Solved

Having user choose his own password

Posted on 2007-11-29
28
167 Views
Last Modified: 2013-12-12
I have a login page where users can enter teir email address and a default password. I want to set it up in a way that users can enter any email address but the password has to be default. Also when they enter the default password, it should ask them to choose a new password and set their emailaddress and the new password as their login credentials.
so if John comes to the site, he can enter John@test.com and use a default password thats given to him which is abc123, then once the default password is proved to br correct it should be a part withing the same page that becomes available where john can set his new passwrod with his email address as john@test.com

Thanks
0
Comment
Question by:syedasimmeesaq
  • 15
  • 7
  • 5
  • +1
28 Comments
 
LVL 8

Expert Comment

by:netmunky
ID: 20377353
you can have a user provide their email address, then use mail() to send a temporary password (either fixed or random). in the user table, add a boolean flag mustchangepass (or similar). when they login with the password that is sent to them, if the boolean is true, forward them to a password change page (which will unset the boolean). if the boolean is false, allow them to login normally.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378085
Actually i tried to do something like this but it has some errors may be this give an idea


         <?PHP
 

require_once('con_info.php');
 

// Add slashes to the username, and make a md5 checksum of the password.

$_POST['user'] = $_POST['user'];

$_POST['passdef']= $_POST['passdef'];
 

$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");
 

$num = mysql_result($result, 0);
 

if (!$num) {
 

// When the query didn't return anything,

// display the login form.
 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='passdef'><br>
 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";
 

} else {
 

$_POST['user'] = $_POST['user'];

$_POST['passdef']= $_POST['passdef'];
 

// Start the login session

//session_start();
 

// We've already added slashes and MD5'd the password

//$_SESSION['user'] = $_POST['user'];

//$_SESSION['pass'] = $_POST['pass'];

//header ('Location: district.php');
 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

New Password: <input type='text' name='pass'><br><br>

Confirm Password : <input type='text' name='conpass'><br>
 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

$newpass = $_POST['pass'];

//$_POST['pass'] = SHA256::hash($_POST['pass']); 

$conpass = $_POST['conpass'];

if ($newpass == $conpass and $newpass!="" and $conpass!=""){

$result = mysql_list_tables(users);

while ($row = mysql_fetch_row($result)) {

        

												   

		    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";

            $resultUpdate = mysql_query($query);

            if(!$resultUpdate){

                die(mysql_error());

      

}
 

}

else

{

echo "NOT MATCHED";

}

}

?> 

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378105
You had some syntax errors,
 <?PHP

 

require_once('con_info.php');

 

// Add slashes to the username, and make a md5 checksum of the password.

$_POST['user'] = $_POST['user'];

$_POST['passdef']= $_POST['passdef'];

 

$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");

 

$num = mysql_result($result, 0);

 

if (!$num) {

 

// When the query didn't return anything,

// display the login form.

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='passdef'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

 

} else {

 

$_POST['user'] = $_POST['user'];

$_POST['passdef']= $_POST['passdef'];

 

// Start the login session

//session_start();

 

// We've already added slashes and MD5'd the password

//$_SESSION['user'] = $_POST['user'];

//$_SESSION['pass'] = $_POST['pass'];

//header ('Location: district.php');

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

New Password: <input type='text' name='pass'><br><br>

Confirm Password : <input type='text' name='conpass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

$newpass = $_POST['pass'];

//$_POST['pass'] = SHA256::hash($_POST['pass']); 

$conpass = $_POST['conpass'];

if ($newpass == $conpass and $newpass!="" and $conpass!=""){

$result = mysql_list_tables(users);

while ($row = mysql_fetch_row($result)) {

        

                                                                                                   

                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";

            $resultUpdate = mysql_query($query);

            if(!$resultUpdate){

                die(mysql_error());

      

}

 

}
 

}

else

{

echo "NOT MATCHED";

}

}

?> 

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378123
But now its not inserting the data into the table users.
Thanks
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378159
Small change from:
$newpass == $conpass and $newpass!="" and $conpass!=""

to
$newpass == $conpass && $newpass!="" && $conpass!=""

 <?PHP

 

require_once('con_info.php');

 

// Add slashes to the username, and make a md5 checksum of the password.

$_POST['user'] = $_POST['user'];

$_POST['passdef']= $_POST['passdef'];

 

$result = mysql_query("SELECT count(id) FROM users WHERE passdef='" . $_POST['passdef']. "'") or die("Couldn't query the user-database.");

 

$num = mysql_result($result, 0);

 

if (!$num) {

 

// When the query didn't return anything,

// display the login form.

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='passdef'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

 

} else {

 

$_POST['user'] = $_POST['user'];

$_POST['passdef']= $_POST['passdef'];

 

// Start the login session

//session_start();

 

// We've already added slashes and MD5'd the password

//$_SESSION['user'] = $_POST['user'];

//$_SESSION['pass'] = $_POST['pass'];

//header ('Location: district.php');

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

New Password: <input type='text' name='pass'><br><br>

Confirm Password : <input type='text' name='conpass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

$newpass = $_POST['pass'];

//$_POST['pass'] = SHA256::hash($_POST['pass']); 

$conpass = $_POST['conpass'];

if ($newpass == $conpass && $newpass!="" && $conpass!=""){

$result = mysql_list_tables(users);

while ($row = mysql_fetch_row($result)) {

        

                                                                                                   

                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";

            $resultUpdate = mysql_query($query);

            if(!$resultUpdate){

                die(mysql_error());

      

}

 

}
 

}

else

{

echo "NOT MATCHED";

}

}

?> 

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378214
hmm it still is not adding the records to the table
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378311
what possibly could be wrong ..I checked the code again and again..it just doesn't insert into the table
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378313
then it simply means that this condition:
$newpass == $conpass && $newpass!="" && $conpass!=""

is not being satisfied. Check that you are passing using POST (not GET) and check that $newpass and $conpass actually contain something.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378375
ok it is strange..how come I am inserting the value in the testboxes but it shows in echo that $newpass and $conpass is empty
Thanks
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378408
What is the point of this?
$_POST['user'] = $_POST['user'];
$_POST['passdef']= $_POST['passdef'];

Also i think there is something wrong with the logic of your script, i don't think you should have the login form and what you are trying to do in the same script.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378430
Nizsmo. Thank you again for helping. I am trying to do what I mentioned above. How could I reset the logic to achieve what I describedd in question above

Thank you
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20378452
Try something like this, not sure if it will work since I have no way of testing.
 <?PHP

 

require_once('con_info.php');
 

// Start the login session

//session_start();

 

// We've already added slashes and MD5'd the password

//$_SESSION['user'] = $_POST['user'];

//$_SESSION['pass'] = $_POST['pass'];

//header ('Location: district.php');

 
 

$newpass = $_POST['pass'];

//$_POST['pass'] = SHA256::hash($_POST['pass']); 

$conpass = $_POST['conpass'];

if ($newpass == $conpass && $newpass!="" && $conpass!=""){

$result = mysql_list_tables(users);

while ($row = mysql_fetch_row($result)) {

        

                                                                                                   

                    $query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";

            $resultUpdate = mysql_query($query);

            if(!$resultUpdate){

                die(mysql_error());

      

}

 

}
 

}

else

{

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

New Password: <input type='text' name='pass'><br><br>

Confirm Password : <input type='text' name='conpass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

}

?> 

Open in new window

0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378570
nope that doesn't work either
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378573
as a side note, never ever supply user provided data directly to a query. always use mysql_real_escape_string() (or mysqli_prepare if you are using msyqli instead of msyql)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378584
yea I was going to add that later on but I am trying to make this thing work first. The last script you sent took the first part out. But I just wanted to see if it will insert the data into table or not and it didn't

Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378607
add some debug prints
ie -
if ($newpass == $conpass && $newpass!="" && $conpass!="")
{ print "i should be insertingg"; }
else { print "something didn't match"; }

check mysql_errno() or mysql_error() after your query and see if it is having some sort of problem at the database level with your query.
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378638
I have a field in table called ID which is primary key and autoincrement..could that matter?
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20378649
>>>>>>>>>check mysql_errno() or mysql_error() after your query and see if it is having some sort of problem at the database level with your query.

  how do I do that?
Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20378691
$resultUpdate = mysql_query($query);
if( mysql_errno() ) { die( mysq_errno() .": ". mysql_error() ); }

http://us3.php.net/mysql_query does not specify what mysql_query() will return for an INSERT statement, so I don't know if the code you have right now for mysql_error checking is sufficient or not
0
 
LVL 3

Expert Comment

by:HMoellendorf
ID: 20379336
Use the following snippet to test the queries:
$resultUpdate = mysql_query($query);

if( !$resultUpdate ) { die( mysq_errno() .": ". mysql_error() ); }

Open in new window

0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20380005
>>nope that doesn't work either

Can you elaborate? What doesn't work and what gets outputted? Any errors?
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382816
its not giving any errors using the above. However its still not inserting new records into the table

Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382853
isn't this insert statement worng

$query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";

souldn't we be using set with update and not with insert.

And if it is wrong, what would be the right statement.
Thanks
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20382968
shouldn't it be
 $query = "insert into " . $row[0] . " (pass, user) Values ('$_POST['user'],'$newpass'";
instead of
$query = "insert into " . $row[0] . " SET user ='".$_POST['user']."' AND pass = '$newpass'";
?
Thanks
0
 
LVL 8

Expert Comment

by:netmunky
ID: 20382986
yes
set is only for update
ie - update table set pass=... where user=...
but you forgot the closing ) on your insert

$query = "insert into {$row[0]} (pass, user) Values ('{$_POST['user']},'$newpass')";
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384402
ok I have this now ..but its not inserting the values
<?PHP
 
require_once('info.php');
 
$user = mysql_real_escape_string($_POST['user']);
 
$pass = mysql_real_escape_string($_POST['pass']);
 
$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");
 
$num = mysql_num_rows($result);
 
if (!$num) {
 
 
echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
UserName: <input type='text' name='user'><br><br>
Password : <input type='password' name='pass'><br>
 
<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";
 
}else {
 
        list($dbuser,$dbpass) = mysql_fetch_row($result);
       
        if($dbuser==$user && $dbpass==$pass) {
       
                echo "You entered a username & password";
       
        }else{
       
                echo "<h4> <center><br><br>
<form action='$_SERVER[PHP_SELF]' method='post'>
New PassWord: <input type='text' name='newpass'><br><br>
Confirm Password : <input type='password' name='confirmpass'><br>

<br><br>
<input type='submit' size='10' value='Login'>
</form></center></h4>";

if($_POST['newpass'] == $_POST['confirmpass'])
{
            $insertquery = "insert into user (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";
            $resultinsert = mysql_query($insertquery);
       
        }
            else {
            echo " your password didn't match";
            
}
 
 }
}
?>
0
 
LVL 9

Author Comment

by:syedasimmeesaq
ID: 20384463
This code inserts the record but not in same row.
So the user name is in different row than the password
how can I fix it
<?PHP

 

require_once('info.php');

 

$user = mysql_real_escape_string($_POST['user']);

 

$pass = mysql_real_escape_string($_POST['pass']);

 

$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");

 

$num = mysql_num_rows($result);

 

if (!$num) {

 

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

 

}else {

 

        list($dbuser,$dbpass) = mysql_fetch_row($result);

        

        if($dbuser==$user && $dbpass==$pass) {

        

                echo "You entered a username & password";

        

        }else{

        

                echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

New PassWord: <input type='text' name='newpass'><br><br>

Confirm Password : <input type='password' name='confirmpass'><br>
 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";
 

if($_POST['newpass'] == $_POST['confirmpass'])

{

		$insertquery = "insert into users (user, pass) VALUES ('{$_POST['user']}','{$_POST['newpass']}')";

		$resultinsert = mysql_query($insertquery);

        

        }

		else {

		echo " your password didn't match";

		

}

 

 }

}

?>

Open in new window

0
 
LVL 21

Accepted Solution

by:
nizsmo earned 500 total points
ID: 20385445
Try this:
<?PHP

 

require_once('info.php');

 

$user = mysql_real_escape_string($_POST['user']);

 

$pass = mysql_real_escape_string($_POST['pass']);

 

$result = mysql_query("SELECT user,pass FROM users WHERE pass='" . $pass. "'  OR (user='". $user."' AND pass='".$pass."')") or die("Couldn't query the user-database.");

 

$num = mysql_num_rows($result);

 

if (!$num) {

 

 

echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

UserName: <input type='text' name='user'><br><br>

Password : <input type='password' name='pass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

 

}else {

 

        list($dbuser,$dbpass) = mysql_fetch_row($result);

        

        if($dbuser==$user && $dbpass==$pass) {

        

                echo "You entered a username & password";

        

        }else{

        

                echo "<h4> <center><br><br>

<form action='$_SERVER[PHP_SELF]' method='post'>

New PassWord: <input type='text' name='newpass'><br><br>

Confirm Password : <input type='password' name='confirmpass'><br>

 

<br><br>

<input type='submit' size='10' value='Login'>

</form></center></h4>";

 

if($_POST['newpass'] == $_POST['confirmpass'])

{

		$insertquery = "UPDATE users SET pass='{$_POST['newpass']}' WHERE user='{$_POST['user']}'";

		$resultinsert = mysql_query($insertquery);

        

        }

		else {

		echo " your password didn't match";

		

}

 

 }

}

?>

Open in new window

0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now