generate password

khan1

if a user forgots the password this error page is shown
but i need to generate new password
and to show it on current page
also i need to update users new generated password
in users id in sql database

the password is encrypted using md5 in database
in ibw_users table row as pass


  //check for pwd

$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Incorrect Password<br/><br/>";
echo "<b>0 </b><a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}


$uid = $_GET["loguid"];
$pwd = $_GET["logpwd"];
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE name='".$uid."'"));
$tolog = false;


echo "<head>";
echo "<title>$uid@$sitename</title></head>";
echo "<body>";
  $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
  if($uinf[0]==0)
  {
    echo "<head>";
    echo "<title>Error!!!</title>";
    echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
    echo "</head>";
    echo "<body>";
  }
    $epwd = md5($pwd);
    $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
    if($uinf[0]==0)
    {
    echo "<head>";
    echo "<title>Error!!!</title>";
    echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
    echo "</head>";
    echo "<body>";
  }
  echo "<div><img src=\"../images/logo.gif\" alt=\"logo\"/></div>";
  echo mobads();
  echo "<p align=\"center\">";
  echo "Bookmark THIS page to avoid repeating the login proccess in the future<br/><br/>";

  $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
  if($uinf[0]==0)
  {
    //Check for user ID
    echo "<img src=\"../images/notok.gif\" alt=\"X\"/>UserID doesn't exist<br/><br/>";
  }else{

  //check for pwd

$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Incorrect Password<br/><br/>";
echo "<b>0 </b><a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}

leatherback

Personally, I would never show a password on a page, as you can never be sure that the person requesting it is the right person. Rather, I would send it to their registered email address, which I think is less of a risk?

a random string generator:

function create_random($length)
  {
  $valid_chars = 'azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789';
  $max = strlen($valid_chars)-1;

  $randomout = "";

  for($i=0; $i < $length; $i++) 
    {
    $randomout .= $valid_chars{mt_rand(0, $max)};
    }

  return $randomout;
  }