Let me start by saying that I'm designer, not a programmer, so PLEASE bear with me if my questions are tedious. I recently hired someone to do a PHP/MySQL application and it is missing things that are needed. Rather than go back to the well, as it were, I want to try to tweak the application myself. Ok. The disclaimer is over.

I need to add a lost password feature to the login page: the standard thing, users enter an e-mail address, hit the submit button and hey presto, they receive their username and password by e-mail.

Here's the query/application I have in mind:

   A. Lost password Search Form

      i. Place on the same php page as the login
           form.

      ii. HTML Form tag points to PHP script

           a. Question, should I create the script
              in the php page or in a separate
              php document?

      iii. Within Form tag place an HTML text input
           field and a submit button to activate
           the query.

   B. Query tables for username (e-mail adress) and password.

      i. username is contained in table(a) pword in table(b)

      ii. If the e-mail address exists

           a. Search table(b) for the corresponding
              record, i.e., the one that has the
              same "Id"

           b. If there is a value in the password
              field in table(b), Combine the information
              and send it in an e-mail with the username
              and password.to the the address listed in
              table(a)

      iii. If the e-mail address does not exist,

           a. Return to the login page and display
              an error message advising users
              what to do next.

           b. If the e-mail address exists, but there
              is no value in the password field,
              Return to the login page and display
              an error message advising users what
              to do next.

Poking around the Internet, I found a code snippet that seems to do some of what I want,

$result = mysql_query ("SELECT password,email FROM yourtable
                          WHERE username = '$username'");
  if ($myrow = mysql_fetch_array($result)) {
    $mailaddress = $myrow["email"];
    $subject = "Important Message"; // don't say password in subject
    $message = "Your password is: " . $myrow["password"] ;
    $header = "Ancillary message or other stuff";
    mail($mailaddress,$subject,$message,$header);
  }

So where can I go to get the info I need to turn my outline above into an application?

Thanks.

I'm just a guy slugging it out till the end.

Wow, this is a big project (especially for a non-programmer). This is how I would go about it: firstly, why not put username, password and e-mail in the same table? It would make it a lot easier. Then write some code like this:

iforgotmypassword.php <- the page that the user enters their e-mail address
sendforgottenpassword.php <- where PHP sends the password

[code]
<?php

$connection = mysql_connect('localhost','username','password');
$db = mysql_select_db('your_db',$connection);

if(isset($_POST['username']) && isset($_POST['email']))
{
$query = "SELECT * FROM table_a WHERE username='";
$query .= $_POST['username'];
$query .= "' AND email='";
$query .= $_POST['email'];
$query .= "'";

$result = mysql_query($query);

$data = mysql_fetch_assoc($result);

if($data !== FALSE)
{

$email = $data['email'];

$subject = 'IMPORTANT: your company password';

$body = 'You recently requested your password be sent to you by email. You password is: ';

$body .= $data['password'];

if(mail($email,$subject,$body))echo 'Your password has been sent to you.';

else echo 'Error in sending mail. Press back to try again.';

}
else echo 'You entered an invalid username/email address combination. Press back to correct your input.';

}

else {

echo 'You did not enter a username and/or email address. Press back to correct your input.';

}
?>

HTH,

Snib

<><

First, thank you VERY MUCH for your generosity. You mean there are small projects and/or easier places to start? ;) This just happens to be something that needs doing and, for various reasons, either I have to do it or I've got to hire a someone new to help.

What I specified is what I inherited from my programmer. So I'm stuck with this set up unless I add the username field to the table with the password and then try to figure out the effects such an addition will have to the rest of the application. It seemed saner to disturb as little as possible.

Anyway, thanks for the code, I'll play with that and see what happens.

I'm just a guy slugging it out till the end.

Bob,

Without having an extensive knowledge of PHP, I don't know how far you'll get trying, but it's certainly worth a try if it means you might not have to hire someone else.

I could have helped a bit more if I knew exactly how the person you hired set up the system. You may have to mess around with my code quite a bit to get it to fit with what you have.

If it means a lot, you might want to get a PHP/MySQL book and browse through it so that you have a general idea of what you're doing.

For reference, here's some helpful sites:

The official MySQL manual: http://dev.mysql.com/doc/
The official PHP manual: http://php.net/manual/en

Hope you get it working! :)

Snib

<><

Oh great. I guess you're saying I've to my work cut out for me :-(. Well I guy's gotta start somewhere.

Messing around was expected, and indeed part of the point.

Thanks for your time, information and encouragement.

Bob

I'm just a guy slugging it out till the end.

It's not that difficult, actually. It's daunting for one who doesn't know PHP, but it's still not that bad. If you review your overview of the problem, you'll find that your logic is somewhat flawed. You have

Well, item iii.b is invalid -- you can't have an "if the email exists" within the scope of "if the email does NOT exist".


All that being said, your script will be SOMEthing like this:


<?php

if (!isset($_POST['email']) || empty($_POST['email']))
{
    header("Location: login.php?error=blankemail");
}

$email = $_POST['email'];

$query = "SELECT id FROM a WHERE email = '{$email}'";
$result = mysql_query($query);

// email doesn't exist
if (mysql_num_rows($result) == 0)
{
    header("Location: login.php?error=bademail");
}

// should only be one result row
$id = mysql_result($result, 0); // http://www.php.net/mysql_result

$query = "SELECT password FROM b WHERE id='{$id}'";
$result = mysql_query($query);

// password doesn't exist (how would this happen??)
if (mysql_num_rows($result) == 0)
{
    header("Location: login.php?error=nopassword");
}

$password = mysql_result($result, 0);

$message = "Hello,

Your password is: {$password}


Take care,

Your friendly web support staff.
";

mail($email, // To
     "Password request", // Subject
     $message); // Message body
                           // http://www.php.net/mail

header("Location: login.php?error=passwordsent");

?>

I leave it to you to connect to the DB, perform validity/error checking, etc.

I also leave it to you to modify login.php to output the appropriate error/informative messages given the existence and value of $_GET['error'].




Take care,

Nik
http://www.bigaction.org/

Nik,

Thank you very much. I'll play with the code you suggested. I clicked through to your on-line resume. I see that you went to UC San Diego @ La Jolla. I've driven by that campus on many of my visits to San Diego. How did you ever get any work done? I'd've been surfing and scuba diving every day!

Bob

I'm just a guy slugging it out till the end.