[myslowquietlife]

Hi all! (this is not a script request)

Hope your all well?

I have a members area and i need to have a forgotten password link.

Now i realise that i cant just send the passwords to the members as they are encrypted using md5 (and i wouldn't want to anyway). Im not asking for a script here but a link to a simple tutorial that will help me generate a random password and email it to the member in question.

Thanks very much.

Ben

[UnrealEd]

A random password generator is very simple actually. There are 2 "types" of random passwords: a series of random characters placed together in a string, or a string of combined existing words and digits. The former is probably the easiest way to create (it only takes 1 line of code), but the latter one is the easiest to use for the user who forgot his password (you try to remember a completely random 16-char password )

Here's how you can create a password with random characters:

PHP Code:

/**
* Generates a random password, using random characters
*
* @param int The length of the new random password
* @param array An array containing the characters that are 
                to be used in the password
* @return string The random password
*/
function generateCharacterPassword ($length, $charRange=NULL) {
  if (is_null ($charRange))
    // use characters a-z, A-Z and 0-9
    $charRange = array_merge (range ('a', 'z'), range ('A', 'Z'), range (0 ,9));

  // generates the password:
  $password = NULL;
  while ($length > 0) {
    // add a random character from the $charRange array to the password
    $password .= $charRange[array_rand ($charRange)];
    $length--;
  }
  return $password;
} 

To use it:

PHP Code:

// creates a password of length 32
generateCharacterPassword (32);

// creates a password of length 5 with the characters a, b and c
generateCharacterPassword (5, array ('a', 'b', 'c')); 

To generate a password that contains known words, you'll need to create an array of known words, and pick a random item from that array. Basically it's the same as the previous code, except you'll be using an array that contains words instead of characters

[myslowquietlife]

excellent! well thank you very much it really is very easy!

now once this code has generated the password for this user how would i use it to reset the password on their database row.

Again a tutorial for this would be fine but thanks for giving the code example.

Ben

By the way i have only just mastered how to update/edit database using forms so i need this kinda simple

[UnrealEd]

Quote:

Originally Posted by myslowquietlife

By the way i have only just mastered how to update/edit database using forms so i need this kinda simple

That's the only thing you need

Since you want to reset a user's password, you already know his username (or login name, or whatever), so you should be able to access the user's information in the database.

Now the only thing you need to do is update the password field in the database that refers to the user of which you have the username.
You probably store it as an md5, so you'll have to hash the random-generated password first:

PHP Code:

$password = generateCharacterPassword (10);

$hashedPassword = md5 ($password); 

Now update the password field by setting the $hashedPassword and send the $password to the user in a mail or somthing.

[myslowquietlife]

ahhh thank you very much its all clear now.

I was thinking i might have to have a new field in the database with the new password (i read that somewhere and it just didnt seem right although i suppose thats one way of doing this).

Well thank you very much for the help UnrealEd

Ben

[UnrealEd]

Quote:

Originally Posted by myslowquietlife

I was thinking i might have to have a new field in the database with the new password (i read that somewhere and it just didnt seem right although i suppose thats one way of doing this).

It is possible to add an extra field: most sites offer the option to reset the password back to it's original value after a couple of hours when you don't reply to their mail or visit the link in the mail.
They add this to make sure only the owner of the account has the option to reset his password.
What I told you in my previous post will work, but now I would be able to reset the password of anyones acount, eventhough they don't want to (I would have to know their email, but that's rather easy to find).

Basically what those sites do (and what I would do) is store the new password in another field than the one you store the old password of the user. You then send a link via mail to the user that refers to a page that will overwrite the old password with the new password, and then let the user fill in his new password.

Quote:

Originally Posted by myslowquietlife

Well thank you very much for the help UnrealEd

Ben

Anytime