot Password</div>
</caption>
<tr>
<td>Email Address:</td>
<td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td>
</tr>
<tr>
<td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td>
</tr>
</table>
</form>
<?
}
?>

Update Password Script

Similar Tutorials

View Content

I have a script to let the user update their password, when I submit it i get a 500 error and I'm not sure.

Here is the code:
If (isset($_POST['update-password'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['oldpw'] || !$_POST['pass'] || !$_POST['pass2'] ) {
$error="<span style=";
$error .="color:red";
$error .=">";
$error .= "You did not complete all of the required fields";
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location /useredit.php');
exit;
}

// checks if the password is correct
$pass = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
$check = mysql_real_escape_string("SELECT * FROM YBK_Login WHERE pass = '{$pass}'");
mysql_query($check) or die( 'Query string: ' . $check . '<br />Produced an error: ' . mysql_error() . '<br />' );

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
$error="<span style=";
$error .="color:red";
$error .=">";
$error .= 'Your passwords did not match.';
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location: /useredit.php');
exit;
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['pass2'] = addslashes($_POST['pass2']);
}

// now we insert it into the database
mysql_real_escape_string($insert = "UPDATE `YBK_Login` SET `pass` = '{$_POST['pass']}', `HR` = '{$_POST['pass2']}', `comment` = '{$_POST['oldpw']}' WHERE `ID` = {$_COOKIE['UID_WatsonN']}");
mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );
$error="<span style=";
$error .="color:green";
$error .=">";
$error .= "<p>Thank you, your password has been updated.</p>";
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location: /useredit.php');
exit;
}

Reset Password Script Help

Similar Tutorials

View Content

This works up until if (email == email2){
What is wrong? Is it a problem with the queries?

if(isset($_SESSION['rest']) || isset($_SESSION['chef'])){ header('Location:index.php');}

if (isset($_POST['submit'])) {

$errors = array();

// VALIDATION SCRIPT HERE

$newpass = generatepassword();

$link = mysql_connect("****","*****","******") or die ("Could not connect!");
mysql_select_db("****");
$query = "SELECT `username`, `type` FROM `users` WHERE `username`='$username'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))

{$type = $row['type'];}

$numrows = mysql_num_rows($result);
if ($numrows!=1){

$errors[] = 'Username not Found (Usernames are case sensitive)';}

if($email == '' || $username == ''){

$errors[] = 'Please Fill in all Fields';}

if (empty($errors)){

if ($type = 1){

$res1 = mysql_query("SELECT `username`,`email` FROM `rests` WHERE `username`='$username'");

while($row1 = mysql_fetch_array($res1))

{$email2 = $row1['email'];}
}else{

$res2 = mysql_query("SELECT `username`,`email`

FROM `chefs` WHERE `username`='$username'");

while($row2 = mysql_fetch_array($res2))

{$email2 = $row2['email'];}

if ($email2 == $email)
{

echo $newpass;

mysql_query("UPDATE `users` SET `password` = '$newpass' WHERE `username`='$username'");

//SEND EMAIL

$my_email = 'enquiries@bakerdesigns.co.uk';

$email_from = 'Chef Match';

$email_subject = "Your New Password :: Chef Match";

$message = "Your new password is $newpass<br>You may change this via your control panel later.";

$referer = $_SERVER['HTTP_REFERER'];
    $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];
    if ($referer != $this_url) {
        echo "You do not have permission to use this script from another URL.";
        exit; }

$from = "From: $email2\r\n";
    mail($email2, $email_subject, $message, $from);

    $thanks = 'An email has been sent to $email2 containing your new password. Please check your junk folder.';

}}
}else{$errors[] = 'Email did not match Username';
$thanks = 'Email could not be sent.';}
}

Lost Password Script

Similar Tutorials

View Content

Okay I am a beginner and haven't coded in months. I am trying to find a tutorial or help figuring out how to build a lost password script for user log-in system I built a while ago.

Can anyone help with either something that works that I can learn from, a tutorial somewhere?

thanks
Tim

Forgot Password Page Is Not Working...

Similar Tutorials

View Content

I paid someone to develop my site and for some reason the Forgot Password page is not working. Once the user types in their email address and submits, nothing happens. The user should get a message displayed instantly letting them know if the password was sent or if their account was not found.

Any help would be greatly appreciated!

Code: [Select]
[php]
<?
include_once "connect.php";
if(isset($_SESSION['RES_LoginID']) && $_SESSION['RES_LoginID']!="")
{
echo "<script>window.location='myprofile.php';</script>";
exit;
}

// code to send mail to user (account details)
if(isset($_REQUEST["btnLogin"]))
{
$sel="select name,email,password from users where email='".$_REQUEST['RES_EMAIL']."'";
$urs=mysql_query($sel);
if (mysql_affected_rows()>0) // send mail if mail existing in database
{
$row=mysql_fetch_array($urs);
$name=$row['name'];
$username=$row['email'];
$password=$row['password'];

$message="<link href='".WEBSITEURL."site.css' rel='stylesheet' type='text/css' />
<body>
<table border=0 cellspacing='5' cellpadding=0 width=600 align='center' class='purple_11'>
<tr><td>
$SITE_LOGO<br><br>
Dear <b>".$name."</b>,<br><br>

Your login details a <br>
Username : $username<br>
Password : $password<br>
<br><br>
Login at: <a href='".WEBSITEURL."login.php' target='_blank'>$SITE_NAME</a><br><br><br>
Thank You,<br>
$SITE_NAME
</td></tr></table>
</body>";

$sub="Forgot Password?";

SendHTMLMail($username,$sub,$message,ADMIN_MAIL);

$redirect="<script>window.location='forgot_password.php?msgs=1';</script>";
}
else // if mail doesnot match
{
$redirect="<script>window.location='forgot_password.php?msgs=2';</script>";
}
echo $redirect;
exit;
}

// generate message for display
$msg="";
if(isset($_REQUEST['msgs']))
{
switch($_REQUEST['msgs'])
{
case 1 : $msg="Your password sent successfully.";
break;
case 2 : $msg="Email Address does not exists.";
break;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="keywords" content="<?=$KEYWORD?>" />
<link rel="shortcut icon" href="images/favicon.gif">
<title><?=$SITE_TITLE?></title>
<link href="site.css" rel="stylesheet" type="text/css" />
<script language="javascript">
function valid_login()
{
form=document.frmLogin;
if(form.RES_EMAIL.value=="")
{
alert("Please enter your email.")
form.RES_EMAIL.focus();
return false;
}
else if (!(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(form.RES_EMAIL.value)))
{
alert("Please enter a proper email address.");
form.RES_EMAIL.focus();
return false;
}
else
{
form.submit();
}
}
</script>
</head>

<body onload="MM_preloadImages('images/about-us-hover.jpg','images/my-pofile-hover.jpg','images/help-hover.jpg','images/home.jpg')">
<table width="1000" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="1251" align="center" valign="top" class="main_bg"><table width="850" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="153" align="left" valign="top"><? include_once "top.php"; ?></td>
</tr>
<tr>
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="18"></td>
</tr>
<tr>
<td><table width="822" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="11" align="left" valign="top"><img src="images/white-crv1.jpg" width="11" height="11" /></td>
<td width="100%" height="11" class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td>
<td width="11" align="right" valign="top"><img src="images/white-crv2.jpg" width="11" height="11" /></td>
</tr>
<tr>
<td width="11" class="gray-left-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td>
<td align="center"><? include("gad_hori.php");?></td>
<td width="11"class="gray-rightt-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td>
</tr>
<tr>
<td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv3.jpg" width="11" height="11" /></td>
<td height="11" class="gray-bot-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td>
<td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv4.jpg" width="11" height="11" /></td>
</tr>
</table></td>
</tr>
<tr>
<td height="73" align="left" valign="top"></td>
</tr>
<tr>
<td align="left" valign="top"><table width="822" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="587" align="left" valign="top"><table width="587" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="19"><img src="images/gray-left-crv.jpg" width="19" height="247" /></td>
<td width="321" align="left" valign="top" class="gry-bg-rpt">
<form name="frmLogin" id="frmLogin" action="" method="post">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="20"></td>
</tr>
<tr>
<td height="27" class="gray-bot-bdr red-txt20" valign="top">Forgot Password?</td>
</tr>
<tr>
<td height="25" align="center" valign="middle" class="red-txt12"><?=$msg;?></td>
</tr>
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" height="22" align="left" style="padding-left:15px;"><strong>Please enter your E-mail address to get the password .</strong></td>
</tr>
<tr height="15"><td> </td></tr>
<tr>
<td width="33%" align="center"><strong>Email Address :</strong></td>
<td width="67%"><input name="RES_EMAIL" type="text" class="input" style="width:176px; height:20px;"/></td>
</tr>

<tr>
<td> </td>
<td height="40" align="center">
<input type="submit" name="btnLogin" value="" class="btn_submit" title="Sign In" onclick="return valid_login();" />
</td>
</tr>
<tr>
<td> </td>
<td height="25" align="left" valign="bottom">Know your password? <a href="login.php">Login here</a></td>
</tr>
</table></td>
</tr>
</table>
</form>
</td>
<td width="247" align="left" valign="top" class="red-box2"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="88"> </td>
<td> </td>
</tr>
<tr>
<td width="77"> </td>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="85" align="left" valign="top"><img src="images/dont-acc.jpg" width="135" height="65" hspace="10" /></td>
</tr>
<tr>
<td height="40" align="left" valign="top"><a href="register.php"><img src="images/register-but.jpg" alt="Register Here" width="146" height="30" border="0" /></a></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
</table></td>
<td width="235" align="right" valign="top"><? include("square_ads.php");?></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td valign="top"><? include_once "bottom.php"; ?></td>
</tr>
</table></td>
</tr>
</table>
</body>
</html>[/php]

My Reset Password Link Is Not Working Now.

Similar Tutorials

View Content

for some reason the password reset part of my site has stopped working and I am very sure that nothing has been altered in the related files since they was created.

a visitor clicks 'reset password' link on our site and is taken to the following file which initiates the reset password routine. the visitor would get a link they need to click for the password to be altered and emailed to them.

this first file does update the database with a `changeofpasswordcode`and this is emailed as it should be.

Code: [Select]
<?PHP
include('includes/connection.php');
include('includes/functions.php');
date_default_timezone_set('Europe/London');

if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset Password') {

$email = mysql_real_escape_string($_POST['email']);

$checkConfirmed = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verifyCode != '' LIMIT 1");
$checkEmail = mysql_query("SELECT account_id FROM customers WHERE email='$email' LIMIT 1");
$checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
$checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

if(!$email) {
$thisError = 'Please enter your e-mail address.';
} else if(! mysql_num_rows($checkEmail)) {
$thisError = 'That email address is not registered with us.';
} else if(mysql_num_rows($checkConfirmed)) {
$thisError = 'Your email address has not been verified, please check your email and following instructions within.';
} else if(mysql_num_rows($checkVerify)) {
$thisError = 'Your account has not been approved by an Admin.';
} else if(mysql_num_rows($checkBanned)) {
$thisError = 'Your account has been suspended by an Admin.';
} else {
//
}
}

include('includes/header.php');
?>
<body>

<div class="headerBar">
<? include('includes/navigation.php');?>
</div>

<? headerText(); ?>

<div class="content">
<div class="widthLimiter contentStyle">
<div class="formWrapper" style="width: 500px;">
<? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
<? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
<span class="subHeader">Initiate Password Reset</span>
<? // password reset
$useremail = isset($_POST['email']) != '' ? trim($_POST['email']) : '' ;
if ($useremail != "") {
// get email and password and email them
$sql = "SELECT * FROM `customers` WHERE (`email` = '" . mysql_real_escape_string($useremail) . "') LIMIT 1";
$res = mysql_query($sql);
$email = @mysql_result($res, 0 ,'email');
$customerName = @mysql_result($res, 0 ,'fullname');
if(@mysql_num_rows($res) && @mysql_result($res, 0 ,'verified') == "Yes" && @mysql_result($res, 0 ,'suspended') == "No") {
if(@mysql_result($res, 0 ,'changeofpasswordcode') != "") {
$randomcode = @mysql_result($res, 0 ,'changeofpasswordcode');
} else { $randomcode = CreatePasswordResetCode();
}
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['randomcode'] = $randomcode;
createEmailSend('passwordReset', 'Request to reset your password', 'customer');
$format = 'Y-m-d H:i:s'; $date = date( $format );
// set value in DB that email WAS sent
$sql = "UPDATE `customers` SET `changeofpasswordcode` = '" . $randomcode . "', `newpasswordrequestedon` = '" . $date . "' WHERE `email` = '" . mysql_real_escape_string($email) . "' LIMIT 1";
$res = mysql_query($sql);
?><br /><br /><div>You will shortly receive an email which contains a reset password link,<br>please check your email and click this link to reset your password.<br /><br />A new password will then be emailed to you.</div><?
} else { // not valid username entered.
?><br /><br /><div>If you are having trouble accessing your account please let us know<br />via <a href="mailto:admin@tm2cars.co.uk">email</a> and we shall look into this
for you A.S.A.P.</div><?
}
} else { ?><br /><br /><div style=""><form method="post" action="">Please enter your Email Address for your account in the<br>field below and click 'Reset' to initiate a password reset.<br /><br /><input name="email" type="text" size="25"><input type="submit" name="reset" value=" Reset Password"></form></div>
<?
} ?>
</div>
</div>
</div>
<? include('includes/footer.php');?>
</body>
</html>

once they get their email they click the link which taken them to the next page which would perform the change of password and have it emailed to them. the link has the correct `changeofpasswordcode` which is in the database but when the link is clicked the page says that the code is not valid as it is not in the DB. and then it removes the `changeofpasswordcode`

it should only remove the `changeofpasswordcode` once the new password is setup and emailed, so that the link can not be used again.

what i do not understand is why the second file does this, can anyone see what i might be doing wrong ? or what could be causing this ?

Code: [Select]
<?PHP
include('includes/connection.php');
include('includes/functions.php');
date_default_timezone_set('Europe/London');

if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset') {

$email = mysql_real_escape_string($_POST['email']);

$checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
$checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

if(!$email) {
$thisError = 'Please enter your e-mail address.';
} else if(!$password) {
$thisError = 'Please enter your password.';
} else if(mysql_num_rows($checkVerify)) {
$thisError = 'Your account has not been approved by an Admin.';
} else if(mysql_num_rows($checkBanned)) {
$thisError = 'Your account has been suspended by an Admin.';
} else {
$password = md5($password);

$checkAccount = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND password='$password' LIMIT 1");
if(mysql_num_rows($checkAccount)) {
$_SESSION['FM_user'] = $email;
header('Location: members.php'); exit;
} else {
$thisError = 'Your e-mail address and/or password is incorrect.';
}
}
}

include('includes/header.php');
?>
<body>

<div class="headerBar">
<? include('includes/navigation.php');?>
</div>

<? headerText(); ?>

<div class="content">
<div class="widthLimiter contentStyle">
<div class="formWrapper">
<? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
<? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
<span class="subHeader">Initiate Password Reset</span>
<?
// include("sendmail2010.php");
$securitycode = stripstring($_GET[pwr]);
if ($securitycode != "") { $sql = "SELECT * FROM `customers` WHERE `changeofpasswordcode` = '".mysql_real_escape_string($securitycode)."' LIMIT 1";
$res = mysql_query($sql);
if (@mysql_num_rows($res) && $securitycode != "") {
$customerName = @mysql_result($res, 0 ,'fullname');
$email = @mysql_result($res, 0 ,'email');
$yourpasswordtologin = CreateNewPassword();
$format = 'Y-m-d H:i:s'; $date = date( $format );
$sql = "UPDATE `customers` SET `password` = '" . md5(mysql_real_escape_string($yourpasswordtologin)) . "', `changeofpasswordcode` = '', `newpasswordrequestedon` = '' WHERE `changeofpasswordcode` = '" . mysql_real_escape_string($securitycode) . "' LIMIT 1";
$res = mysql_query($sql);
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['generatePass'] = $yourpasswordtologin;
createEmailSend('newPassword', 'Your new password', 'customer');
?><div style="margin: 30px;">Thank you for completing your password reset process.<br><br>An email with a randomly generated password has been sent to your email address, please check your email account for this email as you will need this password to access your <?=$_SESSION['siteName'];?> account.<br><br><strong><em>Please check your 'spam folder' in case our emails are showing up there.</em></strong><br><br>You may now <a href="<?=$_SESSION['webAddress'];?>">sign in</a> to your account.</div><?
} else { ?><div style="margin: 20px;">Sorry the link you clicked is and old password reset link or is not valid, please delete the email.<br><br>If you were trying to reset your password, please click the<br>'Member Login' link on our site and then click the 'Reset Password' link.</div><?
}
} ?>
</div>
</div>
</div>
<? include('includes/footer.php');?>
</body>
</html>

Forgot Password/username Script

Similar Tutorials

View Content

I'm having a little issue with this script. It's returning:

"Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89"
(Line 89 is: $num_rows1 = mysql_num_rows($result1)

and

"New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance."

I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why?

I also checked what is returned in the $result1 variable and it's the number 1.

Code: [Select]
elseif($_GET['forgot']=="password"){

function &generatePassword($length=9, $strength=0) {
$vowels = 'aeiuy';
$consonants = 'bcdfghjkmnpqrstwz';
if ($strength & 1) {
$consonants .= 'BCDFGJLMNPQRSTVXZ';
}
if ($strength & 2) {
$vowels .= "AEIUY";
}
if ($strength & 4) {
$consonants .= '23456789';
}
if ($strength & 8) {
$consonants .= '@#$%';
}

$password = '';
$alt = time() % 2;
for ($i = 0; $i < $length; $i++) {
if ($alt == 1) {
$password .= $consonants[(rand() % strlen($consonants))];
$alt = 0;
} else {
$password .= $vowels[(rand() % strlen($vowels))];
$alt = 1;
}
}
return $password;
}

$new_password =& generatePassword();

$username=$_POST['username'];
$sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'";
$result=mysql_query($sql);
$num_rows = mysql_num_rows($result);

if($num_rows==1){
$sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'";
$result1=mysql_query($sql1);
$num_rows1 = mysql_affected_rows($result1);

if($num_rows1==1){
$content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />';
$message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen.
Below is the newly generated password:

Password: '.$new_password.'

Once you log-in, please change your password.

Thank You,
Make the Movie Happen Support Team
';
mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com');
}

else{
$content.='New password could not be generated.
If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.';
}

}
else{
header("Location: ./index.php?forgot&e=1");
}
}

Php Password Change Script With Validation ??

Similar Tutorials

View Content

Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code :

<?php
session_start();
include "connection.php";
//include_once('header1.php');
$msg="";

if($_SERVER['REQUEST_METHOD']=='POST' &&
empty($_POST['username']) ||
empty($_POST['password']) ||
empty($_POST['newpass']) ||
empty($_POST['newpassconfirm'])

)
{
$msg="empty fields";
}

{
$user=$_POST['username'];
$pass=$_POST['password'];
$newpass=$_POST['newpass'];
$confirmpass=$_POST['newpassconfirm'];

$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result)
{
$msg="The Username You Entered Does not Exist";
}
elseif($pass!= mysql_result($result,0))
{
echo $msg="You Entered An Incorrect Password";
}
if($newpass != $confirmpass)
{ $msg = "Passwords do not match"; }
elseif($newpass=$confirmpass)
$sql=mysql_query("update user set password='$newpass' where username ='$user'");

if($sql)
{
echo "Congrats you have successfully changed your password.";
}
header('refresh:3 databases.php');
}
{
?>

<html>
<body>
<?php echo $msg ; ?>
<form class="changepass" action="changepass.php" method="POST"><P>
<table><tr><td>
Enter ur username :</td> <td> <input type="text" name="username" /></td></tr>
<tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr>
<tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr>
<tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr>
<tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr>

</table>

</form>
</body>
</html>

<?php }?>

Encrypt Password In Login Script

Similar Tutorials

View Content

Hi.

I have made a login script, but I would wan't to encrypt the password.
I followed a tutorial and got this:
login.php
<?php
$password = "secret";

echo $password;
/* displays secret */

$password = sha1($password);

echo $password;
/* displays e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 */
?>
<form action="validate.php" method="post">
  <label for="username">Username</label>
  <input type="text" name="username" id="username" />
  <br />
  <label for="password">Password</label>
  <input type="password" name="password" id="password" />
  <br />
  <input type="submit" name="submit" value="Submit" />
</form>
<?php
?>

validate.php

<?php
include "setup.php";

/* get the incoming ID and password hash */
$username=$_POST['username'];
$password=$_POST['password'];
$password=md5($password); // Encrypted Password

/* establish a connection with the database */
$server = mysql_connect("$db_host", "$db_username","$db_password");
if (!$server) die(mysql_error());
mysql_select_db("$database");


/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'";

/* query the database */
$result = mysql_query($query);

/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
  echo "Access Granted: Welcome, $username!";
else
  echo "Access Denied: Invalid Credentials.";

mysql_close($server);
?>

Its the line $password=md5($password); // Encrypted Password
that messes everything up.
If I delete it and login, everything is fine, if I add it it says Code: [Select]
Access Denied: Invalid Credentials
I need help with this one!
And if someone have time, give me some ideas how to make PHP scripts safer!

Regards
Worqy

Lost Username/password Script

Similar Tutorials

View Content

I've never actually done a username password, retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW?

thanks!

Trouble With Password Recovery Script

Similar Tutorials

View Content

Hi,

I'm very new to PHP.

I've been working on this code for password recovery for a week and I'm pretty close, but I'm having problems understanding why I keep getting the:

"Can not send password to your email address". I know for certain that it has found the email in the table, but why is it still having problems sending? There are no other error messages thrown.

Code: [Select]
function frm_lostpass()
{
global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo;
if(isset($_GET['check']) and trim($_GET['check'])=='ok')
{
$email = $In->get('email',0,'');
$sql_check ="SELECT Count(m.Email) AS numrows FROM tbl_member AS m\n"
."WHERE m.Email = '$email'\n";
$numrow=$db->sql_get_first($sql_check);
if($numrow['numrows']!=1)
{
return "<center>Email not found !</center>";
}
else
{

global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo;

// value sent from form
$email_to=$_POST['email_to'];

// retrieve password from table where e-mail = $email_to
$sql ="SELECT m.Password FROM tbl_member AS m\n"
."WHERE m.Email = '$email'\n";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email_to;

// Your subject
$subject="Your password here";

// From
$header="example@example.com";

// Your message
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $your_password \r\n";
$messages.="more message... \r\n";

// send email
$sentmail = mail($to,$subject,$messages,$header);

}

// else if $count not equal 1
else {
return "That email address is not found in our database";
}

// if your email succesfully sent
if($sentmail){
return "&emsp;&emsp;Your Password Has Been Sent To Your Email Address.";
}
else {
return "&emsp;&emsp;Cannot send password to your e-mail address";
}

}
}
else
{
$skn ->set_file( 'lost_pass', 'member/frm_lostpass.html' );
return $skn -> output('lost_pass');
}
}

Forget Password/registration Emails Not Working

Similar Tutorials

View Content

I've somehow lost the password for my account, but when I use the forget password link, it says that it sent a reset link, yet I never get it. Additionally, when I registered this temporary account to report the problem, I didn't receive a confirmation email for that either.

Magento 1.9.2.3 Customer Password Reset Not Working

Similar Tutorials

View Content

Forgot Your Password Not working at the customer end, how to solve this error? Reset Password Email not sending to the customer mail account.

Edited June 13, 2019 by aveeva

Problem With Mysqli (password-reset Script)

Similar Tutorials

View Content

<?php

if (isset($_POST['reset-submit'])) {
    $selector = $_POST['selector'];
    $validator = $_POST['validator'];
    $password = $_POST['password'];
    $password2 = $_POST['password2'];

    // probably better to check this earlier
    if (empty($password) || empty($password2)) {
        header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator");
    } elseif ($password !== $password2) {
        header("Location: ../create-new-password.php?newpassword=passwordsnotmatch");
    }

    $currentDate = date("U");

    require "dbh.inc.php";
    
    $sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate";
    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo "SQL error 1";
        exit();
    } else {
        mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate);
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        
        if (!$row = mysqli_fetch_assoc($result)) {
            echo 'You need to re-submit your reset request.';
            exit();
        } else {
            $tokenBin = hex2bin($validator);
            $tokenCheck = password_verify($tokenBin, $row['token']);

            if (!$tokenCheck) {
                echo 'You need to re-submit your reset request.';
                exit();
            } else {
                $email = $row['email'];
                $sql = "SELECT * FROM users WHERE email = $email";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    echo "SQL error 2";
                    exit();
                } else {
                    mysqli_stmt_bind_param($stmt, 's', $email);
                    mysqli_stmt_execute($stmt);
                    $result = mysqli_stmt_get_result($stmt);
                    if (!$row = mysqli_fetch_assoc($result)) {
                        echo "SQL error 3";
                        exit();
                    } else {
                        $sql = "UPDATE users SET password=? WHERE email=?";
                        $stmt = mysqli_stmt_init($conn);
                        if (!mysqli_stmt_prepare($stmt, $sql)) {
                            echo "SQL error4 ";
                            exit();
                        } else {
                            $hashed_password = password_hash($password, PASSWORD_DEFAULT);
                            mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email);
                            mysqli_stmt_execute($stmt);
                            $sql = 'DELETE FROM reset_password WHERE email=?';
                            $stmt = mysqli_stmt_init($conn);
                            if (!mysqli_stmt_prepare($stmt, $sql)) {
                                echo 'SQL error5';
                                exit();
                            } else {
                                mysqli_stmt_bind_param($stmt, 's', $email);
                                mysqli_stmt_execute($stmt);
                                header("Location: ../signup.php?newpassword=updated");
                            }
                        }
                    }
                }
            }
        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);

    header('Location: ../reset-password.php?reset=success');
} else {
    header('Location: ../index.php');
}

I always get this errors:

Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 30
You need to re-submit your reset request.

But i dont find the mistake in the Code. Can someone help me please

Php Password Recovery With Secret Question Script

Similar Tutorials

View Content

I am needing help designing password recover script.

This script must include a password recovery script.

I am needing for the person to reset there password, need to first answer a form named: Your Email.

If the email is found, it goes to another form that asks for the secret answer.

Then it goes to a form that asks the answer of there secret question that they entered when they first signed up.

If the answer is correct it updates the database table value of the password with a random string generated with:

abcdefghijklmnopqrstuvwxyz023456789

And it also, sends that password to the email provided.

What I am wanting to know, is how would the code with the if statements would be structured like and the column types and names.

Or if anyone has ever created something like this, and would be glad to post a snippet of there code would be great.

Password Protect Code W/ Custom Input Fields Not Working. Help! :)

Similar Tutorials

View Content

I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?:
Quote

<?php
// Define your username and password
$username = "<?php echo $custom_74; ?>";
$password = "<?php echo $custom_16; ?>";
if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {
?>
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?php
}
else {
?>

I close the code correctly.
<?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above.

Thanks, Gene

My Php Is Not Working When I Enter A Username And A Password But Works When I Send The Login Form Empty. What Am I Doing Wrong?

Similar Tutorials

View Content

I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection):

$id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'";

$realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena];

$func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];

//Login if(!empty($username)) { // Check the email with database
$userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); // Get the result $userexistsres = $userexists->fetchColumn(); // Check if result is greater than 0 - user exist if( $userexistsres == 1) { if ($bloqueado == NO) { if ($password != $realpass) { die("contrasena incorrecta"); } Else{ $_SESSION['loguin']="OK"; $_SESSION['username']="$username"; header("Location: ./index.php"); } } Else{ die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. } Else{ die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; } ?>

Change Password... Doesnt Seem To Work, Just Resets Password

Similar Tutorials

View Content

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];

            echo "

               <h4>Options for:</h4>   $username
               <br />
               <br />
               First name:   $firstname

               <br />Last name:   $lastname

   <br /><br /><h3>Want to change your password:</h3><br />

      <form action='?do=option' method='post'>

      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />

      <center></div><input type='submit' value='Submit'/></center></form>";


         }else{
            echo 'Please login to view your options!';
         }

      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];

      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }

      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }

      //Find if entered data is correct

      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];


         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")

      ?>

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

How To Decrypt Password Which Is Encrypted By Sha($password) Technique.

Similar Tutorials

View Content

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
kc = e.keyCode?e.keyCode:e.which;
sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>

      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }



   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>

<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>

Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........