Home      Products & Services      Contact Us      Links

WebHatchers will design & develop your site for you.

Website Menu Heaven: menus, buttons, etc.

Send us your questions.

site search by freefind

SEO, Google, Privacy
   and Anonymity
Browser Insanity
Popups and Tooltips
Free Website Search
HTML Form Creator
Buttons and Menus
Image Uploading
Website Poll
IM and Texting
   or Not MySQL
Personal Status Boards
Content Management
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs

Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement

Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Forgot Password in Form Creator Form CMS

This script is called forgot-password_.php

The Forgot Password in Form Creator Form CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.

The purpose of this script is to provide a way in which the user can renew the password in his user profile when he forgot it so cannot log in.

First, we include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:

$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());

We make our script a bit more secure when we define a named constant '_NODIRECTACCESS' before we include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.

We get the POSTed email address and stick it in the PHP variable $email. Then we make sure it is not too long or too short. If it is, we give them an alert and send them off to the registration script HTML Form Creator—Register with Captcha. Then we run a standard email validation script and if their email fails, we give them an alert and send them off to the registration script. This validator uses the preg_match() function, which performs a regular expression match on $email. We use the mysql_real_escape_string() function to make their input safe to use in a MySQL statement that searches for $email, since it escapes special characters in the string for use in our SELECT . . . WHERE SQL statements.

We use the mysql_num_rows() function to determine whether or not the email address we search for in the MySQL database table was found, and, if not, we give the user an alert "This email address does not exist. Please try again." If it is found, we use the mysql_fetch_array() function to get the results in an array and we grab the contents of the username and email fields from this array. We use these in an email. In order to send the user his user name, we use an email since it is safer than looking it up for them on the spot. The visitor may indeed know someone's email address, but that does not prove it's HIS email. We dispel doubts by sending the user the info knowing that only the true owner of that email address will get the info.

We use the PHP function array_merge() to merge 3 arrays, which we build using the range() function, which creates an array with a specified range of elements. In this case, we want A to Z, a to z, and 0 to 9. Then we use the mt_rand() function and the count() function to loop through 8 iterations, getting random characters from the array, concatenating them together into a new password 8 characters long.

Next we use $o=make_salt();$h=z_____z();—functions from the config.php file—to create a salt, and then a hash. The hash is formed from the new salt and the new password (now in $P). Then we stick this new hash and this new salt into the record which has the email address entered in the form. We give the user an alert telling him the new password.

We use these in an email. In order to send the user his user name and password, we use an email since it is safer than looking it up for them on the spot. The visitor may indeed know someone's email address, but that does not prove it's HIS email. We dispel doubts by sending the user the info knowing that only the true owner of that email address will get the info. We have revealed a new password to this visitor, but did not reveal which user name it belongs with. This we do in the email, which belongs to someone with a user name which he may need reminding about.

It is obvious where the $email and $U and $E variables get their data, but not so obvious where $psbhostemailaddress comes from. It is defined in the config.php file: Configure File for Database Connection. It is used as the From in the email's headers data. The variable uses a weird name, but you can alter these PHP variables to your tastes in the config.php file in the includes folder as long as you are consistent and do the same in the password forgetting and username forgetting apps as well.

None of these variable names, (except the email one) in config.php are important and you may change them to something else as long as both places they are used in the config.php script use the same name. (The exception is the email address variable which needs to be the same in the config.php script and any other script that uses it. In our HTML form creator CMS system, this includes only the password forgetting and username forgetting apps.) Note: do not use simple variable names like $p, $pp, $e, etc. in config.php since they may already be in use elsewhere in our CMS system. Now it is obvious where $psbhostemailaddress comes from—us trying to avoid variable clash.

The form is standard stuff, and it contains a link to the page HTML Form Creator—Login to Profile and Account Management. The form uses an onsubmit event to run the JavaScript function validateemail(), which validates the email, or refuses to submit the form, if the email won't validate.

The script below is called: forgot-password_.php



if (strlen($email)<6 || strlen($email)>65) {echo '<script language="javascript">alert("Please enter 6 to 65 characters for email address."); window.location = "register-with-captcha_.php"; </script>';
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
echo '<script language="javascript">alert("That email address is not valid."); window.location = "register-with-captcha_.php"; </script>';

$check_user_data = mysql_query("SELECT * FROM my_members WHERE email = '$email'") or die(mysql_error());
if(mysql_num_rows($check_user_data) == 0)
{echo '<script language="javascript">alert("This email address does not exist. Please try again.")</script>;';unset($email);}
else {$row = mysql_fetch_array($check_user_data);$E=$row['email'];$U=$row['username'];

$aZ09 = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));

$D = date("d-m-Y");
$sql="UPDATE my_members SET password='$h', ip='$I', signup_date='$D', salt='$o' WHERE email='$email'";
echo "<script language='javascript'>alert('Your new password is ".$P."');</script>";

echo '<script language="javascript">alert("Entries were NOT made—something went wrong."); window.location="login_.php";</script>';}

$to = $email;
$subject = "Here are your login details . . . ";
$message = "This is in response to your request for login details as administrator of your group.\n\nYour User Name is ".$U.".\n\nYour Password is ".$P.".\n\nDon't give your password to anyone in your group, but do save it somewhere safe.\n\nRegards,\n\nthe management";
$headers = "From: ".$psbhostemailaddress."\r\nReply-To: ".$email;

if(mail($to, $subject, $message, $headers)){echo "<center><font face='Verdana' size='2'><b><br><br><br><br><br>THANK YOU</b> <br>Your passwords are posted to your email address. Please check your mail soon.</center>";}

else{echo "<center><font face='Verdana' size='2' color=red>There is some system problem in sending login details to your address. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Password Recovery—Forgotten Password</TITLE>
<meta name="description" content="Password Recovery—Forgotten Password">
<meta name="keywords" content="Password Recovery,forgot password,forgotten password,php,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#bbb}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
.main {position:absolute;width:700px;top:150px;left:150px;padding:30px;text-align:left;border:8px groove blue;background-color:#ddd}

<div class='main'>

<p><center><B><h2>Password Replacement—Forgotten Password</h2></B></center></p>

<form name="MyForm" method="POST" onsubmit="return validateemail()" action="forgot-password_.php">
<label for='email'><b>Email address: </b><input type="text" name="email" value="" size="30" maxlength='60'></label><br><br>
<center><input type="submit" value="Replace Forgotten Password"><br><br></center>
<center><input type="reset" value="Reset"><br><br></center>
<center><input type="button" value="Login" onClick="window.location='login_.php'"><br><br></center>

<script language="javascript">

function validateemail(){

var ck_email = /^[A-Za-z0-9-_]+(\.[A-Za-z0-9-_]+)*@([A-Za-z0-9-_]+\.)?([A-Za-z0-9-_]+(\.[A-Za-z]{2,6})(\.[A-Za-z]{2})?)$/;
if (document.MyForm.email.value.search(ck_email)==-1)
{alert("That email address is not valid.");return false}

return true}