Solved

Having user choose his own password

Posted on 2007-11-29
28
168 Views
Last Modified: 2013-12-12
I have a login page where users can enter teir email address and a default password. I want to set it up in a way that users can enter any email address but the password has to be default. Also when they enter the default password, it should ask them to choose a new password and set their emailaddress and the new password as their login credentials.
so if John comes to the site, he can enter John@test.com and use a default password thats given to him which is abc123, then once the default password is proved to br correct it should be a part withing the same page that becomes available where john can set his new passwrod with his email address as john@test.com

Thanks
0
Comment
Question by:syedasimmeesaq
  • 15
  • 7
  • 5
  • +1
28 Comments
 
LVL 8

Expert Comment

by:netmunky
ID: 20377353
you can have a user provide their email address, then use mail() to send a temporary password (either fixed or random). in the user table, add a boolean flag mustchangepass (or similar). when they login with the password that is sent to them, if the boolean is true, forward them to a password change page (which will unset the boolean). if the boolean is false, allow them to login normally.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378085
Actually i tried to do something like this but it has some errors may be this give an idea


         <?PHP
 
require_once('con_info.php');
 
// Add slashes to the username, and make a md5 checksum of the password.
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_result($result, 0);
 
if (!$num) {
 
// When the query didn't return anything,
// display the login form.
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} else {
 
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass and $newpass!="" and $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
												   
		    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
else
{
echo "NOT MATCHED";
}
}
?> 

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378105
You had some syntax errors,
 <?PHP
 
require_once('con_info.php');
 
// Add slashes to the username, and make a md5 checksum of the password.
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_result($result, 0);
 
if (!$num) {
 
// When the query didn't return anything,
// display the login form.
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} else {
 
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass and $newpass!="" and $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
                                                                                                   
                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
 
}
else
{
echo "NOT MATCHED";
}
}
?> 

Open in new window

0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378123
But now its not inserting the data into the table users.
Thanks
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378159
Small change from:
$newpass == $conpass and $newpass!="" and $conpass!=""

to
$newpass == $conpass && $newpass!="" && $conpass!=""

 <?PHP
 
require_once('con_info.php');
 
// Add slashes to the username, and make a md5 checksum of the password.
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 
$num = mysql_result($result, 0);
 
if (!$num) {
 
// When the query didn't return anything,
// display the login form.
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='passdef'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
} else {
 
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass && $newpass!="" && $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
                                                                                                   
                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
 
}
else
{
echo "NOT MATCHED";
}
}
?> 

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378214
hmm it still is not adding the records to the table
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378311
what possibly could be wrong ..I checked the code again and again..it just doesn't insert into the table
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378313
then it simply means that this condition:
$newpass == $conpass && $newpass!="" && $conpass!=""

is not being satisfied. Check that you are passing using POST (not GET) and check that $newpass and $conpass actually contain something.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378375
ok it is strange..how come I am inserting the value in the testboxes but it shows in echo that $newpass and $conpass is empty
Thanks
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378408
What is the point of this?
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];

Also i think there is something wrong with the logic of your script, i don't think you should have the login form and what you are trying to do in the same script.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378430
Nizsmo. Thank you again for helping. I am trying to do what I mentioned above. How could I reset the logic to achieve what I describedd in question above

Thank you
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378452
Try something like this, not sure if it will work since I have no way of testing.
 <?PHP
 
require_once('con_info.php');
 
// Start the login session
//session_start();
 
// We've already added slashes and MD5'd the password
//$_SESSION['user'] = $_POST['user'];
//$_SESSION['pass'] = $_POST['pass'];
//header ('Location: district.php');
 
 
$newpass = $_POST['pass'];
//$_POST['pass'] = SHA256::hash($_POST['pass']); 
$conpass = $_POST['conpass'];
if ($newpass == $conpass && $newpass!="" && $conpass!=""){
$result = mysql_list_tables(users);
while ($row = mysql_fetch_row($result)) {
        
                                                                                                   
                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
            $resultUpdate = mysql_query($query);
            if(!$resultUpdate){
                die(mysql_error());
      
}
 
}
 
}
else
{
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New Password: <input type='text' name='pass'><br><br>
Confirm Password : <input type='text' name='conpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
}
?> 

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378570
nope that doesn't work either
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378573
as a side note, never ever supply user provided data directly to a query. always use mysql_real_escape_string() (or mysqli_prepare if you are using msyqli instead of msyql)
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378584
yea I was going to add that later on but I am trying to make this thing work first. The last script you sent took the first part out. But I just wanted to see if it will insert the data into table or not and it didn't

Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378607
add some debug prints
ie -
if ($newpass == $conpass && $newpass!="" && $conpass!="")
{ print "i should be insertingg"; }
else { print "something didn't match"; }

check mysql_errno() or mysql_error() after your query and see if it is having some sort of problem at the database level with your query.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378638
I have a field in table called ID which is primary key and autoincrement..could that matter?
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378649
>>>>>>>>>check mysql_errno() or mysql_error() after your query and see if it is having some sort of problem at the database level with your query.

  how do I do that?
Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378691
$resultUpdate = mysql_query($query);
if( mysql_errno() ) { die( mysq_errno() .": ". mysql_error() ); }

http://us3.php.net/mysql_query does not specify what mysql_query() will return for an INSERT statement, so I don't know if the code you have right now for mysql_error checking is sufficient or not
0
 
LVL 3

Expert Comment

by:HMoellendorf
ID: 20379336
Use the following snippet to test the queries:
$resultUpdate = mysql_query($query);
if( !$resultUpdate ) { die( mysq_errno() .": ". mysql_error() ); }

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20380005
>>nope that doesn't work either

Can you elaborate? What doesn't work and what gets outputted? Any errors?
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382816
its not giving any errors using the above. However its still not inserting new records into the table

Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382853
isn't this insert statement worng

$query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";

souldn't we be using set with update and not with insert.

And if it is wrong, what would be the right statement.
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382968
shouldn't it be
 $query = "insert into " . $row[0] . " (pass, user) Values ('$_POST['user'],'$newpass'";
instead of
$query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
?
Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20382986
yes
set is only for update
ie - update table set pass=... where user=...
but you forgot the closing ) on your insert

$query = "insert into {$row[0]} (pass, user) Values ('{$_POST['user']},'$newpass')";
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384402
ok I have this now ..but its not inserting the values
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
       
        if($dbuser==$user && $dbpass==$pass) {
       
                echo "You entered a username & password";
       
        }else{
       
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>

<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";

if($_POST['newpass'] == $_POST['confirmpass'])
{
            $insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";
            $resultinsert = mysql_query($insertquery);
       
        }
            else {
            echo " your password didn't match";
            
}
 
 }
}
?>
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384463
This code inserts the record but not in same row.
So the user name is in different row than the password
how can I fix it
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass'])
{
		$insertquery = "insert into users (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";
		$resultinsert = mysql_query($insertquery);
        
        }
		else {
		echo " your password didn't match";
		
}
 
 }
}
?>

Open in new window

0
 
LVL 21

Accepted Solution

by:
nizsmo earned 500 total points
ID: 20385445
Try this:
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
        
        if($dbuser==$user && $dbpass==$pass) {
        
                echo "You entered a username & password";
        
        }else{
        
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
if($_POST['newpass'] == $_POST['confirmpass'])
{
		$insertquery = "UPDATE users SET pass='{$_POST['newpass']}' WHERE user='{$_POST['user']}'";
		$resultinsert = mysql_query($insertquery);
        
        }
		else {
		echo " your password didn't match";
		
}
 
 }
}
?>

Open in new window

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question