Emailing lost password.

DSA_ADI

I have created a basic user login in dreamweaver which works great, but can’t seem to find anything in dreamweaver where if the users of my website forgets there login details they can have them emailed to them by inserting there email address in a form.

I have a table named userlogin and the two fields I would like emailed to the user are the “useremail” (useremail is the users login name) and “password”.

Any help will be much appreciated

Peter

benracer

How the usernames and passwords stored?

DSA_ADI

Mysql as text not encrypted

benracer

You would have a form that requests the username address of the user via POST. And run something like this..

<?php
$host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("Error");
$us=$_POST['myusername']; 

$myusername = mysql_real_escape_string($us);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
$row=mysql_fetch_array($result);
$message = "Your password is {$row['password']}";
mail($row['email'],"Your Password", $message);
echo "Password Recovery Email Sent"
}else {
echo "Error The Data Entered Did Not Match Against Our Database";
}
?>

Not tested but should work.

dougal85

You should really store the passwords in the database as a hash and rather than send them their password get a script to randomly generate a new password, email it out and update the hash.

Systems should never be able to see what the password is.