forgot password help

mathieu67 · #1 (**permalink**) 10-13-04, 08:18 PM

I need a forgot your password script that will dispay the password to the user instead of emailing it. I looked everywhere can't find one...help

blaw · #2 (**permalink**) 10-13-04, 08:57 PM

Hello,

First off, I think your need is a bit too specific so that there probably won't be such a script. Even if you find something close, you will still have to do some modifications on it.

It seems like you already have a script that allows you to send forgot-passes to email addresses (i.e. you are not stuck with how to retrieve forgot passes, right?). If I were you, I would perhaps open the file that does the emailing and somehow remove the emailing part and display the email contents on the page.

Hope you get some idea.

jasong · #3 (**permalink**) 10-13-04, 10:15 PM

The reason why there won't be a script is because none of them are ment for your script.
If you already have the whole email part working like what Blaw said, then just remove the whole mail() part and look for a variable that says something about a password and then try to print that.

If not that then you can just have a "select password from members where username=billybob" query.

If you dont know how to code (assuming this is in php) I can help you out.

Deekay · #4 (**permalink**) 10-13-04, 10:18 PM

The mail part is for security.. I don't know how you're going to make it secure enough so that noone could just fake someones email.

Quote:

Originally Posted by jasong

If not that then you can just have a "select password from members where username=billybob" query.

Well.. 99% of scripts encrypt passwords incase of sql injection so thats probably not gonna work.

Sabu · #5 (**permalink**) 10-13-04, 10:43 PM

Click once:

Quote:

Hint: your password has four characters in it

Click again:

Quote:

Your password has been emailed to your address.

Of course, as explored above, the standard password encryption won't let you do that. But if your function emails the actual password to the user, instead of changing it to something random, then you can.

Question, though. Why would you display the password to the user? Where's the verification? If you're going to do that, might as well just let anyone log in as someone else. This could work if you had a secret question though..