?
Solved

Having user choose his own password

Posted on 2007-11-29
28
Medium Priority
?
172 Views
Last Modified: 2013-12-12
I have a login page where users can enter teir email address and a default password. I want to set it up in a way that users can enter any email address but the password has to be default. Also when they enter the default password, it should ask them to choose a new password and set their emailaddress and the new password as their login credentials.
so if John comes to the site, he can enter John@test.com and use a default password thats given to him which is abc123, then once the default password is proved to br correct it should be a part withing the same page that becomes available where john can set his new passwrod with his email address as john@test.com

Thanks
0
Comment
Question by:syedasimmeesaq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 7
  • 5
  • +1
28 Comments
 
LVL 8

Expert Comment

by:netmunky
ID: 20377353
you can have a user provide their email address, then use mail() to send a temporary password (either fixed or random). in the user table, add a boolean flag mustchangepass (or similar). when they login with the password that is sent to them, if the boolean is true, forward them to a password change page (which will unset the boolean). if the boolean is false, allow them to login normally.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378085
Actually i tried to do something like this but it has some errors may be this give an idea


         <?PHP
 
require_once('con_info.php');
 
// Add slashes to the username, and make a md5 checksum of the password.
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_result($result, 0);
 
if (!$num) {
 
// When the query didn't return anything,
// display the login form.
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} else {
 
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass and $newpass!="" and $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
												   
		    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
else
{
echo "NOT MATCHED";
}
}
?> 

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378105
You had some syntax errors,
 <?PHP
 
require_once('con_info.php');
 
// Add slashes to the username, and make a md5 checksum of the password.
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_result($result, 0);
 
if (!$num) {
 
// When the query didn't return anything,
// display the login form.
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} else {
 
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass and $newpass!="" and $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
                                                                                                   
                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
 
}
else
{
echo "NOT MATCHED";
}
}
?> 

Open in new window

0
Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378123
But now its not inserting the data into the table users.
Thanks
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378159
Small change from:
$newpass == $conpass and $newpass!="" and $conpass!=""

to
$newpass == $conpass && $newpass!="" && $conpass!=""

 <?PHP
 
require_once('con_info.php');
 
// Add slashes to the username, and make a md5 checksum of the password.
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_result($result, 0);
 
if (!$num) {
 
// When the query didn't return anything,
// display the login form.
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} else {
 
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass && $newpass!="" && $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
                                                                                                   
                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
 
}
else
{
echo "NOT MATCHED";
}
}
?> 

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378214
hmm it still is not adding the records to the table
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378311
what possibly could be wrong ..I checked the code again and again..it just doesn't insert into the table
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378313
then it simply means that this condition:
$newpass == $conpass && $newpass!="" && $conpass!=""

is not being satisfied. Check that you are passing using POST (not GET) and check that $newpass and $conpass actually contain something.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378375
ok it is strange..how come I am inserting the value in the testboxes but it shows in echo that $newpass and $conpass is empty
Thanks
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378408
What is the point of this?
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];

Also i think there is something wrong with the logic of your script, i don't think you should have the login form and what you are trying to do in the same script.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378430
Nizsmo. Thank you again for helping. I am trying to do what I mentioned above. How could I reset the logic to achieve what I describedd in question above

Thank you
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378452
Try something like this, not sure if it will work since I have no way of testing.
 <?PHP
 
require_once('con_info.php');
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
 
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass && $newpass!="" && $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
                                                                                                   
                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
 
}
else
{
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}
?> 

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378570
nope that doesn't work either
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378573
as a side note, never ever supply user provided data directly to a query. always use mysql_real_escape_string() (or mysqli_prepare if you are using msyqli instead of msyql)
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378584
yea I was going to add that later on but I am trying to make this thing work first. The last script you sent took the first part out. But I just wanted to see if it will insert the data into table or not and it didn't

Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378607
add some debug prints
ie -
if ($newpass == $conpass && $newpass!="" && $conpass!="")
{ print "i should be insertingg"; }
else { print "something didn't match"; }

check mysql_errno() or mysql_error() after your query and see if it is having some sort of problem at the database level with your query.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378638
I have a field in table called ID which is primary key and autoincrement..could that matter?
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378649
>>>>>>>>>check mysql_errno() or mysql_error() after your query and see if it is having some sort of problem at the database level with your query.

  how do I do that?
Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378691
$resultUpdate = mysql_query($query);
if( mysql_errno() ) { die( mysq_errno() .": ". mysql_error() ); }

http://us3.php.net/mysql_query does not specify what mysql_query() will return for an INSERT statement, so I don't know if the code you have right now for mysql_error checking is sufficient or not
0
 
LVL 3

Expert Comment

by:HMoellendorf
ID: 20379336
Use the following snippet to test the queries:
$resultUpdate = mysql_query($query);
if( !$resultUpdate ) { die( mysq_errno() .": ". mysql_error() ); }

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20380005
>>nope that doesn't work either

Can you elaborate? What doesn't work and what gets outputted? Any errors?
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382816
its not giving any errors using the above. However its still not inserting new records into the table

Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382853
isn't this insert statement worng

$query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";

souldn't we be using set with update and not with insert.

And if it is wrong, what would be the right statement.
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382968
shouldn't it be
 $query = "insert into " . $row[0] . " (pass, user) Values ('$_POST['user'],'$newpass'";
instead of
$query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
?
Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20382986
yes
set is only for update
ie - update table set pass=... where user=...
but you forgot the closing ) on your insert

$query = "insert into {$row[0]} (pass, user) Values ('{$_POST['user']},'$newpass')";
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384402
ok I have this now ..but its not inserting the values
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
       
        if($dbuser==$user && $dbpass==$pass) {
       
                echo "You entered a username & password";
       
        }else{
       
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>

<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";

if($_POST['newpass'] == $_POST['confirmpass'])
{
            $insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";
            $resultinsert = mysql_query($insertquery);
       
        }
            else {
            echo " your password didn't match";
            
}
 
 }
}
?>
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384463
This code inserts the record but not in same row.
So the user name is in different row than the password
how can I fix it
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass'])
{
		$insertquery = "insert into users (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";
		$resultinsert = mysql_query($insertquery);
        
        }
		else {
		echo " your password didn't match";
		
}
 
 }
}
?>

Open in new window

0
 
LVL 21

Accepted Solution

by:
nizsmo earned 2000 total points
ID: 20385445
Try this:
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass'])
{
		$insertquery = "UPDATE users SET pass='{$_POST['newpass']}' WHERE user='{$_POST['user']}'";
		$resultinsert = mysql_query($insertquery);
        
        }
		else {
		echo " your password didn't match";
		
}
 
 }
}
?>

Open in new window

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question