Forgot password

brad62 · January 23, 2013, 2:44pm

I did a very simple thing years ago and now I need it again, but it’s not working.
I just want the users to have their password e-mailed to them if they forgot it when logging in.

I have one page called forgot.php with a form sending email to this page called forgotten.php

<?php
$email = $_POST['email'];
$con = mysql_connect("localhost","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("database", $con);

$result = mysql_query("SELECT user_pass, user_email FROM user_db WHERE user_email='$email'");

$r = mysql_query($result);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "<p>There is no user with this e-mail address in our system.</p><p>Please try again. <a href='forgot.php'>TRY AGAIN</a></p><p>Or set up an account. <a href='sign.php'>NEW ACCOUNT</a></p>";
exit();
} else {
$row=mysql_fetch_array($r);
$password=$row["user_pass"];
$email=$row["user_email"];

$recipient = $email;
$subject = 'Your password';
$message = 'Here is the password you requested from our website: '.$password;
$headers = 'From: info@website.com' . "\\r\
" .'Reply-To: info@website.com' . "\\r\
" .'X-Mailer: PHP/' . phpversion();

print "An email containing the password has been sent to you.";
}
?>

StarLion · January 23, 2013, 4:04pm

Well. There’s a lot to discuss in that piece of code.
#1: mysql is being deprecated. Suggest you move to mysqli or PDO
#2: your input is not sanitized, leaving that code open to attack.
#3: It’s generally discouraged to let people guess emails to see if they’re in your system. Better behavior would be to always say “If your email is in our system, an email has been sent to that address with instructions on how to reset your password”, regardless of whether you sent anything or not. That way people cant figure out users emails that are in your database.
#4: You should be hashing the passwords one-way and instead of sending them the password, either outright generating a new password for them, or do a staged-replace system where you send them a action-specific url to reset the password. Never store passwords in plaintext.

All that said; what exactly is the problem? (my first guess is mysql_affected_rows on a SELECT query, but lets have a bit more detail of the issue)

brad62 · January 23, 2013, 10:55pm

Great input. I will definitely look at those things. Any suggestions on how to make this?
I tried to Google for things on this, but couldn’t find any good ones.