18 replies to this topic

[Cris D.]

1) Does anyone have an "Email me a new password snippet" or something similar which is already working for front or back end?

Otherwise...
2) If I was going to write this, My brief would be:

• Provide a "Forgotten Password" link for those who know they have forgotten it.
  
• Enter username, if incorrect 3 times, redirect to a link asking if a new password is required to be emailed.
  
• On click, SELECT from etomite_user_attributes 'email'.
  
• Generate Random Etomite Password,
  
• Send via sendmail() new password to email.
  
• Update record of etomite_manager_users UNIQUE 'username' where 'password' with 'newpassword'.
  
• Update record of etomite_user_attributes where id= etomite_manager_users['internalKey'],

On New Password submitted and == newpassword...

• Update record of etomite_user_attributes blocked=0, blockeduntil=0, failedlogins=0,
  
• runsnippet->authenticate_visitor

Have I missed anything important?

[Ralph]

I have at least one or two kicking around that are for maintenance purposes only, not for use on an actual site... In fact, I just stumbled across the printout of the code for one last night while cleaning off my bedside table - where all of my code listing end up after they fall on my face when I fall asleep... I can dig around and send you the code so you have something to work from if you like...

[Jelmer]

I wrote one myself:  lostpassword.txt   8.48K   13 downloads

[Ralph]

Jelmer, on Aug 17 2007, 09:23 AM, said:

I wrote one myself: lostpassword.txt

Here is the English translation of the other block of text in the snippet... It does, of course, require some editing for proper informational and grammatical purposes...

$output .= "<p>With this form you can request a new guard word for AmsterdamBrass.nl. fill you user name (pay attention to capital letters) and the e-mail address which at our is confessed (where you receive communications) and types the security code from the blade concerning. You new guard word is then sent to your e-mail address.</p>";

Better English wording, as well as automatic site name insertion by utilizing the [(site_name)] tag...

$output .= "<p>With this form you can request a new password for [(site_name)]. Fill in your user name (case sensitive), the e-mail address assigned to this account, and enter the security code displayed. Your new password will be sent to you by e-mail.</p>";

[Jelmer]

I can ensure you that I did not write that block. My english is better than that
Copyright Babelfish I presume Ralph?

[Ralph]

Jelmer, on Aug 17 2007, 09:52 AM, said:

I can ensure you that I did not write that block. My english is better than that
Copyright Babelfish I presume Ralph?

Yes, I used the first site that pulled up when Googling "translation"... My doctored up version is much better...

One possible addition to this snippet, which I have tested, would be to allow the existing password to be re-sent as an alternative to having to receive a new password... I know this could be difficult considering how Etomite doesn't store a textual copy of the password, only an MD5 hash... Other than that, the snippet works great...

[Ralph]

There is actually a minor flaw in the code logic for this snippet... I am currently working on a solution... Well, more than a solution...

Anyway, the logic problem relates to how the user_attributes record is queried... The WHERE clause should actually be $where="internalKey=\"".$userData[0]['id']."\"", as internalKey is the true relational field in all tables other than in manager_users... Although the current clause might work in most circumstances there is definitely a possibility that the clause could cause an undue query failure...

As a hint to what I am working on, I am playing with the idea of using a single query to grab the username and email which will reduce the amount of code and speed the overall snippet... Hackety Hack...

[Jelmer]

If you can come up with a solution to decrypt a MD5 hash, I'm your man to put it inside my snippet

[Cris D.]

If anyone is re-writing this snippet, you might like to take a look at the captcha code logic too.
Captcha is set to 1 by default, also if it is set to 0 it still shows the captcha text entry and tries to validate it, I had to do a lot of hacking to get captcha removed from the snippet entirely. Other than that, it works great, Thanks Jelmer Saved me quite a few hours work!

[Ralph]

As an exercise in programming I am doing a rewrite to see how compact I can make the code... Like I don't have better things to do with my time, right... Call it rest and relaxation... Yeah, I know, I'm sick...

[Ralph]

Okay, here is my extensively modified version of the snippet that Jelmer provided... It has undergone major modifications and only marginally resembles his original code... Like I said, "Hackety Hack"... I converted the code in so many ways that I'll leave it up to anyone interested to compare the two to see the differences... One item that I fixed was to insure that all fields are filled in to avoid a query error... Other than that I mainly converted the code to use more API functions, system configuration data, and a single query to gather user information instead of two... The code is well documented for learning purposes... Once fully field tested I will submit it into the Snippet Library...

Attached Files

•  RequestNewPassword.php   7.7K   14 downloads

[Jelmer]

Thanx Ralph, I saw some room for improvement myself when I posted, but your modifications only prove that you're coder and I'm a banker

[Ralph]

Jelmer, on Aug 20 2007, 12:02 PM, said:

Thanx Ralph, I saw some room for improvement myself when I posted, but your modifications only prove that you're coder and I'm a banker

Your coding is fine, Jelmer... I just know a few more Etomite API tricks and like demonstrating how they can be used in specific situations... Making use of what is already available helps keep code compact and more maintainable, which is one of the benefits Etomite provides... I actually made some heavy modifications to the code I was going to submit this morning... I had a brain-storm and decided to use the existing email fields already stored in the Etomite configuration, which eliminated quite a few lines of pre-existing code... I could probably nitpick my own code for weeks, and sometimes do, without really adding any performance value...

[Cris D.]

Error on install...

Quote

Parse error: syntax error, unexpected '(', expecting '}' in blah/blah/index.php(506) : eval()'d code on line 190

<td>{$etomite->getCaptchaCode()}

This works...
Set $etomite->getCaptchaCode() as a variable before the form.

$captchaCode=$etomite->getCaptchaCode();

<td>{$captchaCode}

Also, When I test it I get the error:

Quote

All data fields are required in order to complete your request.

and it does not send off.

Quote

I could probably nitpick my own code for weeks, and sometimes do, without really adding any performance value...

I don't mean to nit pick, but getting it working would add performance value.

Edited by Cris D., 21 August 2007 - 03:29 AM.

[Ralph]

Cris D., on Aug 20 2007, 11:05 PM, said:

I don't mean to nit pick, but getting it working would add performance value.

Very odd... The code works flawlessly as posted on my development server... What version of PHP is your server running...???

[Cris D.]

It's Cathode's server php 4.4.7

[Ralph]

I stand corrected... I had made a small change, accidentally, during final testing which broke the code... A simple fix, however... Just change line 86 to read as listed below... I have changed the posted code to reflect this fix... I apologize for the inconvenience...

if(isset($retrieveLostPassword_submit) && isset($username) && isset($email))

[Cris D.]

Quote

I apologize for the inconvenience...

Ralph, you don't dare apologize. For the amount or time effort and energy you put into Etomite, if you slip up occasionally us mere mortals can just get over it.
If anyone has a problem with any of your work, just send em to me.. #\ /`

PS. It works great. (I was having a problem because I was using the same email address for my admin account and the test account (so I didn't have to re-set my password). Turns out it looks for a unique email, therefore, my practice of just sticking in my email address for users I don't know the email of has got to stop!

Edited by Cris D., 21 August 2007 - 04:21 AM.

[cathode]

Cris D., on Aug 21 2007, 12:21 AM, said:

Ralph, you don't dare apologize. For the amount or time effort and energy you put into Etomite, if you slip up occasionally us mere mortals can just get over it.
If anyone has a problem with any of your work, just send em to me.. #\ /`

PS. It works great. (I was having a problem because I was using the same email address for my admin account and the test account (so I didn't have to re-set my password). Turns out it looks for a unique email, therefore, my practice of just sticking in my email address for users I don't know the email of has got to stop!

Agreed, Ralph deserves a few mistakes

A really neat snippet. A must for sites using front-end authentication...