close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

SA email PW not sending

Thread began 10/23/2009 11:48 am by rog4679 | Last modified 10/26/2009 4:46 pm by Jason Byrnes | 4199 views | 13 replies |

rog4679

SA email PW not sending

I created the login, registration, emalPW, logout and profile using security assist.

The pages work great. Then, changed my database table to use the Webassist tables - 'visitors' and 'groups'.

I then recreated the above forms using the new tables. I'm testing the forms and I can log in and go to my profile page. I am able to update my profile. I then log out and re-login using the incorrect user/pass and get redirected to the emailPW page - all correct. Then enter my correct email address (recognized in login) and never receive an email with a new password.

When changing the WA tables to 'visitors' and 'groups', I gained the fields 'userLever' and 'userName'. I purposely did not use encryption and did not restrict any pages to rule out any session/access errors.

I've read the code and all the php.mailer and helper and form script. All looks good.

Any settings I'm missing with the new tables? Thanks in advance, Kathi

Sign in to reply to this post

Jason ByrnesWebAssist

Did you have the Email Password page working before?

Please send a copy of the email password page so I can look at the code.

Sign in to reply to this post

anonymous

Could it be something simple like your email is going into a spam box without you seeing it?

Maybe try it with a second email address to confirm if it really is an email sending issue instead of a receive issue.

Cheers,

Brian

Sign in to reply to this post

rog4679

Improvements - another small issue

Thank you Jason and SOJO for replying.

I didn't check that the email was sending before adding encryption and the 'change password' form. Upon recreating the forms, I found the problem and emailPW would send.

Now, I have a new small problem with the encrypted 'emailPW' and 'change password' forms.

1)From Profile page, there's a link to Change Password page.
2)The new password is accepted.
3)I logout
4)Log in with new password and get redirected to EmailPW.
5)Enter my email address and send.
6)Receive the new password.
7)Unable to log in using new password (some 40 chars?)

EmailPW form has the same issue as above from Log In page. All my forms have a 40 char password field - same as DB.

Another small issue -
The Registration form is allowing me to register duplicate users. For a duplicate user, I don't receive an email password by either 'change password' and EmailPW forms.

I'm using the email address as the username. I can login, change profile, logout. Then login using wrong - get redirected to EMailPW, get email with new pass - new pass doesn't work.

Here's some code. Sorry for the length. Thanks in advance - Kathi

<?php require_once("../WA_SecurityAssist/WA_SHA1Encryption.php"); ?>
<?php
require_once("../WA_SecurityAssist/WA_RandomPassword.php");
?>
<?php require_once('../Connections/members.php');?>
<?php require_once('../Connections/members.php');?>
<?php require_once("../WA_DataAssist/WA_AppBuilder_PHP.php"); ?>
<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" );
?>
<?php
if (!session_id()) session_start();
if(isset($_POST["Send_x"])) {
$_SESSION["NewPW"] = "".WA_RandomPassword(9, true, true, true, "") ."";
}?>
<?php
// WA Application Builder Update
if (isset($_POST["Send_x"])) // Trigger
{
$WA_connection = $members;
$WA_table = "visitors";
$WA_redirectURL = "";
$WA_keepQueryString = false;
$WA_indexField = "VisitorEmail";
$WA_fieldNamesStr = "VisitorPassword";
$WA_fieldValuesStr = "".WA_SHA1Encryption($_SESSION['NewPW']) ."";
$WA_columnTypesStr = "',none,''";
$WA_comparisonStr = "=";
$WA_fieldNames = explode("|", $WA_fieldNamesStr);
$WA_fieldValues = explode("|", $WA_fieldValuesStr);
$WA_columns = explode("|", $WA_columnTypesStr);

$WA_where_fieldValuesStr = "".((isset($_POST["emailAddress"]))?$_POST["emailAddress"]:"") ."";
$WA_where_columnTypesStr = "',none,''";
$WA_where_comparisonStr = "=";
$WA_where_fieldNames = explode("|", $WA_indexField);
$WA_where_fieldValues = explode("|", $WA_where_fieldValuesStr);
$WA_where_columns = explode("|", $WA_where_columnTypesStr);
$WA_where_comparisons = explode("|", $WA_where_comparisonStr);

$WA_connectionDB = $database_members;
mysql_select_db($WA_connectionDB, $WA_connection);
if (!session_id()) session_start();
$updateParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);
$WhereObj = WA_AB_generateWhereClause($WA_where_fieldNames, $WA_where_columns, $WA_where_fieldValues, $WA_where_comparisons );
$WA_Sql = "UPDATE `" . $WA_table . "` SET " . $updateParamsObj->WA_setValues . " WHERE " . $WhereObj->sqlWhereClause . "";
$MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());
if ($WA_redirectURL != "") {
if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {
$WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_redirectURL);
}
}
?>
<?php

function WA_SecurityAssist_Email_1_SendMail($WA_Auth_Parameter){
$WA_MailObject = WA_SecurityAssist_Definition("smtp.verdevalley4wheelers.com","25","admin@verdevalley4wheelers.com","","","");
$WA_MailObject = WA_SecurityAssist_SendMail($WA_MailObject,"","","",$WA_Auth_Parameter["toAddress"],"",$WA_Auth_Parameter["fromAddress"],$WA_Auth_Parameter["subject"],$WA_Auth_Parameter["mailBody"]);
$WA_MailObject = null;
}// WA_SecurityAssist_Email_1_SendMail

function WA_SecurityAssist_Email_2_SendMail($WA_Auth_Parameter){
$WA_MailObject = WA_SecurityAssist_Definition("smtp.verdevalley4wheelers.com","25","admin@verdevalley4wheelers.com","","","");
$WA_MailObject = WA_SecurityAssist_SendMail($WA_MailObject,"","","",$WA_Auth_Parameter["toAddress"],"",$WA_Auth_Parameter["fromAddress"],$WA_Auth_Parameter["subject"],$WA_Auth_Parameter["mailBody"]);
$WA_MailObject = null;
}// WA_SecurityAssist_Email_2_SendMail
?>
<?php
if(isset($_POST["Send_x"])){
//WA SecurityAssist Email object="Mail for Linux"
$WA_Auth_Parameter = array(
"connection" => $members,
"database" => $database_members,
"tableName" => "visitors",
"filterColumn" => "VisitorEmail",
"columnValue" => "".((isset($_POST["emailAddress"]))?$_POST["emailAddress"]:"") ."",
"columnType" => "text",
"usernameColumn" => "VisitorEmail",
"passwordColumn" => "VisitorPassword",
"selectColumns" => array(""),
"sessionVariables" => array(""),
"successRedirect" => "visitors_LogIn.php",
"failRedirect" => "visitors_EmailPW.php",
"keepQueryString" => TRUE,
"toAddressColumn" => "VisitorEmail",
"fromAddress" => "admin@verdevalley4wheelers.com",
"fromAddressDisplay" => "Administrator",
"subject" => "Your New Password",
"mailBody" => "User name: [VisitorEmail]\nPassword: [VisitorPassword]",
"emailFunction" => "WA_SecurityAssist_Email_1_SendMail"
);

WA_Auth_ForgotPassword($WA_Auth_Parameter);
}

if(isset($_POST["Send_x"])){
//WA SecurityAssist Email object="Mail for Linux"
$WA_Auth_Parameter = array(
"connection" => $members,
"database" => $database_members,
"tableName" => "visitors",
"filterColumn" => "VisitorEmail",
"columnValue" => "".((isset($_POST["emailAddress"]))?$_POST["emailAddress"]:"") ."",
"columnType" => "text",
"usernameColumn" => "VisitorEmail",
"passwordColumn" => "VisitorPassword",
"selectColumns" => array(""),
"sessionVariables" => array(""),
"successRedirect" => "visitors_LogIn.php",
"failRedirect" => "visitors_EmailPW.php",
"keepQueryString" => TRUE,
"toAddressColumn" => "VisitorEmail",
"fromAddress" => "admin@verdevalley4wheelers.com",
"fromAddressDisplay" => "Administrator",
"subject" => "Your New Password",
"mailBody" => "User name: [VisitorEmail]\nPassword: [VisitorPassword]",
"emailFunction" => "WA_SecurityAssist_Email_2_SendMail"
);

WA_Auth_ForgotPassword($WA_Auth_Parameter);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

_______________TEMPLATE_______________________________________

<div id="ForgotPWContainer" class="WAATK">
<form action="visitors_EmailPW.php" method="post" name="WAATKForgotPWForm" id="WAATKForgotPWForm">
<h1>Forgot Password</h1>
<table class="WAATKDataTable" cellpadding="0" cellspacing="0" border="0">
<tr>
<th>Email:</th>
<td><input type="text" name="emailAddress" /></td>
</tr>
</table>
<div class="WAATKButtonRow">
<input type="image" hspace="0" vspace="0" border="0" name="Send" id="Send" value="Send" alt="Send" src="../WA_SecurityAssist/images/Desert Spice/Modular_send.gif" />
</div>
</form>
</div>

Sign in to reply to this post

anonymous

rog,

That's because you are trying to send the password from the database itself - which you cannot do because that is the encrypted representation of the password.

Typically, sites that have encryption go about emailing the password a different way. With a site that uses encryption, you actually want to generate a brand new password - then send it to the user with a note that they can log in with the new password and then change it to whatever they like and then you encrypt the newly generated password to store in the database (wither with SHA1 or MD5 depending on preference).

So on your email password page, you have someone enter their email - then you keep the lokup functionality to ensure there is a user with that email - then you could use Security Assist's random password generator and make like a 6 character random password. You would then create the universal email to go out with that new password. Next on your page would be a dataAssist single record update behavior to update the password of the user you just emailed. In the DataAssist wizard, you would go to the page where you assign values to the columns.... then select the password column and click the lightning bolt to add your randomly generated password from the session list... be sure to look down at the Format option - if you are using WebAssist's SHA1 encryption - you will then need to select the SHA1 formatting in the Format drop down to apply to your random password session variable.

Now when the person logs in, you must have the authentication check for encrypted passwords - which will compare the SHA1 formatted version of the password they enter to value that is stored in the database.

Brian

Sign in to reply to this post

rog4679

Was using DW ADDT now WA SA/DA/UE

Brian - thanks for responding so quickly. I need some more information.

There is no instructions/tutorial? Do will I start over or edit?

If I'm editing, I have duplicate code on my page (no problem)?

Can I delete code and add code as follows -
1)From EmailPW add SA authenticate user behavior.
2)Remove the send email code (repeated 3x), because the send email password behavior - 'lookup column and dynamic lookup value' - doesn't authenticate a user or send an email with an encrypted password.
3) Create new SA random password behavior and apply this in the UE attachments tab under 'entered value' field dynamically with an SHA1 type.
4)Go to the registration page where I assign the initial password value and change the code from *<?php echo WA_SHA1Encryption(((isset($_POST["VisitorPassword"]))?$_POST["VisitorPassword"]:"")); ?> *
to
*<?php echo $_SESSION['NewPW']; ?>* which applies the code from the EmailPW page - *<?php echo WA_RandomPassword(9, true, true, true, ""); ?>* .

5)Go to the LogIn page and change the code -
*<?php echo WA_SHA1Encryption(((isset($_POST["userpassword"]))?$_POST["userpassword"]:"")); ?>*
to
*<?php echo WA_SHA1Encryption($_SESSION['NewPW']); ?>* which applies the code from the EmailPW page - *<?php echo WA_RandomPassword(9, true, true, true, ""); ?>*

Thanks again - rog

Sign in to reply to this post

anonymous

rog,

No problem... the way I do things may be a little weird at first because I have learned a way that works for me but most of my ideas actually came from WebAssist's tutorials in the Security Assist support files.

Check them out here: securityassist/

Then click on Solution Recipes.

Then watch the videos. Start with the introduction and go through Updating Send Password". Those 7 videos focus specifically on creating a user registration system / account manager / new password page - all with encryption. You may want to start over and follow along exactly or just watch it and then see where to edit your existing stuff. If you get stuck somewhere, just holler. I'll be here.

I would watch them all the way through once so you get the general idea and then go back and choose the parts you need when you want to follow along step by step.

Cheers,

Brian

Sign in to reply to this post

rog4679

Form Requirements

Hi Brian-

The pages I created are built by the seven videos and this is my fourth attempt.

I posted my code from My Email PW form so that you could tell me what's missing.

Your reply told me that the random password code needs to exist in several specific areas. The differences between the videos and your instruction are possibly huge. For one there's no mention of Universal email in the videos. There's no mention of the random password on pages where they populate fields with a field from a WAATK forgot password form.

My response asked specifically where the code needs to exist, because after creating these forms several times, I know that using the videos is not going to add random pass code where you mention it's missing.

I don't want to make this harder than it's meant to be.

My site needs two capabilities -
Let members login and have access to protected pages.
Let members use an email form to send the entire club an email.
That's it.

I've purchased the entire WA Super Suite and over the past two weeks started to create the forms necessary for the above site capabilities. I'm no where and I'm the only person with code missing specific to the video tutorial. I thought my code is something you see everyday and know exactly how to instruct me differently.

Please just tell me how to -
Let members login and have access to protected pages.
Let members use an email form to send the entire club an email.

Thaks, Kathi

ps. if the code from my EmailPW doesn't tell you what's missing in the videos, here's my step by step overview showing missing random password and Universal email instructions -

Video 2)Using SA wizzard, I built the four forms and tested the pages. Everything is fine.
Video 3)Upadate SA Auth User behavior and encrypt the password field to SHA1. (There's no mention of a random password or where it applies in this video. Is that correct?)

Video 4)Update registration page. Remove insert record behavior and replace the behavior with DA insert record behavior - step 1 - apply sessions. Step 2 - applying dynamic fields from the WAATK registration form and check SHA1 in the password field. Create a hidden field MM_insert next to post button.

Still no mention of random password.

Video 5)Modify user profile page by adding a hidden form field as text 'change password' linking to another page.

Video 6)Creating a new password page. Add the behavior DA update record. Step1-under Record; Key column is UserID and the value is session userID. Step 2-update options, select UserPassword field and in the dynamic value field select password field from the form you're now creating Change the format to SHA1.

Still no mention of random password.

Video 7)Modify EmailPW page.
step1 - Add binding SA random password named newPW.
step2 - Add server behavior WA cookies toolkit session name newPW and value is dynamic random password.
step3 - Add DA update record behavior. Under Record area - Update Key 'user email' and value 'dynamic value from WAATKforgotPWform 'email address'. Next in the update record form, select the userpassword field and change the dynamic value to session NewPW and format SHA1.
step4 - add SA Email Password. Setup server info. Next, set lookup field to UserEmail, lookup value to dynamic WAATK Forgot password 'email address'. and remaining form fields are exactly as the displayed in video instructions.

Sign in to reply to this post

rog4679

What's Happening? Help Anyone?

I'm reading other threads with the same issues.

I've downloaded the SA solution recipes and there's no EmailPW.php file. Why would the SA wizzard create a file you don't have in the solution recipes.

Where IS EmailPW.php?

Sign in to reply to this post

Office Guy-172461

Email would be a function of Universal Email. Many times the wizards create placeholder pages that you can complete manually or with other extensions if you own them.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...