Recovering passwords within MYSQL?

Anon

Question for you, I am creating a login and I will have an option to recover your password if you forget it. This will be done by re-entering your question you choosen and the answer you gave. How can I, within php, make a script that will, depending on what they choose, verify their question/answer and then spit out an email to their email address specified in the mysql database with a randomized password?

Thanks
Brian

Anon

Store the password question and answer in the DB. When you need to verify just call the info from the DB and match it with the info they entered.
====passwordrecovery.php====

Enter your username: <INPUT TYPE = "TEXT" NAME = "username">

Enter the email you wish to send the password to: <INPUT TYPE = "TEXT" NAME = "email">

</FORM>

====example of verifyscreen.php====

<?php
//connect to DB
@mysql_connect('localhost', 'dbusername', 'dbpass');
@mysql_select_db('DB');

//call info from DB

$query = "SELECT password, passquestion, passanswer FROM yourtablehere WHERE id = '$username'";

$result = mysql_query($query);

while($passinfo = mysql_fetch_array($result, MYSQL_ASSOC){

//question

echo("Password question for, ".$passinfo[\"username\"].".<p>");

echo($passinfo["passquestion"]);

}
?>

Answer: <INPUT TYPE = "TEXT" NAME = "verifyanswer">

</FORM>

====example of verify.php====
<?php

if($verifyanswer == $passinfo["passanswer"]){

mail("$email", "Your password is $passinfo[\"password\"]", "From: youremail@ddress.com\r\nReply-to:youremail@ddress.com");

echo("Your password has been sent to ".$email.".");
}
else {

echo("The answer you entered was not correct, try again.");

Anon

Err.. I think I found some errors in this code..

You may have to put the ending parenthesis of the while statement AFTER the form stuff. Although I don't know if the while statement carries over to the form.. plus.. aahhhhh, take the array out 😛

I screwed that code up 😛

It's close to this, I'm sure you can figure it out.