PHP/MySQL: Using PHP to probe MySQL db and send an email automatically

Forum Moderators: coopster

Message Too Old, No Replies

PHP/MySQL: Using PHP to probe MySQL db and send an email automatically

jd80

7:01 am on Feb 14, 2004 (gmt 0)

Let's say you have a login feature on your site... and a user forgets their password which is stored along side their email address in a MySQL database. Is it possible to use PHP to automatically send the password to that email address upon request? If so, please provide a detailed solution. If not, can Java be used in some way to accomplish this?

justageek

11:59 am on Feb 14, 2004 (gmt 0)

Yes. It can be done.

Ask the user to enter their email address.

select password from your_db where email_address = 'their_address'

Use the mail() function to send the password to the email address.

JAG

RonPK

12:02 pm on Feb 14, 2004 (gmt 0)

[never mind, justageek already said it all]

coopster

4:19 pm on Feb 14, 2004 (gmt 0)

Welcome to WebmasterWorld, jd80!

Depending on the level of security you want implemented on your site, you may not want to store unencrypted passwords in your database. Another option would be to use the md5 [php.net] function on a new password and store it in a CHAR(32) field. Then, if a user forgets their password:

generate a new random password
set a flag to force them to change their password upon next login
email the plain text version of the password to the email account on record for that userid
encrypt the plain text version of the newly generated password
update their database record with the flag and the new encrypted password

Yes, it's a bit more work, but also a higher level of security.

jatar_k

7:44 pm on Feb 14, 2004 (gmt 0)

I always run exactly like coopster described. Leaves password management in the user's hands. Adds a higher level of trust and security.

It also isn't difficult, just a couple extra bits but many less headaches in the long run.

justageek

8:01 pm on Feb 14, 2004 (gmt 0)

Adds a higher level of trust and security.

Trust maybe. Security....not really....I don't think. If you send the original password anyone who reads the email can get in. If you send a new password anyone who reads the email can get in. The whole assumption is that the person reading the email is the correct person. Or am I missing something :-)

JAG

jatar_k

8:53 pm on Feb 14, 2004 (gmt 0)

at some point you have to make an assumption that the person is who they say they are and pass off some of the security to the users themselves.

I can't secure their email account or make sure their isp is secure or their cpu itself for that matter.

I can make sure that my systems are secure and that no passwords are stored in my system that will compromise anything. If I can't read their password then no one else can either.

justageek

8:57 pm on Feb 14, 2004 (gmt 0)

If I can't read their password then no one else can either.

I understand the part about having the password encrypted in the db but I don't understand the part about sending the old password versus a new password in an email.

JAG

jatar_k

9:05 pm on Feb 14, 2004 (gmt 0)

I don't completely get what you mean.

We regen a new random pass and send it to them. The old pass is unavailable since it is stored as MD5.

justageek

9:38 pm on Feb 14, 2004 (gmt 0)

If the old password was '123' and the new one is 'abc' then the email has 'abc' in it and anyone who reads it can log into the account. That's the part I don't understand the value in I guess.

JAG

jatar_k

9:43 pm on Feb 14, 2004 (gmt 0)

if the email is hijacked sure, any ideas how better to do it? at some point there is always a chance.

There is no such thing as 100% secure, too many variables which can not be controlled by a single party.

justageek

9:54 pm on Feb 14, 2004 (gmt 0)

Nope. No ideas :-(

I just wanted to make sure I wasn't totally missing something in my thinking. I've always implemented the lost passwords as just sending the email out with the original. I always keep them encrypted in the db of course but just didn't see the need to destroy the original one.

JAG

jatar_k

6:54 pm on Feb 15, 2004 (gmt 0)

The thing is that once I have MD5 [ca2.php.net]'d the original I can't even send it to them.

justageek

7:57 pm on Feb 15, 2004 (gmt 0)

The thing is that once I have MD5'd the original I can't even send it to them.

This is true for the 4500+ machines I control that are directly on the Internet for me as well. I also have a couple in a different datacenter that are not directly connected that store other sensative and I keep secured by other means. Those don't have the same software security because it's not needed and serve different functions than the direct connect ones.

I do forget sometimes that most people run all their machines directly connected in which case you are absolutely correct :-)

JAG