forgot password script without dictionary

arizona77

Hi, I want to generate the forgot password script to use random numbers and letters. This is primarily because the server this site is on does not have the dictionary installed (at least that is what the IT person says)

I have found several scripts: like
function makeRandomPassword() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$random_password = makeRandomPassword();
echo "Random Password is $random_password";

but don't know what to remove in the script below, and where to add the information above.

any help is appreciated.

function change_password($username, $old_password, $new_password)
// change password for username/old_password to new_password
// return true or false
{
// if the old password is right
// change their password to new_password and return true
// else return false
if (login($email, $old_password))
{
if (!($conn = db_connect()))
return false;
$result = mysql_query( "update mymysql_tbl
set passwd = password('$new_password')
where email = '$email'");
if (!$result)
return false; // not changed
else
return true; // changed successfully
}
else
return false; // old password was wrong
}

function get_random_word($min_length, $max_length)
// grab a random word from dictionary between the two lengths
// and return it
{
// generate a random word
$word = '';
//remember to change this path to suit your system
$dictionary = '/usr/dict/words'; // the ispell dictionary
$fp = fopen($dictionary, 'r');
if(!$fp)
return false;
$size = filesize($dictionary);

// go to a random location in dictionary
srand ((double) microtime() * 1000000);
$rand_location = rand(0, $size);
fseek($fp, $rand_location);

// get the next whole word of the right length in the file
while (strlen($word)< $min_length || strlen($word)>$max_length || strstr($word, "'"))
{

if (feof($fp))

fseek($fp, 0); // if at end, go to start
$word = fgets($fp, 80); // skip first word as it could be partial
$word = fgets($fp, 80); // the potential password
};
$word=trim($word); // trim the trailing \n from fgets
return $word;

}

function reset_password($email)
// set password for username to a random value
// return the new password or false on failure
{
// get a random dictionary word b/w 6 and 13 chars in length
$new_password = get_random_word(6, 13);

if($new_password==false)
return false;
// add a number between 0 and 999 to it
// to make it a slightly better password
srand ((double) microtime() * 1000000);
$rand_number = rand(0, 999);
$new_password .= $rand_number;

// set user's password to this in database or return false
if (!($conn = db_connect()))
return false;
$result = mysql_query( "update mymysql_tbl
set passwd = password('$new_password')
where email = '$email'");
if (!$result)
return false; // not changed
else
return $new_password; // changed successfully

}

function notify_password($email, $password)
// notify the user that their password has been changed
{
if (!($conn = db_connect()))
return false;
$result = mysql_query("select email from mymysql_tbl
where email='$email'");
if (!$result)
{
return false; // not changed
}
else if (mysql_num_rows($result)==0)
{
return false; // username not in db
}
else
{

drawmack

just rewrite the get_random_word function to generate a random word instead of getting one. Like this

<?php
// grab a random word from dictionary between the two // lengths and return it 
function get_random_word($min_length, $max_length) {
    //determine the actual length of the word
    $length = mt_rand($min_length,$max_length);
    $word = '';
    for($i=0;$i<$length;$i++) {
        $gen_what = mt_rand(1,3);
        switch ($gen_what) {
            //append an upper case letter to the word
            case 1:
                $word .= chr(rand(65,90));
                break;
            //append an lower case letter to the word
            case 2:
                $word .= chr(rand(97,122));
                break;
            //append a number to the word
            case 3:
                $word .= chr(rand(48,57));
                break;
        } //end switch
    } //end for
    return $word;
} //end get_random_word
?>

If you just replace this function the rest of the script should continue to work just fine.

arizona77

unfortunately, that did not work. It hangs, then goes to a blank page. here is all of the code in the user_auth_fns.php file, with your code added.

<?php

require_once('db_fns.php');

function register($email,$passwd,$secretquestion,$secretanswer,$fname,$mname,$lname,$title,$company,$street,$city,$state,$zip,$businesstype,$howlearned,$phone,$faxphone,$cellphone,$membercategory,$paymentmethod,$website,$phonetocall,$timetocall)
// register new person with db
// return true or error message
{
// connect to db
$conn = db_connect();
if (!$conn)
return 'Could not connect to database server - please try later.';

// check if username is unique
$result = mysql_query("select * from mytable_tbl where email='$email'");
if (!$result)
return 'Could not execute query';
if (mysql_num_rows($result)>0)
return 'That username is taken - go back and choose another one.';

// if ok, put in db
$result = mysql_query("insert into mytable_tbl values
('$email',password('$passwd'),'$secretquestion','$secretanswer','$fname','$mname','$lname','$title','$company','$street','$city','$state','$zip','$businesstype','$howlearned','$phone','$faxphone','$cellphone','$membercategory','$paymentmethod','$website','$phonetocall','$timetocall',0)");
if (!$result)
return 'Could not register you in database - please try again later.';

return true;
}

function login($email, $passwd)
// check username and password with db
// if yes, return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return false;

// check if username is unique
$result = mysql_query("select * from mytable_tbl
where email='$email'
and passwd = password('$passwd')
and paidflag > '0'");
if (!$result)
return false;

if (mysql_num_rows($result)>0)
return true;
else
return false;
}

function confirm($email, $passwd, $confirm)
// check username and password with db
// if yes, update paidflag and return true
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return false;

// check if username is valid
$result = mysql_query("select * from mytable_tbl
where email='$email'
and passwd = password('$passwd')
and paidflag = '0'");

if (!$result)
return false;
else
{
if (mysql_num_rows($result)>0)
{
$result = mysql_query("update mytable_tbl
set paidflag='$confirm'
where email='$email'");
return true;
}
else
return false;
}
}

function change_password($username, $old_password, $new_password)
// change password for username/old_password to new_password
// return true or false
{
// if the old password is right
// change their password to new_password and return true
// else return false
if (login($email, $old_password))
{
if (!($conn = db_connect()))
return false;
$result = mysql_query( "update mytable_tbl
set passwd = password('$new_password')
where email = '$email'");
if (!$result)
return false; // not changed
else
return true; // changed successfully
}
else
return false; // old password was wrong
}

functionÊget_random_word($min_length,Ê$max_length)Ê{
ÊÊÊÊ//determine the actual length of the word
ÊÊÊÊ$lengthÊ=Êmt_rand($min_length,$max_length);
ÊÊÊÊ$wordÊ=Ê'';
ÊÊÊÊfor($i=0;$i<$length;$i++)Ê{
ÊÊÊÊÊÊÊÊ$gen_whatÊ=Êmt_rand(1,3);
ÊÊÊÊÊÊÊÊswitchÊ($gen_what)Ê{
ÊÊÊÊÊÊÊÊÊÊÊÊ//append an upper case letter to the word
ÊÊÊÊÊÊÊÊÊÊÊÊcaseÊ1:
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ$wordÊ.=Êchr(rand(65,90));
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊbreak;
ÊÊÊÊÊÊÊÊÊÊÊÊ//append an lower case letter to the word
ÊÊÊÊÊÊÊÊÊÊÊÊcaseÊ2:
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ$wordÊ.=Êchr(rand(97,122));
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊbreak;
ÊÊÊÊÊÊÊÊÊÊÊÊ//append a number to the word
ÊÊÊÊÊÊÊÊÊÊÊÊcaseÊ3:
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ$wordÊ.=Êchr(rand(48,57));
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊbreak;
ÊÊÊÊÊÊÊÊ}Ê//end switch
ÊÊÊÊ}Ê//end for
ÊÊÊÊreturnÊ$word;
}

// set user's password to this in database or return false
if (!($conn = db_connect()))
return false;
$result = mysql_query( "update mytable_tbl
set passwd = password('$new_password')
where email = '$email'");
if (!$result)
return false; // not changed
else
return $new_password; // changed successfully

}

function notify_password($email, $passwd)
// notify the user that their password has been changed
{
if (!($conn = db_connect()))
return false;
$result = mysql_query("select email from mytable_tbl
where email='$email'");
if (!$result)
{
return false; // not changed
}
else if (mysql_num_rows($result)==0)
{
return false; // username not in db
}
else
{
$email = mysql_result($result, 0, 'email');
$from = "From: support@mydomaineheh.com \r\n";
$mesg = "Yourpassword has been changed to $password \r\n"
."Please change it next time you log in. \r\n";

  if (mail($email, 'Your login information', $mesg, $from))
    return true;      
  else
    return false;     
}

}

drawmack

might have something to do with all those funky ass characters.

arizona77

I decided to install ispell. All on the site works now.