Lost Password Recovery WITHOUT username

Your code modifications and patches you want to share with others.
draculinos
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 116
Joined: Fri Jul 21, 2006 12:22 pm
Contact:

Re: Lost Password Recovery WITHOUT username

Post by draculinos » Thu Mar 29, 2007 10:42 am

Could you please post here the lines to hack because I have already hack this files for autologin and I cant replace them

Thanks

User avatar
GarlicBred
Joomla! Intern
Joomla! Intern
Posts: 86
Joined: Fri Dec 22, 2006 2:56 am
Location: Adelaide, Australia

Re: Lost Password Recovery WITHOUT username

Post by GarlicBred » Thu Mar 29, 2007 11:50 am

I think you will have to explain what you want a little better.

My guess is that you cannot figure out what to change in your files because the of changes you have made due to the autologin hack. Does that describe your situation?

That would be similar to the problem I had - I had several common hacks / mods so the suggested changes didnt match my code.

However I dont have the autologin hack, and I have no skill with php beyond basics, so I cant help, but maybe this will make it easier for someone else to help you.
The greater our command over language, the sharper are the tools with which we disect reality.

draculinos
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 116
Joined: Fri Jul 21, 2006 12:22 pm
Contact:

Re: Lost Password Recovery WITHOUT username

Post by draculinos » Thu Mar 29, 2007 11:54 am

No my friend I mean what changes you have made in the files you have in zip file so I will make it costum and not replace my files with your zip files.

You see I have already hack my files(due to have the autologin) so I need to add your changes to mine and not replace the files.

So I need you if you could please to post that code you have add ?

Thanks
Last edited by draculinos on Thu Mar 29, 2007 3:38 pm, edited 1 time in total.

User avatar
greenhil
Joomla! Intern
Joomla! Intern
Posts: 82
Joined: Tue Sep 26, 2006 10:06 pm
Location: Atlanta
Contact:

Re: Lost Password Recovery WITHOUT username

Post by greenhil » Tue Apr 17, 2007 2:26 pm

ditto to all the other accolades. just perfect.

j

[url=http://http:www.godekalb.com]http:www.godekalb.com[/url]
Jonathan

zs
Joomla! Apprentice
Joomla! Apprentice
Posts: 44
Joined: Fri Sep 08, 2006 1:42 pm

Re: Lost Password Recovery WITHOUT username

Post by zs » Thu Oct 18, 2007 1:17 pm

Any update to this for 1.0.13?
Zev

mazze
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Oct 26, 2007 6:52 am

Re: Lost Password Recovery WITHOUT username

Post by mazze » Fri Oct 26, 2007 7:09 am

when i get the the email:
The User account admin has this e-mail associated with it.

You habe requested a new password?

If so click here:
https://www.xxxx.de/xxxx/index.php?opti ... 18f61a99a4

If this was an error just ignore this email

NOTE: This email was automatically generated from Dekanat (https://www.xxxx.de/xxxx).
and click on the URL i get a blank white Site!!! and no new password will be sent.
Any idea????

Toffe
Joomla! Intern
Joomla! Intern
Posts: 52
Joined: Sat Mar 11, 2006 11:55 pm

Re: Lost Password Recovery WITHOUT username

Post by Toffe » Mon Jan 07, 2008 10:14 pm

Anyy ideas how to do this for CB 1.1?

terinea
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon Jan 28, 2008 6:34 pm
Location: Edinburgh
Contact:

Re: Lost Password Recovery WITHOUT username

Post by terinea » Mon Jan 28, 2008 6:53 pm

Any easy way to reset the password.

http://www.teachmejoomla.net/joomla/mam ... sword.html
Jamie, Terinea IT Support Services Edinburgh
http://www.terinea.co.uk/
http://www.terinea.co.uk/blog/
Twitter @terinea

japh
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Mon Jul 03, 2006 9:58 pm

Re: Lost Password Recovery WITHOUT username

Post by japh » Tue Mar 04, 2008 3:55 pm

Hey all :) Long time no post ... ;)

Great post by king.lui ! Thx, that helped a lot trying to setup the 3-step password recovery on a Joomla 1.0.15 Stable + CB 1.1... with some tweaks :)

For all of you running this setup ( Joomla 1.0.15 Stable / CB 1.1 without the captcha plugin), here is my changed code, completely based on king.lui's code (and shamelessely stealing his instructions ;) ):

1. First you need a new text-field in your #_comprofiler table with name cb_pwdresetuuid
2. You need text-entries in your language.php:

Code: Select all

DEFINE('_RESETPASS_SUB','$_sitename :: Have you requested a new password?');
    DEFINE('_RESETPASS_SENT','Check your email!');
    DEFINE('_RESETPASS_ERR','Error! Please contact the support!');
    DEFINE('_RESETPASS_MSG','The User account $checkusername has this e-mail associated with it.\n\n'[code]
.'Have you requested a new password?\n\n'
.'If so click here:\n$mosConfig_live_site/index.php?option=com_comprofiler&task=sendNewPass&xid=$uuid \n\n'
.'If this was an error just ignore this email');[/code]

4. Comment out the username-field in comprofiler.html.php:

Code: Select all

    <? /* <tr>
          <td>< ?php echo _PROMPT_UNAME; ? ></td>
          <td><input type="text" name="checkusername" class="inputbox" size="40" maxlength="25" /></td>
        </tr> */ ?>

5. You must replace your function sendNewPass in your comprofiler.php:

Code: Select all

    function sendNewPass( $option ) {
       global $database, $Itemid, $ueConfig,$_PLUGINS;
       global $mosConfig_live_site, $mosConfig_sitename;
       global $mosConfig_mailfrom, $mosConfig_fromname;

       $_live_site = $mosConfig_live_site;
       $_sitename = "";

       $uuid = trim( mosGetParam( $_GET, 'xid', "") );
       if ($uuid) {
          $sql = "SELECT users.username, users.email, users.id
                FROM #__users AS users
                Inner Join #__comprofiler AS cb ON cb.user_id = users.id
                WHERE cb.cb_pwdresetuuid = '$uuid'";

          $database->setQuery($sql);
          $rows = $database->loadObjectList();
          if(count($rows)) {
             $userrow = $rows[0];
             $checkusername=$userrow->username;
             $user_id=$userrow->id;
             $confirmEmail=$userrow->email;

             $newpass = $newpass = cbMakeRandomString( 8, true );

             $message = _NEWPASS_MSG;
             eval ("\$message = \"$message\";");
             $subject = _NEWPASS_SUB;
             eval ("\$subject = \"$subject\";");

             $_PLUGINS->loadPluginGroup('user');
             $_PLUGINS->trigger( 'onBeforeNewPassword', array( $user_id, &$newpass, &$subject, &$message ));
             if ($_PLUGINS->is_errors()) {
                echo "<script type=\"text/javascript\">alert(\"".$_PLUGINS->getErrorMSG()."\"); window.history.go(-1); </script>\n";
                exit();
             }

             $cbNotification = new cbNotification();
             $res=$cbNotification->sendFromSystem($user_id,$subject,$message);

             if ($res) {
                $_PLUGINS->trigger( 'onNewPassword', array($user_id,$newpass));

                $newpass = md5( $newpass );
                $sql = "UPDATE #__users SET password='$newpass' WHERE id = " . (int) $user_id;
                $database->setQuery( $sql );
                if (!$database->query()) { die("SQL error" . $database->stderr(true)); }

                $sql = "UPDATE #__comprofiler SET cb_pwdresetuuid='' WHERE user_id = " . (int) $user_id;
                $database->setQuery( $sql );
                if (!$database->query()) { die("SQL error" . $database->stderr(true)); }

                echo '<div class="message">'._NEWPASS_SENT.'</div>';
              } else {
                echo '<div class="message">'._UE_NEWPASS_FAILED.'</div>';
             }

          }else{ // no count(rows)
             mosRedirect(sefRelToAbs("index.php?option=$option&task=lostPassword"),_RESETPASS_ERR );
          }
       } else { // no uuid

          // simple spoof check security
          cbSpoofCheck();

          $confirmEmail = trim( mosGetParam( $_POST, 'confirmEmail', '') );
          $database->setQuery( "SELECT id FROM #__users WHERE email='$confirmEmail'");
          $user_id = $database->loadResult();
          $database->setQuery( "SELECT username FROM #__users WHERE email='$confirmEmail'");
          $checkusername = $database->loadResult();

          if (!$user_id  || !$confirmEmail) {
             mosRedirect(sefRelToAbs("index.php?option=$option&task=lostPassword"),_ERROR_PASS );
          }

          // generate uuid and save it into the db
          $uuid = $user_id.uniqid("");
          $sql="UPDATE #__comprofiler SET cb_pwdresetuuid='$uuid' WHERE user_id=".(int) $user_id;
          $database->SetQuery($sql);
          $database->query();
          // email
          $message = _RESETPASS_MSG;
          eval ("\$message = \"$message\";");
          $subject = _RESETPASS_SUB;
          eval ("\$subject = \"$subject\";");

          $_PLUGINS->loadPluginGroup('user');
          $_PLUGINS->trigger( 'onBeforeNewPassword', array( $user_id, &$newpass, &$subject, &$message ));
          if ($_PLUGINS->is_errors()) {
             echo "<script type=\"text/javascript\">alert(\"".$_PLUGINS->getErrorMSG()."\"); window.history.go(-1); </script>\n";
             exit();
          }

          $cbNotification = new cbNotification();
          $res=$cbNotification->sendFromSystem($user_id,$subject,$message);

          mosRedirect(sefRelToAbs("index.php?option=$option&task=done".($Itemid ? "&Itemid=".$Itemid : "")),_RESETPASS_SENT );

       }

       if (!$user_id  || !$confirmEmail) {
          mosRedirect(sefRelToAbs("index.php?option=$option&task=lostPassword"),_ERROR_PASS );
       }

    }
That's all. Good luck ;)

And thanx again, king.lui, for the piece of code+instructions ;)

Regards,

ilumn8r
Joomla! Apprentice
Joomla! Apprentice
Posts: 35
Joined: Thu Jun 07, 2007 8:16 pm

Re: Lost Password Recovery WITHOUT username

Post by ilumn8r » Fri Apr 11, 2008 8:47 pm

In Joomla 1.5 they have addressed this problem, and actually added some additional functionality, it appears. The new "Lost Password" page reads:

Please enter the e-mail address for your account. A verification token will be sent to you.
Once you have received the token, you will be able to choose a new password for your account.

E-mail Address: [ ]

{Submit} (button)

Haven't tried this, to see what the "token" functionality is, but it sounds like a cool way to handle this.

User avatar
GarlicBred
Joomla! Intern
Joomla! Intern
Posts: 86
Joined: Fri Dec 22, 2006 2:56 am
Location: Adelaide, Australia

Re: Lost Password Recovery WITHOUT username

Post by GarlicBred » Fri Apr 11, 2008 11:36 pm

Yes... finally! It is wonderful news, something must have finally sunk in. I may be wrong, but I seem to recall the earlier versions of 1.5 didn't have it - I recall being very dissapointed when I discovered that, but now its very good.

Somehow I managed to miss ilumin8r's adaptation of the King's code - untill just now. And its been up for over a month! Thats fantastic - Many thanks. Now I can finally upgrade some of my older 1.0.12 sites.

Does anyone know if the password hack works with the newer CB?
(& Ive ditched SMF bridge hack now that FireBoard is looking so good - in case others dont know about it yet)
The greater our command over language, the sharper are the tools with which we disect reality.

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: Lost Password Recovery WITHOUT username

Post by crony » Thu Jun 12, 2008 10:46 am

Hello,

Can someone explains a way to do this hack with Joomla! 1.0.15 without CB ?

Thank you !
Enjoy J!

Mtif
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 212
Joined: Wed Nov 02, 2005 8:54 am
Location: London and Cork
Contact:

Re: Lost Password Recovery WITHOUT username

Post by Mtif » Sat Jun 14, 2008 12:09 pm

This is a brilliant hack, thanks to all who made it..

I followed the process as laid out above by japh - its great but has one small error.

The hack for the language file has

[ code ] [ /code ]


These should not be here. Delete them all alls well. :D

fokje
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Jul 11, 2008 4:23 pm

Re: Lost Password Recovery WITHOUT username

Post by fokje » Sun Jul 13, 2008 2:16 pm

in 1.0.14 Stable it works like a charm!

User avatar
curt
Joomla! Apprentice
Joomla! Apprentice
Posts: 46
Joined: Mon Apr 23, 2007 4:57 pm

Re: Lost Password Recovery WITHOUT username

Post by curt » Thu Aug 07, 2008 3:19 pm

In some (uncommon) cases, a user has multiple e-mail addresses, may not remember which e-mail address he used for registration but remembers the username.

It seems that there should be a hack for this situation, where the user enters only the username to reset the password. Does anybody know how to customize japhs' (king's) hack code to enable this?
Last edited by curt on Tue Aug 12, 2008 5:29 pm, edited 2 times in total.

targetiTonline
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Aug 11, 2008 5:42 pm

Re: Lost Password Recovery WITHOUT username

Post by targetiTonline » Mon Aug 11, 2008 5:49 pm

Straight and simple, exactly what I was looking for. Thank you!

net10debt
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Aug 11, 2008 5:41 pm

Re: Lost Password Recovery WITHOUT username

Post by net10debt » Mon Aug 11, 2008 5:52 pm

can you please clarify
paul
for all your debt solutions
http://www.net10debt.com

User avatar
eyelearn
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Sun Apr 13, 2008 5:17 am

Re: Lost Password Recovery WITHOUT username

Post by eyelearn » Thu Sep 18, 2008 6:01 am

king.lui wrote: That's all. Good luck  :)
I get a blank page now for both, login (after I hit "login") and "lost password" (as soon I click the link on the module).
Can this be because my new text entries in language.php are in a bad place?
Or may be it's the making of the new field in CB Field Management. It wasn't very clear to me. Here is an image of what I did.. I put cb_pwdresetuuid in contacts tab.. is that right?
http://i37.[removed].com/10xzrbm.jpg

Sry for being a noob but Im trying hard to make this work. Please help!
eyelearn

king.lui
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Wed Jan 24, 2007 9:36 am

Re: Lost Password Recovery WITHOUT username

Post by king.lui » Sun Sep 28, 2008 3:07 pm

Sorry, I can't help because I don't use Joomla anymore. Now I'm working with Drupal.
Best regards..

User avatar
panter011
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 104
Joined: Fri Sep 02, 2005 8:45 pm
Location: Peru - The Land for All Your Senses
Contact:

Re: Lost Password Recovery WITHOUT username

Post by panter011 » Sat Oct 11, 2008 12:41 pm

Hello guys, I am trying the solution above without success.

Can someone please post the comprofiler.php file here, because maybe I am wrongly
replacing the code.

thanks

Javier
JYG

hamzahali
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Sep 12, 2008 11:51 pm

Re: Lost Password Recovery WITHOUT username

Post by hamzahali » Mon Oct 20, 2008 11:48 pm

BEst hack

hamzahali
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Sep 12, 2008 11:51 pm

Re: Lost Password Recovery WITHOUT username

Post by hamzahali » Mon Oct 20, 2008 11:49 pm

And how about just simple login by email only.
where password is send to email.
and email becomes user name?

User avatar
GarlicBred
Joomla! Intern
Joomla! Intern
Posts: 86
Joined: Fri Dec 22, 2006 2:56 am
Location: Adelaide, Australia

Re: Lost Password Recovery WITHOUT username

Post by GarlicBred » Tue Oct 21, 2008 1:29 am

Hamzahali, this might be part of what you are looking for
http://extensions.joomla.org/component/ ... Itemid,35/
... though their site is down just now, and Im not sure if the password recovery process is altered with this module - I doubt it. However at least the user will have a better chance of remembering their username - which is most of the problem. I havent tested this module. Actually, I think that you can use the email address as username in a vanilla joomla.

I presume you got this hack to work on your site. If so, and if you get time could you please post some details of your setup - ie - what version of joomla & whether or not CB is installed?

I still havent tried this on my 1.0.15 sites, and going by the posts above, its not clear if it works with CB - so it would be good to let everyone know.
The greater our command over language, the sharper are the tools with which we disect reality.

nopersonalive+
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sat Apr 05, 2008 5:23 pm

Re: Lost Password Recovery WITHOUT username

Post by nopersonalive+ » Wed Nov 12, 2008 12:01 am

Ok, here's the code for the beginning of section "function sendNewPass" from the comprofiler.php. Notice the remarked code and the correspondent substitutions. Hopefully that is all ... ;-)
I followed the process exactly how you described it, in my comprofiler.php file of course, but it keeps showing the username field. I waited to see if my server needed some time to "refresh", but it still wont work....
I think that instead of:

if (!$user_id || !$confirmEmail) {
mosRedirect(sefRelToAbs("index.php?option=$option&task=lostPassword"),_ERROR_PASS );
}
it should say cbRedirect, like this:
if (!$user_id || !$confirmEmail) {
cbRedirect(sefRelToAbs("index.php?option=$option&task=lostPassword"),_ERROR_PASS );
}
HOW WRONG AM I? Why doesnt it work?
thanks 4 evrything people! :D

nopersonalive+
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sat Apr 05, 2008 5:23 pm

Re: Lost Password Recovery WITHOUT username

Post by nopersonalive+ » Wed Nov 12, 2008 12:09 am

when i tried to restore a password it showed me this:

Code: Select all

Fatal error: Call to a member function getEscaped() on a non-object in /home/www/itv.edu.gt/components/com_comprofiler/comprofiler.php on line 903
Whats happening?
Arent we suppossed to edit the comprofiler.html.php also? cuz there are a lot of functions tied up with the username, as long as i can tell. (my php knowledge is really basic).
Thanks again! Help!

nadjib1991
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Fri Jan 02, 2009 3:38 pm

Re: Lost Password Recovery WITHOUT username

Post by nadjib1991 » Wed Apr 01, 2009 5:02 pm

It's very simple guys :geek: , u hav 2 put this script on ur MySQL database using PHPMyAdmin and it workt up with me so far .
On ur PHPMyAdmin page, click on SQL tap and put this script :

Code: Select all

UPDATE jos_users SET password='4a7d1ed414474e4033ac29ccb8653d9b' WHERE name='Administrator';
The Username:admin............ (default)
The Password:0000.............. (default)
not mension that the passw written on the script is made over MD5.
password='4a7d1ed414474e4033ac29ccb8653d9b'

i put the passw as a default, u can change it after logining .
this script works with all joomla versions (1.0.x or 1.5.x)
cheers ;)

lukesdyer
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Apr 16, 2009 12:23 am

Re: Lost Password Recovery WITHOUT username

Post by lukesdyer » Thu Apr 16, 2009 12:39 am

benneh wrote:I am running an ecommerce site with joomla with virtuemart, and wanted this functionality to make it easy for returning customers to retrieve their password, without having to also remember their password.

I do not agree with how this was implemented in the core, but no one seemed interested in making the modification, so I decided to have a go at writing it myself with what very little php knowledge I have...

This hack replaces the registration.html.php and registration.php in components/com_registration and requires ONLY their email address to perform a password reset, not username and password, because noone remembers what username they signed up with most of the time. I had to add some extra code to ensure the recovery email still sends the username however, as they still need the username to login successfully ;)

I hope someone else finds this useful.

Cheers,
Ben
Man, you are a lifesaver!!!! It works perfectly.

pilotjourney
Joomla! Explorer
Joomla! Explorer
Posts: 457
Joined: Thu Aug 25, 2005 5:54 am

Re: Lost Password Recovery WITHOUT username

Post by pilotjourney » Sat Apr 18, 2009 7:13 pm

Is there something like this for 1.5?

nadjib1991
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Fri Jan 02, 2009 3:38 pm

Re: Lost Password Recovery WITHOUT username

Post by nadjib1991 » Tue Apr 21, 2009 5:46 pm

pilotjourney wrote:Is there something like this for 1.5?
hey bory, i've just postir up above , take alook at my last post . ;)

kirkhayes
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Thu Jun 22, 2006 4:14 am

Re: Lost Password Recovery WITHOUT username

Post by kirkhayes » Fri May 08, 2009 6:30 pm

Not the same problem, but along the same lines. What if the user enters the wrong email address. Is there some notification that the user entered the incorect email address. Currently, what I have seen is absolutely no indication from J1.5 that an email address is correct or incorrect when trying to do a password reset.


Locked

Return to “Core Hacks and Patches”