Home      Products & Services      Contact Us      Links

WebHatchers will design & develop your site for you.

Website Menu Heaven: menus, buttons, etc.

Send us your questions.

site search by freefind

SEO, Google, Privacy
   and Anonymity
Browser Insanity
Popups and Tooltips
Free Website Search
HTML Form Creator
Buttons and Menus
Image Uploading
Website Poll
IM and Texting
   or Not MySQL
Personal Status Boards
Content Management
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs

Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement

Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Forgot MC Password

This script is called forgot-password.php

The first section is at the start of the script. First, we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.

We get the POSTed email address and stick it in the PHP variable $email. Then we make sure it is not too long or too short. If it is, we give them an alert and send them off to the registration script Register Group with Captcha. Then we run a standard email validation script and if their email fails, we give them an alert and send them off to the registration script. This validator uses the preg_match function, which performs a regular expression match on $email. We use the mysql_real_escape_string() function to make their input safe to use in a MySQL statement that searches for $email, since it escapes special characters in the string for use in our SELECT . . . WHERE SQL statement.

We use the mysql_num_rows() function to determine whether or not the email address we search for in the MySQL database table was found, and, if not, we give the user an alert "This email address does not exist. Please try again." If it is found, we use the mysql_fetch_array() function to get the results in an array and we grab the contents of the username and email fields from this array.

We use the PHP function array_merge() to merge 3 arrays, which we build using the range() function, which creates an array with a specified range of elements. In this case, we want A to Z, a to z, and 0 to 9. Then we use the mt_rand() function and the count() function to loop through 8 iterations, getting random characters from the array, concatenating them together into a new password 8 characters long.

Next we use $o=make_salt();$h=z_____z();—functions from the config.php file—to create a salt, and then a hash. The hash is formed from the new salt and the new password (now in $P). Then we stick this new hash and this new salt into the record which has the email address entered in the form. We give the user an alert telling him the new password.

We use these in an email. In order to send the user his user name and password, we use an email since it is safer than looking it up for them on the spot. The visitor may indeed know someone's email address, but that does not prove it's HIS email. We dispel doubts by sending the user the info knowing that only the true owner of that email address will get the info. We have revealed a new password to this visitor, but did not reveal which user name it belongs with. This we do in the email, which belongs to someone with a user name which he may need reminding about.

It is obvious where the $email and $U variables get their data, but not so obvious where $psbhostemailaddress comes from. It is defined in the config.php file: Configure File for Database Connection. It is used as the From in the email's headers data.

The form is standard stuff, and it contains a link to the page Login to MC Search and Match Profile and Account Management. The form uses an onsubmit event to run the JavaScript function validateemail(), which validates the email, or refuses to submit the form, if the email won't validate.

The script below is called: forgot-password.php



if (strlen($email)<6 || strlen($email)>65) {echo '<script language="javascript">alert("Please enter 6 to 65 characters for email address."); window.location = "register-with-captcha.php"; </script>';
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
echo '<script language="javascript">alert("That email address is not valid."); window.location = "register-with-captcha.php"; </script>';

$check_user_data = mysql_query("SELECT * FROM mc_members WHERE email = '$email'") or die(mysql_error());
if(mysql_num_rows($check_user_data) == 0)
{echo '<script language="javascript">alert("This email address does not exist. Please try again.")</script>;';unset($email);}
else {$row = mysql_fetch_array($check_user_data);$E=$row['email'];$U=$row['username'];

$aZ09 = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));

$D = date("d-m-Y");
$sql="UPDATE mc_members SET password='$h', ip='$I', signup_date='$D', salt='$o' WHERE email='$email'";
echo "<script language='javascript'>alert('Your new password is ".$P."');</script>";

echo '<script language="javascript">alert("Entries were NOT made—something went wrong."); window.location="login-to-mc.php";</script>';}

$to = $email;
$subject = "Here are your login details . . . ";
$message = "This is in response to your request for login details as administrator of your MC group.\n\nYour User Name is ".$U.".\n\nYour Password is ".$P.".\n\nDon't give your password to anyone in your group, but do save it somewhere safe.\n\nRegards,\n\nthe management";
$headers = "From: ".$psbhostemailaddress."\r\nReply-To: ".$email;

if(mail($to, $subject, $message, $headers)){echo "<center><font face='Verdana' size='2'><b><br><br><br><br><br>THANK YOU</b> <br>Your passwords are posted to your email address. Please check your mail soon.</center>";}

else{echo "<center><font face='Verdana' size='2' color=red>There is some system problem in sending login details to your address. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Password Recovery—Forgotten Password</TITLE>
<meta name="description" content="Password Recovery—Forgotten Password">
<meta name="keywords" content="Password Recovery,forgot password,forgotten password,php,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#bbb}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
.main {position:absolute;width:700px;top:150px;left:150px;padding:30px;text-align:left;border:8px groove blue;background-color:#ddd}

<div class='main'>

<p><center><B><h2>Password Replacement—Forgotten Password</h2></B></center></p>

<form name="MyForm" method="POST" onsubmit="return validateemail()" action="forgot-password.php">
<label for='email'><b>Email address: </b><input type="text" name="email" value="" size="30" maxlength='60'></label><br><br>
<center><input type="submit" value="Replace Forgotten Password"><br><br></center>
<center><input type="reset" value="Reset"><br><br></center>
<center><input type="button" value="Login" onClick="window.location='login-to-mc.php'"><br><br></center>

<script language="javascript">

function validateemail(){

var ck_email = /^[A-Za-z0-9-_]+(\.[A-Za-z0-9-_]+)*@([A-Za-z0-9-_]+\.)?([A-Za-z0-9-_]+(\.[A-Za-z]{2,6})(\.[A-Za-z]{2})?)$/;
if (document.MyForm.email.value.search(ck_email)==-1)
{alert("That email address is not valid.");return false}

return true}