PHP Login System with Admin Features

This forum was created to talk about the PHP Login System with admin features created by jpmaster77 on evolt's website


    Forgot Pass Confirmation function...

    Share

    NTGre

    Number of posts : 2
    Registration date : 2007-05-17

    Forgot Pass Confirmation function...

    Post  NTGre on Thu May 17, 2007 9:22 am

    Hello.
    I just wrote a simple code about Forgot Pass problem...
    http://evolt.org/PHP-Login-System-with-Admin-Features?from=1150&comments_per_page=50

    I ll copy all my code Here.....

    CHANGE PASSWORD CONFIRMATION

    1)constans.php

    Code:
    define("TBL_USERS_FORGOT", "users_forgot");

    2)process.php

    change to......

    Code:
    function procLogin(){
          global $session, $form;
          /* Login attempt */
          $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
         
          /* Login successful */
          if($retval){
         //#### DELETE USER FROM users_forgot IF IS THERE ......
         $qdelfromusers_forg="DELETE FROM users_forgot WHERE username='$session->username' ";                                //////ADDED 3 lines to delete the user from users_forgot
         $resultdelfromusers_forg = mysql_query($qdelfromusers_forg) or die("Error in qdelfromusers_forg: ".mysql_error());      //////and to uset SESSION['passinprogress']
        
         unset ($_SESSION['passinprogress']);
            header("Location: ".$session->referrer);
          }
          /* Login failed */
          else{
            $_SESSION['value_array'] = $_POST;
            $_SESSION['error_array'] = $form->getErrorArray();
            header("Location: ".$session->referrer);
          }
      }
    and......

    Code:
     * procForgotPass - Validates the given username then if
        * everything is fine, a new password is generated and
        * emailed to the address the user gave on sign up.
        */
      function procForgotPass(){
          global $database, $session, $mailer, $form;
          /* Username error checking */
          $subuser = $_POST['user'];
          $field = "user";  //Use field name for username
          if(!$subuser || strlen($subuser = trim($subuser)) == 0){
            $form->setError($field, "* Username not entered<br>");
          }
          else{
            /* Make sure username is in database */
            $subuser = stripslashes($subuser);
            if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
                !eregi("^([0-9a-z])+$", $subuser) ||
                (!$database->usernameTaken($subuser))){
                $form->setError($field, "* Username does not exist<br>");
            }
          }
         
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
            $_SESSION['value_array'] = $_POST;
            $_SESSION['error_array'] = $form->getErrorArray();
          }
          /* Generate new password and email it to user */### Insert To users_forgot the RANDOM KEY AN mail user asking for confirmation
          else
         {
               //### GENERATE RANDOM FORGOT_PASS CODE
              function randomkeys($length)
                     {
                     $pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
                     for($i=0;$i<$length;$i++)
                     {
                       $key .= $pattern{rand(0,35)};
                     }
                     return $key;
                     }               
                   $randcon_forgot = randomkeys(15);
                                    
               /* Generate new password */
                 //  $newpass = $session->generateRandStr(8);
           
            /* Get email of user */
            $usrinf = $database->getUserInfo($subuser);
            $email  = $usrinf['email'];
               //### Check IF User already is in users_forgot
             $query_isforgoten = "SELECT * FROM ".TBL_USERS_FORGOT." WHERE username='$subuser'";
             $result_isforgoten = mysql_query($query_isforgoten) or die("Error in $query_isforgoten: ".mysql_error());
             $nr_isforgoten = @mysql_num_rows( $result_isforgoten );
           
           if($nr_isforgoten>0) //// User is in users_forgot table
           {
              $_SESSION['passinprogress'] = true;
           }
           else /////User is not in users_forgot table
           {
          
              //### Attempt to send the email with RANDCON_FORGOT
              if($mailer->sendconfirmforgot($subuser,$email,$randcon_forgot))
              {
                /* Email sent, update database */
                
                //### Insert to users_forgot e-mail and $randcon_forgot
                mysql_query("INSERT INTO ".TBL_USERS_FORGOT." VALUES ('$subuser' ,'$email', '$randcon_forgot' , now() )")or die (mysql_error());
                //echo"query = $q<br>";
       
                //$database->updateUserField($subuser, "password", md5($newpass));
                $_SESSION['forgotpass'] = true;
              }
              /* Email failure, do not change password */
              else
              {
                $_SESSION['forgotpass'] = false;
              }
            }
          }
         
          header("Location: ".$session->referrer);
      }

    3) in mailer.php add ...

    Code:
    //###### SEND CONFIRMATION MAIT TO FORGOT PASS
      function sendconfirmforgot($user,$email,$randcon_forgot){
          $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
          $subject = "Blablabla - Password Change Confirmation";
          $body = $user.",\n\n"
                ."PLEASE Confirm that you REALY WANT to change your pass "
                ."by Clicking the link  "
                ."http://www.blablabla.com/index.php?p=loghead&l=confirmreg&randomforgot=".$randcon_forgot." \n\n"
                ."blablabla.com";
               
          return mail($email,$subject,$body,$from);
      }

    4)in confirmreg.php this is the new page that you have to create....

    Code:
    $randomforgot=$_GET['randomforgot'];

    $query = "SELECT * FROM `users_forgot` WHERE `random_forgot` = '$randomforgot'";
                $result = mysql_query($query);
                $row = mysql_fetch_array($result);
                $user_forgot=$row['username'];
                
                
                if (mysql_num_rows($result)==0)
                echo " <h1>Change Password Confirmation </h1>
                      <p><h1>Failed OR Expired !!!</h1></p>
                     <p>Try to ender again your confirmation link.<p>";
                    
                else
                {
                  //// Find users INFOS
                          
                 /* Generate new password */
                 $newpass = $session->generateRandStr(8);
                   
                 /* Get email of user */
                 $usrinf = $database->getUserInfo($user_forgot);
                 $email  = $usrinf['email'];
                
                 /* Attempt to send the email with new password */
                 if($mailer->sendNewPass($user_forgot,$email,$newpass)){
                   /* Email sent, update database */
                   $database->updateUserField($user_forgot, "password", md5($newpass));
                   //### DELETE From user_forgot the USER
                   $del_forg_user="DELETE FROM `users_forgot` WHERE username='$user_forgot' "; 
                   $result_del_forg_user = mysql_query($del_forg_user);
                                                 
                   unset ($_SESSION['forgotpass']);
                   unset ($_SESSION['passinprogress']);
                   
                   echo "<p><h1>Change Password Confirmation Completed !!!</h1></p>
                         <p>A new Password is sended to your given e-mail addreass</p>
                         <p>You can Change your new Password to something easier to remeber</p>
                         <p>by clicking User Edit after you LOG-IN</p>";
                 }
                 /* Email failure, do not change password */
                 else{
                   $_SESSION['forgotpass'] = false;
                 }
                
                            
                }

    5) in forgotpass.php ....just add thisbefore...

    Code:
    if (isset($_SESSION['passinprogress']))////Change Pass in Progress
    {
       if ($_SESSION['passinprogress'])
       {
          echo "<h1>Waiting for Confirmation !!!</h1>
             <p>Check in your given e-mail for a Confirmation LINK </p>";
       }
    }
    /**
     * Forgot Password form has been submitted and no errors
     * were found with the form (the username is in the database)
     */
    else if(isset($_SESSION['forgotpass'])){  ////////The code as it is.................


    PLS HELP ME TO MAKE IT PERFECT.....
    avatar
    Fred-Eric

    Number of posts : 63
    Registration date : 2007-05-13

    Re: Forgot Pass Confirmation function...

    Post  Fred-Eric on Thu May 17, 2007 2:13 pm

    Really nice addons, I will test it and implemented in my dev site and wich I will be able to give you some feedback about to make it perfect...

    Can you include the 'users_forgot.sql' files to add the table into the database.

    NTGre

    Number of posts : 2
    Registration date : 2007-05-17

    Did you tested it????

    Post  NTGre on Fri May 25, 2007 3:47 am

    Hi..Fred-Eric...
    Did you tested my code???
    What you think???
    avatar
    Fred-Eric

    Number of posts : 63
    Registration date : 2007-05-13

    Re: Forgot Pass Confirmation function...

    Post  Fred-Eric on Fri May 25, 2007 9:36 pm

    NTGre wrote:Hi..Fred-Eric...
    Did you tested my code???
    What you think???

    Cannot test it I miss some info in the "users_forgot" table

    How many field into this table, and what are they?



    Column count doesn't match value count at row 1
    avatar
    Fred-Eric

    Number of posts : 63
    Registration date : 2007-05-13

    Re: Forgot Pass Confirmation function...

    Post  Fred-Eric on Fri May 25, 2007 9:39 pm

    Also received the confirmation

    xxxxxxx,

    PLEASE Confirm that you REALY WANT to change your pass by Clicking the link http://www.blablabla.com/index.php?p=loghead&l=confirmreg&randomforgot=wzydwdgxngnihoo

    blablabla.com

    But you didn't include the change that must be done in the index files (main.php) to keep it original...

    spylinux

    Number of posts : 1
    Registration date : 2007-06-11

    about the new table

    Post  spylinux on Mon Jun 18, 2007 9:39 am

    Hi NTGre,

    can you include the sql file, i need try this modifications!

    Thanks cheers
    avatar
    s.w.vanderlaan

    Number of posts : 19
    Age : 38
    Localisation : The Netherlands
    Registration date : 2009-03-22

    Re: Forgot Pass Confirmation function...

    Post  s.w.vanderlaan on Thu May 14, 2009 8:22 am

    Hi all,

    I am having some issues with the forgot my password function: it doesn't work...
    At first I thought: oh it's just my settings on the server, but it isn't, since registration is no issue...

    Can anyone please help?

    Also the above solution might help, but what is the format of the table?

    Cheers.
    avatar
    bman900

    Number of posts : 14
    Registration date : 2009-05-09

    Re: Forgot Pass Confirmation function...

    Post  bman900 on Thu May 14, 2009 9:42 pm

    s.w.vanderlaan wrote:Hi all,

    I am having some issues with the forgot my password function: it doesn't work...
    At first I thought: oh it's just my settings on the server, but it isn't, since registration is no issue...

    Can anyone please help?

    Also the above solution might help, but what is the format of the table?

    Cheers.

    If you can post your database and session codes here and maybe I can help.
    avatar
    s.w.vanderlaan

    Number of posts : 19
    Age : 38
    Localisation : The Netherlands
    Registration date : 2009-03-22

    Re: Forgot Pass Confirmation function...

    Post  s.w.vanderlaan on Sun May 17, 2009 4:13 pm

    Hey Bman900,

    Here you. As you can see, I changed a couple of things, but I don;t think I changed the Forgot My Password function... Would be great if you could help.
    But...
    both files are very big (too big for these pages)... So which parts would you like to see?

    Cheers,

    Sander
    avatar
    bman900

    Number of posts : 14
    Registration date : 2009-05-09

    Re: Forgot Pass Confirmation function...

    Post  bman900 on Sun May 17, 2009 6:26 pm

    Seeing the whole thing can help, just email it to me, balint2005_at_gmail_dot_com
    avatar
    Apollo

    Number of posts : 9
    Registration date : 2010-03-22

    Re: Forgot Pass Confirmation function...

    Post  Apollo on Wed Apr 07, 2010 10:13 pm

    I take this mod will ask for confirmation on whether the user wants to change their password? I realised that anyone can type in a username and thats it changed there password without their concent.

    Has anyone got it to work? I cant be bothered to test it just now, iv been coding for weeks now and my heads abit numb.
    avatar
    wasim

    Number of posts : 3
    Registration date : 2010-12-01

    dear

    Post  wasim on Wed Dec 01, 2010 2:10 am

    I will test it and implemented in my dev site and wich I will be able to give you some feedback about to make it perfect.
    Company Formation
    Company Registration

    Sponsored content

    Re: Forgot Pass Confirmation function...

    Post  Sponsored content


      Current date/time is Tue Sep 19, 2017 9:32 am