This script assumes :
- The database has two tables : users and people (Structure bellow).
users to store user information (login, password, ...) and people which is used as the user profile.
The DB is based on the DB package of PEAR (http://pear.php.net).
- When creating a user, a profile is created by default.
(create a registration in the people table and update the registration of this user in the users table with the id of the inserted people registrar).
- The passwords stored in the database are encrypted using the crypt() function, and you can't discover this password.
CREATE TABLE USERS(
ID NUMBER(10) NOT NULL,
LOGIN VARCHAR2(15 BYTE) NOT NULL,
PASSWORD VARCHAR2(50 BYTE) NOT NULL,
LOGINEXPIRE DATE,
PASSWORDEXPIRE DATE,
IDPEOPLE NUMBER(10),
)
CREATE TABLE PEOPLE(
ID NUMBER(10) NOT NULL,
NAME VARCHAR2(80 BYTE),
FROM VARCHAR2(200 BYTE),
EMAIL VARCHAR2(50 BYTE),
HOMEPAGE VARCHAR2(80 BYTE)
)
301 | | | | (comments: this is a empty profile)
302 | Jos? Filipe Lopes Santos | R. Conde S. Bento, Santa Cristina do Couto, Santo Tirso | jfilipe@med.up.pt | http://users.med.up.pt/jfilipe
What does this script do?
- Verify if a user with the supplied credentials exists.
- Verify if this user has a profile (has an people registration, that contains extended information for this user (name, email, home, ...)).
- Generate a new random password.
- Encrypt this password.
- Update the new password in the database.
- Send the new password (not encrypted) to the user.
<?php
/**
* Remember password.
*
* This function remember the password
*
* @return array(error message,sucess message,mensage code)
* @param string $dsn dsn to access to database
* @param string $login user login
* @param string $session_name session name
* @desc Remember password.
*/
function RememberPassword($dsn,$login,$session_name){
$error_msg="";
$sucess_msg="";
$exist = false; // bool that indicates if user exist
$id_link = -1; // id of this people
$email = ""; // user email
$exist_email = false; // bool (true = have email)
$chars_random = "123456789abcdefghijlmnopqrstuvwxz"; // characters to use to generate ramdom password
$random_pass = ""; // random password
$enc_random_pass = ""; // random passwod encrypted
$full_name = ""; // user full name
// estabilish conection to database
$db = DB::Connect($dsn);
// verify if that user exist and, have an id to link to people
$sql = "select idpeople from users where login='".$login."'";
$st = $db->query($sql);
if (DB::isError($st)){ // ocurred error? catch this
$db->disconnect();
$error_msg = $st->getUserInfo();
return array($error_msg,$sucess_msg);
}
if ($row = $st->fetchRow()){
if ($row[0] != "") $id_link = $row[0];
$exist = true;
}
$st->free();
if (!$exist){ // the user dont exist
$db->disconnect();
$error_msg = "Invalid user";
return array($error_msg,$sucess_msg);
}
if ($id_link == -1){ // dont exist id to link to people
$db->disconnect();
$error_msg = "These user, dont had link to people table";
return array($error_msg,$sucess_msg);
}
// verify if exist these id link
$sql2 = "select count(*) from people where id=".$id_link;
$count = $db->getOne($sql2);
if (DB::isError($count)){
$db->disconnect();
$error_msg = $count->getUserInfo();
return array($error_msg,$sucess_msg);
}
if ($count == 0){ // dont exis any people with this id
$db->disconnect();
$error_msg = "Dont have any regist in people to this user";
return array($error_msg,$sucess_msg);
}
// verificy if had introduced email
$sql3 = "select email,name from people where id=".$id_link." and email is not null";
$st2 = $db->query($sql3);
if (DB::isError($st2)){
$db->disconnect();
$error_msg = $st2->getUserInfo();
return array($error_msg,$sucess_msg);
}
if (!$exist_email){ // email not specified
$db2->disconnect();
$error_msg = "Email not specified";
return array($error_msg,$sucess_msg);
}
// generate random password
for ($j=0;$j<=10;$j++)
$random_pass .= $chars_random[rand(0,strlen($chars_random))];
// sen the new pass to user
$subject = $session_name.": login and password to access";
$message = "Dear $full_name, we had received your request to send password\n\n";
$message .= "\tlogin : $login\n";
$message .= "\tPassword : $random_pass\n\n";
$message .= "Please, change your password for your security";
mail($email,$subject,$message);
// encrypt the random password
$enc_random_pass = crypt($random_pass);
// update password in database
$update = "update users set password=? where login=?";
$data = array($enc_random_pass,$login);
$prep = $db->prepare($update);
$exe = $db->execute($prep,$data);
if (DB::isError($exe)){
$db->disconnect();
$error_msg = $exe->getUserInfo();
return array($error_msg,$sucess_msg);
}
// close conection to database
$db->disconnect();
$sucess_msg = "Your password had sended to your email";
return array($error_msg,$sucess_msg);
}
