Password Recovery

[kalo93]

Ok i am trying to make a password recovery page in php.

I have already made the registration where you enter an identification number.

then if you have forgotten your password, just enter the username and the identification number you registered with, it would display the password.

i already have the design and stuff ready.

heres the code i have:

PHP Code:

<form action="?op=recover" method="post">
  <p>Password Recovery</p>
  <table width="200" border="0">
    <tr>
      <td>Username:</td>
      <td><input name="user" type="text" class="liteoption" id="user" size="15" maxlength="15" />
      *</td>
    </tr>
    <tr>
      <td>ID Number:</td>
      <td><input name="identify" type="text" class="liteoption" id="identify" size="15" maxlength="5" />
        *</td>
    </tr>
  </table>
  <p><input name="submit" type="submit" class="liteoption" value="Submit" /></p>
</form> 


all i need is the processing of the username and the identification number to display the password, so if someone could be kind enough to post a code, that would help alot.

[Hack]

Where are the user name and identification number stored?

[kalo93]

In a mysql database.

in the database the username is called AccountId and the identification is called Identification.

[rafzig155]

Ok, You have password. Do you have any coding on this pasword like md5() or password()? If you have md5() you can't do recovery because md5 not work for 2 way ( you can code in md5 but you can't encode it), all do you mast do if you have md5 is after input user name and identification number, go to page where user can change him password.

[kalo93]

Ok then can i have a code where if he enters the username and identification successfully, it takes him to the change password place.

[rafzig155]

What more do you want?? That it's all?

[dclamp]

Majority of this forum will not write code for you. If you give it a try, we can help you. If you come to errors we will help fix them. We dont just go around and write for for free.

I suggest you take some basic PHP tutorials online and you will pick it up in no time.

( you can code in md5 but you can't encode it)

Incorrect terminology. You can encode a string with md5, but you cant decode md5

[kalo93]

Ok but at what point did i say i needed basic tutorials...

I know that you cant decode md5.

I didnt say that the passwords were encrypted.

I DO have a code but i dont think it would work, here it is:

PHP Code:

<?php
if(isset($_POST['submit'])) {
if(!$_POST['user'] || !$_POST['identify']) {
die('You didnt fill in all of the required fields.<BR>');
}
if(!get_magic_quotes_gpc()) {
$user = addslashes($_POST['user']);
$identify = addslashes($_POST['identify']);
} else {
$user = $_POST['user'];
$identify = $_POST['identify'];
}
$usercheck = mysql_query("SELECT * FROM accounts WHERE accountid = '$user'");
$usercheck2 = mysql_num_rows($usercheck);
if($idcheck ='0') {
die("Username doesn't exist!");
}
$idcheck = mysql_query("SELECT $user FROM accounts WHERE identification = '$identify'");
$idcheck2 = mysql_num_rows($idcheck);
if($idcheck2 !='0') {
die("Invalid Identification Number");
}
}
?>

[dclamp]

ok well rudeness isn't going to get you anywhere. You should have been more clear in your first post. When i got from your first post was that you didnt know any php, and i was just offering you some help.

[kows]

I'm sure something like this might work:

PHP Code:

<?php
  if(isset($_GET['op']) && $_GET['op'] == "recover"){
    //recovering password!

    //we should probably print the form!
    $printform = true;

    if($_SERVER['REQUEST_METHOD'] == "POST"){
      //something was posted.
      if(isset($_POST['user'], $_POST['identify'])){
        //form wasn't empty, let's check the information
        $user = mysql_real_escape_string($_POST['user']); //escape evil strings!
        $id = mysql_real_escape_string($_POST['identify']); //   '
        $q = mysql_query("SELECT password FROM tablename WHERE user='$user' AND identify='$id' LIMIT 1");
        if(mysql_num_rows($q) == 0){
          //nothing was returned! something is wrong.
          echo "<h1>either your username does not exist, or your id number was incorrect!</h1>";
        }else{
          //something was found! let's grab and show them their password.
          $a = mysql_fetch_row($q);
          echo "<h1>hello, <em>{$_POST['user']}</em>!</h1>";
          echo "<h3>your password is <strong>{$a[0]}</strong>. please write it down!";
          //let's not print the form!
          $printform = false;
        }
      }else{
        //form was missing something.
        echo "<h1>you missed something!</h1>";
      }
    }
    if($printform){
?>
<form action="?op=recover" method="post">
  <p>Password Recovery</p>
  <table width="200" border="0">
    <tr>
      <td>Username:</td>
      <td><input name="user" type="text" class="liteoption" id="user" size="15" maxlength="15" />
      *</td>
    </tr>
    <tr>
      <td>ID Number:</td>
      <td><input name="identify" type="text" class="liteoption" id="identify" size="15" maxlength="5" />
        *</td>
    </tr>
  </table>
  <p><input name="submit" type="submit" class="liteoption" value="Submit" /></p>
</form>
<?php
    }
  }
?>