I am trying to create a forgot password page. I have heard that it is not a good idea to send the original password to the user via email so I am trying to create a random confirmation password that they can use to log into their account and later change the password to whatever they want. So far the problem is it is saying the users email is not in the database when in fact it is. Also, should I update the database to store the random password or will the way I have it work? My database has the tables username, fristname, email, and password. I am asking the user for their email address in a html form then sending it to this php form. This is my first time attempting to do this so it might have a lot of errors, but I found a tutorial to help some so it shouldn't. Thanks for the help.
<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Sending Password</title>
</head>
<body>
<?php
$db_server = "server";
$db_username = "name";
$db_password = "pass";
$con = mysql_connect($db_server, $db_username, $db_password);if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$database = "Test_Members";
$er = mysql_select_db($db_username);
if (!$er)
{
print ("Error - Could not select the database");
exit;
}
//include "session.php";
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$password = createRandomPassword();
$password =$_P0ST['password'];
$email = $_P0ST['email'];
$tbl_name=Account_Holders;
$sql="SELECT password FROM $tbl_name WHERE email='$email'";
$result=mysql_query($sql);
// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"
$count=mysql_num_rows($result);
// compare if $count =1 row
if($count==1){
$rows=mysql_fetch_array($result);
// keep password in $your_password
$your_password=$rows['password']; //will this replace the users password with the random one? That is what I am attempting to do here.
// send e-mail to ...
$to=$email;
// Your subject
$subject="Your Password";
// From
$header="from: Feed The Students";
// Your message
$messages= "Your password for login to our website
";
$messages.="Your password is $your_password
";
$messages.="Please change this password for security reasons. Thank you.
";
// send email
$sentmail = mail($to,$subject,$messages,$header);
}
// else if $count not equal 1
else {
echo "Sorry we did not find your email in our database.";
}
// if your email succesfully sent
if($sentmail){
echo "Your password has been sent to your email address.";
}
else {
echo "We can not send your password at this time.";
}
?>
</body>
</html>
