hide the password in the link

add to this the ability to hide the password in the email
and to assign a new random password if the user clicks on the link
<?php
  $host="localhost"; //Host name
  $username="root"; //mysql username
  $password=""; //mysql password
  $db_name="hello"; //database name
  
  //connect to server and select database.
  mysql_connect("$host","$username","$password") or die ("cannot connect to server");
  mysql_select_db("$db_name") or die ("cannot select db");
  //value sent from form
  $email_to=$_POST['email_to'];
  //table name
  $tbl_name=members;
  //retrieve passwords from table where email=$email_to(mark@phpeasystep.com)
  $sql="SELECT password FROM $tbl_name where email='$email_to'";
  $result=mysql_query($sql);
  //if found this e-mail address, row must be 1 row
  //keep value in variable name "$count";
  $count=mysql_num_rows($result);
  // compare if $count=1 row
  if($count==1){
    $rows=mysql_fetch_array($result);
    //keep password in $your_password
    $your_password=$rows['password'];
    //---send mail form----
    //send e-mail to ...
    $to=$email_to;
    //your subject
    $subject="Your password here";
    //from 
    $header="from:your name <your email>";
    //your message
    $messages="Your password for login to our website \r\n";
    $messages.="Your password is $your_password \r\n";
    $messages.="more message..\r\n";
    //send email
    $sentmail=mail($to,$subject,$messages,$header);
    //echo $messages;
  }
  //else if $count not equal 1
  else{
    echo "Not found your email in our database";
  }
  //if your email succesfully sent
  if($sentmail){
    echo "Your Password has been sent to your email address.";
  }
  else{
    echo "Cannot send passwords to your e-mail address";
  }
  
?>

Open in new window

<table width="380" border="0" cellpadding="3" cellspacing="1">
<tr>
<td width="33%"><strong>Enter your email: </strong></td>
<td width="67%"><form name="form1" method="post" action="send_password_ac.php">
<input name="email_to" type="text" id="mail_to" size="25">
<input type="submit" name="Submit" value="Submit">

</form></td>


</tr>



</table>

Open in new window

LVL 1
rgb192Asked:
Who is Participating?
 
StingRaYCommented:
I do not recommend you to expose the user's password in the link. To reset password, you should apply some way else.

For example, generate a unique one time key when the user requests to reset the password and send it to his email. Once user clicks the link with his email address and one time key, create a random password for the record matched the one time key and email address and remove one time key from the database.
0
 
InsoftserviceCommented:
for resetting password.
 provide an email for his approval .
When he clicks to it provide him option to display the password there it self or to get a email
If he wants to see it there itself he can view it or it would be fine if we send him password via email.

Flow would be
           
                       reset password
1> USER      ---------------------------->    SERVER
2> USER      <-----------------------------   SERVER
                      Email for confirmation
                                           
                     Approved
3>   USER     ---------------------------->    SERVER

4> USER      <-----------------------------   SERVER
                      password  display / email
0
 
AlexSoftware EngineerCommented:
Hello rgb192,

If you want to use that for a "forgot password reminder" I don't think that it's a good idea to "hide" it as you said. You have to create a new one, usually an md5 unique string based on email plus a salt and at the end cut some characters of the whole final string and update the password. That will be his/her new password until they updated again via their personal settings.
0
 
rgb192Author Commented:
all work, thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.