-4

I am trying to write a simple script that tells the user his password by verifying what his/her email is. But I do not know how to display the forgotten password to the user after the user puts in the email address.

Here is the script i am trying to do:

<html>
<body>

<form action="forgottenpassword.php" method="post">
Enter Your email: <input type="text" name="email"/>
<input type="submit" name="submit" value="Retrieve password"/>
</form>

</body>
</html>

<?php
include('config.php');

if (isset ($_POST['submit'])) {

$emailcheck = $_POST['email'];

$checkit = mysql_query("SELECT email FROM user WHERE email ='$emailcheck'"); 

if (!$checkit) exit(); 

$result = mysql_fetch_array($checkit);
$question = $result['email'];
echo "Your password is $question";
}
?>
munue
  • 439
  • 2
  • 9
  • 18
  • 13
    You don't want to display a password to a user... You should be hashing it before it goes into your database. Unless of course you want to end up on [Plaintext Offenders](http://plaintextoffenders.com/) – brbcoding May 16 '13 at 20:52
  • 8
    This breaks every security rule in the book... – RichieHindle May 16 '13 at 20:52
  • 2
    shouldn't the query be `SELECT password FROM user WHERE email ='$emailcheck'`? and please bear in mind that this is prone to an SQL Injection Vulnerabilty – reikyoushin May 16 '13 at 20:52
  • Don't you need to get the `password` from the database, not the `email`? Note though, that this is the wrong way to do this! There should be no way to get a user's password back. What you want to do is email them a link to reset their password (using a generated hash). – gen_Eric May 16 '13 at 20:52
  • 5
    So if I enter any valid email address, I'll see the password?? – j08691 May 16 '13 at 20:53
  • 2
    You do not want to store the user's password in your system, but always a salted hash. There have been too many cases of passwords stored in plain text in databases being stolen. Provide the user with the ability to reset his password, but never keep it in your system and never send it by email. Also, never interpolate strings into SQL statements; always use prepared statements. Google "xkcd Exploits of a Mom" to learn why. – Eric Jablow May 16 '13 at 20:53
  • @j08691 : lol. yeah. right. shouldve mailed the password instead. – reikyoushin May 16 '13 at 20:54
  • 1
    Yes but you should not do that. It the user has forgot his password, you should instead send him/her an email, with a special link temporary generated, which will allow him/her to reset his/her password with a new one. The only moment when you have the password in its visible form should be when the user post it to login. And at this point you have to hash it and compare with the one hashed in DB. – MatRt May 16 '13 at 20:55
  • 1
    [How can I store my users' passwords safely?](http://stackoverflow.com/questions/1581610/how-can-i-store-my-users-passwords-safely) – ceejayoz May 16 '13 at 20:55
  • now i just wanna see how this works by testing it first. I am trying to do an assignment on localhost without it accessing the internet. So i wont be able to email the user's their passwords – munue May 16 '13 at 20:56
  • In your next attempt be sure to check values you get from the form `if (isset ($_POST['submit']))` should be `if (isset ($_POST['submit']) && $_POST['submit'] == 'Retrieve password')` – RST May 16 '13 at 20:58
  • you shouldn't be using `mysql_*` function as they are deprecated and are no longer managed by community. – Kailash Yadav May 16 '13 at 20:58
  • Never, ever keep users passwords readable....-1 – Senad Meškin May 16 '13 at 20:59
  • @MatRt : yeah, i've read about http://plaintextoffenders.com/post/7006690494/whats-so-wrong-about-sending-a-new-password-in and I agree with you. thanks! – reikyoushin May 16 '13 at 21:00
  • Sorry guys i am new to coding. I understand the whole thing about security but i just need to figure out how i can achieve such a task without sending passwords to emails. This is only for an assignment on how to make this work and is not put on any website – munue May 16 '13 at 21:01
  • if just for academic purposes and to make this working, just change `SELECT email` to `SELECT password` or whatever field you named you passwords.. – reikyoushin May 16 '13 at 21:02
  • how do i echo the password? – munue May 16 '13 at 21:04

2 Answers2

2

This is the simple algorithm of password reset:

  1. You must store the password salted and hashed into the database. Follow for more info or This
  2. You should create a column (ex: reset_password_hash) and when the user entered his email you generate a random hashed string and update the the column.

  3. Email a url to the user which contains the hashed string of that column (use GET method) like:

    http://www.mysite.com/?uid=232&hash=4mnb2m3n4bkj23jh2h4j23kj4kj

  4. Then when user follows that url, you check the hash string for the user and if it exists then you provide him a chance to reset the password (not see it), because you hashed the password and it's not reversible.

Community
  • 1
  • 1
Siamak Motlagh
  • 5,028
  • 7
  • 41
  • 65
1

You should never let the user see their password once it has entered the database because it should be encrypted. Here is some code that might help you do what you want.

HTML

<div id="displayPass"></div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   <label>Enter Your email: </label><input type="text" name="email"/>
   <input type="submit" name="submit" value="Retrieve password"/>
</form>

PHP (which should be placed in the head)

<?php
  include('config.php');

  if (isset($_POST['submit'])) {
     $emailcheck = $_POST['email'];

     $checkit = mysql_query("SELECT password FROM user WHERE email ='$emailcheck'"); 

    if (empty($checkit))
    {
    echo "<script type='text/javascript'>
            var div = document.getElementById('displayPass');
            div.innerHTML = 'You have entered the incorrect email.';
          </script>"; 
    }
    else
    {
    $result = mysql_fetch_array($checkit);
    $question = $result['email'];

    echo "<script type='text/javascript'>
            var div = document.getElementById('displayPass');
            div.innerHTML = 'Your password is '".$question."';
          </script>";     
    }
  }
?>

But what you should is something like this...

HTML (with some php)

   <?php
      session_start();
   <form action="checkEmail.php" method="post">
      <label>Enter Your email: </label><input type="text" name="email"/>
      <input type="submit" name="submit" value="Retrieve password"/>
      <label><?php echo $_SESSION["errorMessage"]; ?></label>
   </form>
   ?>

PHP (checkEmail.php)

<?php
  session_start();
  //query database to see if its a correct email address
  if(//email is not corrent){
    $_SESSION["errorMessage"] = "Invalid Email.";
    header("Location: emailForm.php");
  }
  else {
     header("Location: newPasswordForm.php");
  }
?>

Then you create a new page where the user can fill out a form to change their password.

Hope this helps.

Josh Balcitis
  • 490
  • 6
  • 19