Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 6 123 ... LastLast
Results 1 to 15 of 82
  1. #1
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts

    Question Best way to allow users to reset a password.

    Just wondering what the best way is to allow a user to change their password?

    Currently, I am thinking to write a page where they enter their username.

    Then, I was going to send the user an email, containing a link to click.

    The link contains a different page with a form with a field to enter a new password.

    Is that good enough or is there a better way to do this?

    Thank you in advance for your thought and ideas.

    Regards,

    LC.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Thats about the only way really LC other than get them to confirm a secret security question answer that they sent when registering when they click that link.

    It's never a good idea to store passwords as plaintext and send them by email, storing them as a hash and emailing them a link is really the only practical way.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Ok thank you for confirming that.

    How do I determine which user's password to reset? Do I have to pass the user id along in the url when I write the email? Then use that on the page where they enter their new password?

    I put a 'draft' version online but it doesn't seem to be sending me an email when I register, which it is supposed to.

    Here is my code:
    PHP Code:
    //write email after data is successully inserted.
          
    $to $email;
          
    $subject "Thank you for registering at Demo-Central!";
          
    $message "Welcome ".$user."<br />\n<br />\n";
          
    $message .= "Thank you for registering at Demo-Central.<br />\n";
          
    $message .= "You can now enjoy the ability to upload your own demos to show off and also <br />\n";
          
    $message .= "editing your own profile to make yourself unique. Below you will find your login details:<br />\n<br />\n";
          
    $message .= "Your username is:".$user."<br />\n";
          
    $message .= "Your password is:".$pass."<br />\n<br />\n";
          
    $message .= "Please save this email to ensure you can retrieve your username or password should you forget it.<br />\n<br />\n";
          
    $message .= "We look forward to watching you.<br />\n<br />\n";
          
    $message .= "Kind regards,<br />\n<br />\n";
          
    $message .= "Demo-Central Administrator.";
          
          if(
    mail($to,$subject,$message)){
             echo 
    "You have successfully registered! You will be contacted shortly with your login details.<br />";
             echo 
    "Please follow the <a href='login.php'>link</a> to the login page.";
             exit(
    0);
          }
          else{
             echo 
    "You have successfully registered but there was an error sending your email.<br />";
             echo 
    "You are still able to login. Please contact the site administrator at flipmodeskwaud@hotmail.co.uk to report the problem.<br />";
             echo 
    "Follow the link to the <a href='login.php'>login</a> page.";
             exit(
    0);
          } 
    It is saying that the email successfully sent so the mail function seems to be returning true...

    Do you know if there is anything I should look into on my host?

    Kind regards,

    LC.
    Last edited by LearningCoder; 10-02-2012 at 10:14 PM.

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    You can send an email in any part of your code that you want.

    mail() or any other mailing function, script or program you may want to use, doesn't depend on a mysql connection.

    If you're not receiving an email and you're using the mail() function then you need to look at the 4th and 5th parameter. This is quite a common problem with so many tutorials teaching you to only use the first three parameters.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    So they require headers?

    Regards,

    LC.

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Yes but not in the http sense. Well, yes in the way that the headers are at the top of the email seperated by a blank line (like http) but no in the fact that email headers work a bit differently. For the mail() function you have to supply any extra headers as a parameter, not using a header() call.

    See this: http://www.php.net/mail

    That will help you out with the additional parameters.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #7
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Heh I was just on there. Thought it would just work with a simple 3 parameters.

    I did have a brief scan over the header part but it was a bit complicated. I'll go over it again.

    Regards,

    LC.

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by LearningCoder View Post
    Thought it would just work with a simple 3 parameters.
    No I'm afraid not! Unfortunately though, many tutorials teach you to use it with just 3 parameters - no idea why, it just seems to be common practice. My first PHP BOOK (yes, book that I paid money for) did the very same thing
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #9
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Heh so what headers would you say are 'required'?

    It says the 'From:' header is but i'm not sure on content-type, mime-version, reply-to,x-mailer etc.

    I'm sure I read somewhere that you need to include the mime-version or content-type header if you are sending html??

    Regards,

    LC.

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    If you're sending html email then you're best off using a class called phpmailer (google). It's a lot more complex but it'll save you a lot of hassle in the long run.

    If you're just sending plain text emails, then all you really need is the From header.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #11
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Awesome. I wasn't sure that because I was sending a link inside the email, whether or not it would be classed as sending html?

    Also, when the user enters their username to be reset and I send them an email, do I have to pass their specific ID through the URL of the link? Or can I just pass their username through and use that in the query??

    Kind regards,

    LC.

  • #12
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by LearningCoder View Post
    Awesome. I wasn't sure that because I was sending a link inside the email, whether or not it would be classed as sending html?
    Many email clients will automaticallt turn a url into a hyperlink even if its just a plain text emai.

    Quote Originally Posted by LearningCoder View Post
    Also, when the user enters their username to be reset and I send them an email, do I have to pass their specific ID through the URL of the link? Or can I just pass their username through and use that in the query??
    It's entirely up to you really. Using a username IMO is a security risk - anyone could use that url if they know other users usernames (eg from your forums). What I would personally do is to create a unique key (uniqid() is useful for that) and store it in the users table in a column called reset (which is also unique). Then use that in the url. When a user clicks the link you select the record by the key and do your thing
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • Users who have thanked tangoforce for this post:

    LearningCoder (10-03-2012)

  • #13
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Ah thank you. I'll read into uniqid() right now and see where I get to.

    store it in the users table in a column called reset (which is also unique)
    When you say the table column is also unique, what do you mean by that? You mean just explicitly create a separate column or is there a special way to make it unique?

    Kind regards,

    LC.

  • #14
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Yes in phpmyadmin you can set a column to be unique. If you try to insert a duplicate value it will reject it.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #15
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Would you suggest I use the two parameters which are passed to uniqid()?

    I notice they are both optional. It looks like it may be a good idea to use the second and set it to TRUE?

    Thank you for your help so far.

    Kind regards,

    LC.


  •  
    Page 1 of 6 123 ... LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •