close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

 
WebAssist ForumsData BridgeUniversal Email › Help using UE with lost password
Sign in to rate this thread
rating

Help using UE with lost password

Thread begun 9/07/2009 2:41 pm by prandjr269386 | Last modified 9/10/2009 11:09 am by Jason Byrnes | 3061 views | 5 replies |

9/07/2009 2:41 pm  |  #1 prandjr269386

Help using UE with lost password

I have a lost pwd page that sends only the first entry in the database. That is, no matter what name I test from the database, it only sends the username and password from the first record. I am using UE306 and DW CS4.
On my lost pwd page, I have a recordset that sets the filter as user_id = URL Parameter and user_id.
In UE I have the to: field set to the email address entered in the lost pwd form.
For the lost pwd information sent to the email address, I am getting the username and password from the recordset (yet it's always from the first entry). Any ideas, or any other information needed?

Sign in to reply to this post

9/07/2009 10:51 pm  |  #2 anonymous

Could you post the code on your page that queries the database and then sends the code? Probably give us the entire page and we can all get a look at it and give some advice from there.

Cheers,

Brian

Sign in to reply to this post

9/08/2009 4:08 pm  |  #3 prandjr269386

LostPassword page:

<?php require_once('../Connections/conn_school.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_rs_lostpwd = "-1";
if (isset($_GET['user_id'])) {
  $colname_rs_lostpwd = $_GET['user_id'];
}
mysql_select_db($database_conn_school, $conn_school);
$query_rs_lostpwd = sprintf("SELECT * FROM tbl_users WHERE user_id = %s", GetSQLValueString($colname_rs_lostpwd, "int"));
$rs_lostpwd = mysql_query($query_rs_lostpwd, $conn_school) or die(mysql_error());
$row_rs_lostpwd = mysql_fetch_assoc($rs_lostpwd);
$totalRows_rs_lostpwd = mysql_num_rows($rs_lostpwd);

mysql_select_db($database_conn_school, $conn_school);
$query_rs_lostpwd = "SELECT * FROM tbl_users";
$rs_lostpwd = mysql_query($query_rs_lostpwd, $conn_school) or die(mysql_error());
$row_rs_lostpwd = mysql_fetch_assoc($rs_lostpwd);
?>
<?php require_once("../WA_Universal_Email/mail_PHP.php"); ?>
<?php require_once("../WA_Universal_Email/MailFormatting_PHP.php"); ?>
<?php
if ((isset($_POST["SendPWD"])))     {
  //WA Universal Email object="mail"
  //Send Loop Once Per Entry
  $RecipientEmail = "".((isset($_POST["EmailAddress"]))?$_POST["EmailAddress"]:"")  ."";include("../WA_Universal_Email/WAUE_lost_password_1.php");

  //Send Mail All Entries
  if ("lost_password_sent.php"!="")     {
    header("Location: lost_password_sent.php");
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PVJA Home</title>
<style type="text/css">
<!--
body {
	background-color: #7D7D7D;
}

PV-Font {
	font-family: Verdana, Geneva, sans-serif;
	font-size: 16px;
	font-weight: bold;
	color: #E83A00;
}
#Outer tr td table tr td #CenterBody tr td p {
	font-family: "Comic Sans MS", cursive;
	font-size: 14px;
	color: #C51230;
}
#Outer {
	background-color: #FFF;
	font-size: 16px;
	font-family: Verdana, Geneva, sans-serif;
	color: #C51230;
	font-weight: bold;
}
-->
</style>
<script type="text/javascript" src="../p7pm/p7popmenu.js"></script>
<style type="text/css" media="screen">
<!--
@import url("../p7pm/p7pmh4.css");
PV-Font {
	font-family: Verdana, Geneva, sans-serif;
}
.red {
	color: #C51230;
}
.prs2_style {	font-weight: bold;
	color: #00008c;
	font-size: 14px;
}
.style8 {	font-size: 12px;
	color: #00008C;
	font-weight: bold;
}
.prs3_style {font-family: Georgia, "Times New Roman", Times, serif;
	font-size: 14px;
	font-weight: bold;
	color: #000093;
}
-->
</style>
</head>

<body onload="P7_initPM(1,4,1,-20,10)">
<table width="750" align="center" cellpadding="0" id="Outer">
  <tr>
    <td><table width="750" border="0" cellpadding="0">
      <tr>
        <td colspan="4"><h1>KY School Site<br />
        </h1></td>
        <td width="85">&nbsp;</td>
      </tr>
      <tr>
        <td width="158">&nbsp;</td>
        <td width="158">&nbsp;</td>
        <td width="188">&nbsp;</td>
        <td width="149">&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td colspan="5"><table width="751" border="0" align="center" cellpadding="0">
          <tr>
            <td width="769"><ul id="p7PMnav">
              <li><a href="../aboutus.php">About Us</a></li>
              <li><a href="#" class="p7PMtrg">Calendar</a>
                <ul>
                  <li><a href="#">Link 2.1</a></li>
                  <li><a href="#" class="p7PMtrg">Link 2.2</a>
                    <ul>
                      <li><a href="#">Link 2.2.1</a></li>
                      <li><a href="#">Link 2.2.2</a></li>
                      <li><a href="#">Link 2.2.3</a></li>
                    </ul>
                  </li>
                  <li><a href="#">Link 2.3</a></li>
                </ul>
              </li>
              <li><a href="#" class="p7PMtrg">News</a>
                <ul>
                  <li><a href="#">Link 3.1</a></li>
                  <li><a href="#">Link 3.2</a></li>
                  <li><a href="#">Link 3.3</a></li>
                </ul>
              </li>
              <li><a href="#">Handbook</a></li>
              <li><a href="../application.php">Application</a></li>
              <li><a href="../contactus.php">Contact Us</a></li>
              <!--[if lte IE 6]><style>#p7PMnav a{height:1em;}#p7PMnav li{height:1em;}#p7PMnav ul li{float:left;clear:both;width:100%}</style><![endif]-->
              <!--[if IE 6]><style>#p7PMnav ul li{clear:none;}</style><![endif]-->
              <!--[if IE 7]><style>#p7PMnav a{zoom:100%;}#p7PMnav ul li{float:left;clear:both;width:100%;}</style><![endif]-->
            </ul></td>
          </tr>
        </table></td>
        </tr>
      <tr>
        <td colspan="5"><table width="850" border="1" align="center" cellpadding="0" id="CenterBody">
          <tr>
            <td width="140"><p class="red"><a href="../index.php">HOME</a></p>
              <p>To Login<br />
                Click <span class="red"><a href="login.php">HERE</a></span></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
              <p>&nbsp;</p>
<p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p></td>
            <td width="554"><div align="center">
              <table width="550" border="0" cellpadding="0">
                <tr>
                  <td><h1 align="center">Lost Password</h1></td>
                </tr>
                <tr>
                  <td>&nbsp;</td>
                </tr>
                <tr>
                  <td><form id="frm_login" name="frm_login" method="POST">
                    <table width="95%" border="1" align="center" cellpadding="0">
                      <tr>
                        <td colspan="2"><div align="center"><span class="prs3_style">If you have forgotten your 
                          password, please enter the email address you used to register 
                          in the text box below. Your user name and password 
                          information 
                          
                          will be  
                          e-mailed to that email address.</span></div></td>
                        </tr>
                      <tr>
                        <td colspan="2">&nbsp;</td>
                        </tr>
                      <tr>
                        <td width="29%">Email Address</td>
                        <td width="71%"><input name="EmailAddress" type="text" id="EmailAddress" size="60" /></td>
                      </tr>
                      <tr>
                        <td>&nbsp;</td>
                        <td>&nbsp;</td>
                      </tr>
                      <tr>
                        <td>&nbsp;</td>
                        <td><input type="submit" name="SendPWD" id="SendPWD" value="Send my login information" /></td>
                      </tr>
                    </table>
                  </form></td>
                </tr>
                <tr>
                  <td>
                    <div align="center">&nbsp;</div></td>
                </tr>
                <tr>
                  <td><div align="center"></div></td>
                </tr>
              </table>
              <h1>&nbsp;</h1>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
              <p>&nbsp;</p>
            </div>
              <p>&nbsp;</p>
<p>&nbsp;</p>
              <p>&nbsp;</p>
              <p></p></td>
            <td width="140">&nbsp;</td>
          </tr>
        </table>          <p>&nbsp;</p></td>
        </tr>
      <tr>
        <td colspan="5">&nbsp;</td>
        </tr>
    </table>
      <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p></td>
  </tr>
</table>
</body>
</html>
<?php
mysql_free_result($rs_lostpwd);
?>
Sign in to reply to this post

9/08/2009 4:28 pm  |  #4 Eric Mittman

The code that you have here looks like it should be selecting the record for the user where the id matches the $_GET['user_id'] value. This is not very secure though as a user could edit the id to be whatever they would like.

Also, when your form post this value will no longer be present, you have the form set like this:

<form id="frm_login" name="frm_login" method="POST">

So your get value will not exist once the form has been posted. The better way to do this is to query the user table based on the entered email address, then send the users details to that address they entered. This way a users details will only be sent to the email address on file for that user.

Sign in to reply to this post

9/09/2009 4:55 pm  |  #5 prandjr269386

Originally Said By: Eric Mittman
  The code that you have here looks like it should be selecting the record for the user where the id matches the $_GET['user_id'] value. This is not very secure though as a user could edit the id to be whatever they would like.  



So, how do I fix this?


Originally Said By: Eric Mittman
  The better way to do this is to query the user table based on the entered email address, then send the users details to that address they entered. This way a users details will only be sent to the email address on file for that user.  



Can this be done in DW and/or WAUE? If so, how? If not, how to fix?

Sign in to reply to this post

9/10/2009 11:09 am  |  #6 Jason ByrnesWebAssist

Change the way the recordset is filtered.

Instead of Filtering the user_id column on the user_id querystring variable, filter the emailAddress column on the EmailAddress Form element.


Double click the recordset in the Server behaviors list In simple View, edit the filtering options select the emailAddress Column, set the filter type to form Element, and type the name of the form element "EmailAddress"

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Everything else!

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

go to page top
Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...