1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Temporary password in PHP

Discussion in 'PHP' started by shabbir, Apr 12, 2005.

  1. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,276
    Likes Received:
    364
    Trophy Points:
    83
    Many websites generate temporary password or some generate the Activiation code for verification of email. They send the mail with that code in it and so If you wonder how they do this here is a function to do this.

    Input : - Length of the Random string you wish to generate
    Output :- Random generated string
    PHP:
    function randompassword($len)
    {
    $pass '';
    $lchar 0;
    $char 0;
    for(
    $i 0$i $len$i++)
    {
        while(
    $char == $lchar)
        {
         
    $char rand(48109);
         if(
    $char 57$char += 7;
         if(
    $char 90$char += 6;
        }
        
    $pass .= chr($char);
        
    $lchar $char;
    }
    return 
    $pass;
    }
    PHP:
     $active_code=randompassword(8);
     
  2. dhie

    dhie New Member

    Joined:
    Feb 16, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    how can include it in my site coz thats my prob here is my sites logic

    1. once you register there automatically your temporary password appear
    once you get successfully register.

    2. you can change your password which is the temporary password that the admin set on the user.

    so that is only my problem that temporary password.

    pls? help me up on this or you wanted to see my program?
     
  3. dhie

    dhie New Member

    Joined:
    Feb 16, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    here is my whole set codes:
    main.php
    PHP:
    <?

    ?>

    <html>
    <title>DENR-PERSONAL INFORMATION SYSTEM</title>
    <body>

    <table>
    <tr><td>


    <?
    /**
     * User has already logged in, so display relavent links, including
     * a link to the admin center if the user is an administrator.
     */
    if($session->logged_in){
       echo "<h1>Logged In</h1>";
       echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"
           ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] &nbsp;&nbsp;"
           ."[<a href=\"useredit.php\">Edit Account</a>] &nbsp;&nbsp;";
       if($session->isAdmin()){
          echo "[<a href=\"admin/admin.php\">Admin Center</a>] &nbsp;&nbsp;";
       }
       echo "[<a href=\"process.php\">Logout</a>]";
    }
    else{
    ?>

    <h1>Login</h1>
    <?
    /**
     * User not logged in, display the login form.
     * If user has already tried to login, but errors were
     * found, display the total number of errors.
     * If errors occurred, they will be displayed.
     */
    if($form->num_errors > 0){
       echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
    }
    ?>
    <form action="process.php" method="POST">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
    <tr><td colspan="2" align="left"><input type="checkbox" name="remember" <? if($form->value("remember") != ""){ echo "checked"; } ?>>
    <font size="2">Remember me next time &nbsp;&nbsp;&nbsp;&nbsp;
    <input type="hidden" name="sublogin" value="1">
    <input type="submit" value="Login"></td></tr>
    <tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>
    <tr><td colspan="2" align="left"><br>Not registered? <a href="register.php">Sign-Up!</a></td></tr>
    </table>
    </form>

    <?
    }

    /**
     * Just a little page footer, tells how many registered members
     * there are, how many users currently logged in and viewing site,
     * and how many guests viewing site. Active users are displayed,
     * with link to their user information.
     */
    echo "</td></tr><tr><td align=\"center\"><br><br>";
    echo "<b>Member Total:</b> ".$database->getNumMembers()."<br>";
    echo "There are $database->num_active_users registered members and ";
    echo "$database->num_active_guests guests viewing the site.<br><br>";

    include("include/view_active.php");

    ?>


    </td></tr>
    </table>


    </body>
    </html>
    register.php
    PHP:
    <?
    include(
    "include/session.php");
    ?>

    <html>
    <title>EMPLOYEEE REGISTRATION</title>
    <body>

    <?
    /**
     * The user is already logged in, not allowed to register.
     */
    if($session->logged_in){
       echo "<h1>Registered</h1>";
       echo "<p>We're sorry <b>$session->username</b>, but you've already registered. "
           ."<a href=\"main.php\">Main</a>.</p>";
    }
    /**
     * The user has submitted the registration form and the
     * results have been processed.
     */
    else if(isset($_SESSION['regsuccess'])){
       /* Registration was successful */
       if($_SESSION['regsuccess']){
          echo "<h1>Registered!</h1>";
          echo "<p>Thank you <b>".$_SESSION['reguname']."</b>, your information has been added to the database, "
              ."you may now <a href=\"main.php\">log in</a>.</p>";
       }
       /* Registration failed */
       else{
          echo "<h1>Registration Failed</h1>";
          echo "<p>We're sorry, but an error has occurred and your registration for the username <b>".$_SESSION['reguname']."</b>, "
              ."could not be completed.<br>Please try again at a later time.</p>";
       }
       unset($_SESSION['regsuccess']);
       unset($_SESSION['reguname']);
    }
    /**
     * The user has not filled out the registration form yet.
     * Below is the page with the sign-up form, the names
     * of the input fields are important and should not
     * be changed.
     */
    else{
    ?>

    <h1>Employee Registration</h1>
    <?
    if($form->num_errors > 0){
       echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
    }
    ?>
    <form action="process.php" method="POST">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
    <tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr>
    <tr><td colspan="2" align="right">
    <input type="hidden" name="subjoin" value="1">
    <input type="submit" value="Join!"></td></tr>
    <tr><td colspan="2" align="left"><a href="main.php">Back to Main</a></td></tr>
    </table>
    </form>

    <?
    }
    ?>

    </body>
    </html>
    useredit.php
    PHP:

    <?
    include("include/session.php");
    ?>

    <html>
    <title>Jpmaster77's Login Script</title>
    <body>

    <?
    /**
     * User has submitted form without errors and user's
     * account has been edited successfully.
     */
    if(isset($_SESSION['useredit'])){
       unset($_SESSION['useredit']);
       
       echo "<h1>User Account Edit Success!</h1>";
       echo "<p><b>$session->username</b>, your account has been successfully updated. "
           ."<a href=\"main.php\">Main</a>.</p>";
    }
    else{
    ?>

    <?
    /**
     * If user is not logged in, then do not display anything.
     * If user is logged in, then display the form to edit
     * account information, with the current email address
     * already in the field.
     */
    if($session->logged_in){
    ?>

    <h1>User Account Edit : <? echo $session->username; ?></h1>
    <?
    if($form->num_errors > 0){
       echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
    }
    ?>
    <form action="process.php" method="POST">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr>
    <td>Current Password:</td>
    <td><input type="password" name="curpass" maxlength="30" value="
    <?echo $form->value("curpass"); ?>"></td>
    <td><? echo $form->error("curpass"); ?></td>
    </tr>
    <tr>
    <td>New Password:</td>
    <td><input type="password" name="newpass" maxlength="30" value="
    <? echo $form->value("newpass"); ?>"></td>
    <td><? echo $form->error("newpass"); ?></td>
    </tr>
    <tr>
    <td>Email:</td>
    <td><input type="text" name="email" maxlength="50" value="
    <?
    if($form->value("email") == ""){
       echo $session->userinfo['email'];
    }else{
       echo $form->value("email");
    }
    ?>">
    </td>
    <td><? echo $form->error("email"); ?></td>
    </tr>
    <tr><td colspan="2" align="right">
    <input type="hidden" name="subedit" value="1">
    <input type="submit" value="Edit Account"></td></tr>
    <tr><td colspan="2" align="left"></td></tr>
    </table>
    </form>

    <?
    }
    }

    ?>

    </body>
    </html>
    userinfo.php
    PHP:
    <?

    include(
    "include/session.php");
    ?>

    <html>
    <title>Employee Account</title>
    <body>

    <?
    /* Requested Username error checking */
    $req_user = trim($_GET['user']);
    if(!$req_user || strlen($req_user) == 0 ||
       !eregi("^([0-9a-z])+$", $req_user) ||
       !$database->usernameTaken($req_user)){
       die("Username not registered");
    }

    /* Logged in user viewing own account */
    if(strcmp($session->username,$req_user) == 0){
       echo "<h1>My Account</h1>";
    }
    /* Visitor not viewing own account */
    else{
       echo "<h1>User Info</h1>";
    }

    /* Display requested user information */
    $req_user_info = $database->getUserInfo($req_user);

    /* Username */
    echo "<b>Username: ".$req_user_info['username']."</b><br>";

    /* Email */
    echo "<b>Email:</b> ".$req_user_info['email']."<br>";

    /**
     * Note: when you add your own fields to the users table
     * to hold more information, like homepage, location, etc.
     * they can be easily accessed by the user info array.
     *
     * $session->user_info['location']; (for logged in users)
     *
     * ..and for this page,
     *
     * $req_user_info['location']; (for any user)
     */

    /* If logged in user viewing own account, give link to edit */
    if(strcmp($session->username,$req_user) == 0){
       echo "<br><a href=\"useredit.php\">Edit Account Information</a><br>";
    }

    /* Link back to main */
    echo "<br>Back To [<a href=\"main.php\">Main</a>]<br>";

    ?>

    </body>
    </html>
    process.php
    PHP:
    <?

    include(
    "include/session.php");
    ?>
    <?
    class Process
    {
       /* Class constructor */
       function Process(){
          global $session;
          /* User submitted login form */
          if(isset($_POST['sublogin'])){
             $this->procLogin();
          }
          /* User submitted registration form */
          else if(isset($_POST['subjoin'])){
             $this->procRegister();
          }
          /* User submitted forgot password form */
          else if(isset($_POST['subforgot'])){
             $this->procForgotPass();
          }
          /* User submitted edit account form */
          else if(isset($_POST['subedit'])){
             $this->procEditAccount();
          }
          /**
           * The only other reason user should be directed here
           * is if he wants to logout, which means user is
           * logged in currently.
           */
          else if($session->logged_in){
             $this->procLogout();
          }
          /**
           * Should not get here, which means user is viewing this page
           * by mistake and therefore is redirected.
           */
           else{
              header("Location: main.php");
           }
       }

       /**
        * procLogin - Processes the user submitted login form, if errors
        * are found, the user is redirected to correct the information,
        * if not, the user is effectively logged in to the system.
        */
       function procLogin(){
          global $session, $form;
          /* Login attempt */
          $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
          
          /* Login successful */
          if($retval){
             header("Location: ".$session->referrer);
          }
          /* Login failed */
          else{
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * procLogout - Simply attempts to log the user out of the system
        * given that there is no logout form to process.
        */
       function procLogout(){
          global $session;
          $retval = $session->logout();
          header("Location: main.php");
       }
       
       /**
        * procRegister - Processes the user submitted registration form,
        * if errors are found, the user is redirected to correct the
        * information, if not, the user is effectively registered with
        * the system and an email is (optionally) sent to the newly
        * created user.
        */
       function procRegister(){
          global $session, $form;
          /* Convert username to all lowercase (by option) */
          if(ALL_LOWERCASE){
             $_POST['user'] = strtolower($_POST['user']);
          }
          /* Registration attempt */
          $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']);
          
          /* Registration Successful */
          if($retval == 0){
             $_SESSION['reguname'] = $_POST['user'];
             $_SESSION['regsuccess'] = true;
             header("Location: ".$session->referrer);
          }
          /* Error found with form */
          else if($retval == 1){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
          /* Registration attempt failed */
          else if($retval == 2){
             $_SESSION['reguname'] = $_POST['user'];
             $_SESSION['regsuccess'] = false;
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * procForgotPass - Validates the given username then if
        * everything is fine, a new password is generated and
        * emailed to the address the user gave on sign up.
        */
       function procForgotPass(){
          global $database, $session, $mailer, $form;
          /* Username error checking */
          $subuser = $_POST['user'];
          $field = "user";  //Use field name for username
          if(!$subuser || strlen($subuser = trim($subuser)) == 0){
             $form->setError($field, "* Username not entered<br>");
          }
          else{
             /* Make sure username is in database */
             $subuser = stripslashes($subuser);
             if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
                !eregi("^([0-9a-z])+$", $subuser) ||
                (!$database->usernameTaken($subuser))){
                $form->setError($field, "* Username does not exist<br>");
             }
          }
          
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
          }
          /* Generate new password and email it to user */
          else{
             /* Generate new password */
             $newpass = $session->generateRandStr(8);
             
             /* Get email of user */
             $usrinf = $database->getUserInfo($subuser);
             $email  = $usrinf['email'];
             
             /* Attempt to send the email with new password */
             if($mailer->sendNewPass($subuser,$email,$newpass)){
                /* Email sent, update database */
                $database->updateUserField($subuser, "password", md5($newpass));
                $_SESSION['forgotpass'] = true;
             }
             /* Email failure, do not change password */
             else{
                $_SESSION['forgotpass'] = false;
             }
          }
          
          header("Location: ".$session->referrer);
       }
       
       /**
        * procEditAccount - Attempts to edit the user's account
        * information, including the password, which must be verified
        * before a change is made.
        */
       function procEditAccount(){
          global $session, $form;
          /* Account edit attempt */
          $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']);

          /* Account edit successful */
          if($retval){
             $_SESSION['useredit'] = true;
             header("Location: ".$session->referrer);
          }
          /* Error found with form */
          else{
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
       }
    };

    /* Initialize process */
    $process = new Process;

    ?>
    there it goes not such complete but i need help pls?
    were cud i have to insert that temporary password huhuu!
     
  4. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,276
    Likes Received:
    364
    Trophy Points:
    83
    Random password can be generated using the code there.
     
  5. dhie

    dhie New Member

    Joined:
    Feb 16, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    were can you give the sample or where could i include it?
     
  6. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,276
    Likes Received:
    364
    Trophy Points:
    83
    Sample is in the article. Read it.
     
  7. gkumar

    gkumar New Member

    Joined:
    Jun 16, 2009
    Messages:
    58
    Likes Received:
    5
    Trophy Points:
    0
    >he would go to a specific page that has the temporary password.
    >The user can only use it once.
    >
    >This temporary password would allow the client to download 1 or 2 demos.
    >
    >Once the client has download or even used his temp password it is not
    >accesible again.
    >
    >The client also wants to be able to have stats on which of his users/clients has used the
    >temporary password.


    This sounds like a perfect situation for .htpasswd. You could create a random password (using for favorite backend), and then add a password entry to the file. Once the download has been performed (or, the user clicks a logout button) -- you can then perform the housekeeping functions (logging, deleting of password, etc.). You could then either with the logout page, create a new random password, or using a cron job create one.

    Another approach would be to use a database. A table that has the directory name, associated password, expire/used date/flag, and a client ID. Then using say ASP or PHP or CFML, you could query the database (using the date/flag), and grab the password that is requried for the requested page. Then you could by sending authentication headers, have the browser popup the username/password dialog box. Once the session is over (ie, the download has been completed), you could set the flag to expired/used. Then, to create your reports, you would just query by clientID where expired is true -- and the database would spit back all the directories that have been accessed for a certain client.

    The generating of random password always seems to start a holy war as to the best method. I would suggest creating an array of common short words (cat,dog,pet,home,etc.). Then, a random password could be generated by any of the following methods :

    (*) Randomly access the array for two or more words, randomly changing the case (which would result in something like cAthOme)
    (*) Pad a random number to the front and tail ends of a random word from the array (which would result in something like 3334cathome45)
    (*) Reverse the words + number combination (54emoh43), etc.

    >
    >Is it feasible/doable?
    >If so how would I go about doing it?

    If you are comfortable with PHP, there is an excellent tutorial[1] that shows you how to perform authenticaion using PHP by various methods (including database, .htpasswd, flat file, and hard coding). It would be very easy to adapt it to this situation.

    Just a few ideas to get you going
     
    shabbir likes this.

Share This Page