How do I implement onclick forgotten password function properly?

Question

1.00/5 (1 vote)

See more:

I'm reading an xml file with javascript and if the user clicks on the 'forgot password' button, a modal shows up, where there is another button called 'get my password'. If the user clicks on this button, it's supposed to show the users' password based on his email id in the xml file, but my 'forgotten()' function is not working for some reason. Please help me out, I have been struggling with this for a while now.

What I have tried:

my html form:

HTML

<pre><div class="container">
  <div class="login">
  
    
  	<h1 class="login-heading">Please login.</h1>



      <form method="post" action="login.php">
        
        <input id='email1' type="email" name="email" placeholder="Email Adress" required="required" class="input-txt" onchange="checkuser();"  />  
        <input id='pass1' type="password" name="password" placeholder="Password" required="required" class="input-txt" />
		
        <input type"button" name="forgot" class="btn" data-target="#pwdModal" data-toggle="modal" value="Forgot password?">
<div id="pwdModal" class="modal fade" tabindex="-1" role="dialog" aria-hidden="true">
  <div class="modal-dialog">
  <div class="modal-content">
      <div class="modal-header">
          <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
          <h1 >Forgot My Password?</h1>
      </div>
      <div class="modal-body">
          <div class="col-md-12">
                <div class="panel panel-default">
                    <div class="panel-body">
                        <div class="text-center">
                          
                          <p>If you have forgotten your password, simply click on the button below to fetch your password from the server!</p>
                            <div class="panel-body">
                                <fieldset>
                                    
                                    <div id="forgot">
			 <input type="button" class="btn" value="Get my password" tabindex="2" onclick="forgotten();"><br> <br>
                         <p id="pass" style="border-style:dotted;border-color:coral; border-radius:5px;"></p>
             <script>
			 var forgot_email = document.getElementById("email1");
             

             var request1 = new XMLHttpRequest();

             //fetching the password based on the email address
             request1.open("GET", "storedata.xml", false);
             request1.send();

             var xml1 = request1.responseXML;
             var users1 = xml1.getElementsByTagName("data");
			 
			 function forgotten {
             for(var i = 0; i < users1.length; i++) {
             if (forgot_email == users1[i].getElementsByTagName("email2").value {
             var forgotten_pass= users1[i].getElementsByTagName("pass2").value;
			 break;
             }
    
             } 
			 document.getElementById("pass").innerHTML=forgotten_pass;
             }
			 </script>
			 
	
                
			 </div>   
                                </fieldset>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
      </div>
      <div class="modal-footer">
          <div class="col-md-12">
          <button class="btn" data-dismiss="modal" aria-hidden="true">Cancel</button>
		  </div>	
      </div>
  </div>
  </div>
</div>
			
             <button type="submit" class="btn" name="ok" id="b1" >Sign in </button> <br> <br>
	
      </form>
	  
	  <script>
             
//checking if the email exists in the server xml or not
var first_email = document.getElementById("email1");

var request = new XMLHttpRequest();

//creating an array of the existing emails
request.open("GET", "storedata.xml", false);
request.send();

var xml = request.responseXML;
var users = xml.getElementsByTagName("data");
const existingEmails = [];

for(var i = 0; i < users.length; i++) {
    const emailTag = users[i].getElementsByTagName("email2");
    const email = emailTag[0].childNodes[0].nodeValue;

    existingEmails.push(email);
}

function checkuser() {
 if(existingEmails.includes(first_email.value)) {
      email1.setCustomValidity('');
 }
 else {
 email1.setCustomValidity('Sorry but this email address doesnt exist in the server.');
 }
}


</script>        
	  	 
 
  </div>
</div>

my xml file(storedata.xml) :

HTML

<pre><?xml version="1.0" encoding="utf-8"?>
<document>
<data><fname>Group</fname><lname>Project</lname><email2>webuy55@gmail.com</email2><pass2>teamproject55</pass2></data>
<data><fname>Sam</fname><lname>Kim</lname><email2>samkim@gmail.com</email2><pass2>abcd1234</pass2></data>
<data><fname>Harold</fname><lname>Pain</lname><email2>hpain@gmail.com</email2><pass2>abcd</pass2></data>
<data><fname>Ryan</fname><lname>Reynold</lname><email2>ryan@gmail.com</email2><pass2>123456</pass2></data>
<data><fname>Reece</fname><lname>Simpson</lname><email2>reece@gmail.com</email2><pass2>onlinestore</pass2></data>
<data><fname>Stefani</fname><lname>Germanotta</lname><email2>stef@gmail.com</email2><pass2>bbbcccddd</pass2></data>
</document>

Posted 15-Aug-20 11:46am

Member 14915166

Updated 15-Aug-20 21:57pm

v3

Add a Solution

Comments

Sandeep Mewara 16-Aug-20 4:09am

Is webuy55@gmail.com working and others not as expected?

Richard Deeming 17-Aug-20 11:50am

Troy Hunt: Everything you ever wanted to know about building a secure password reset feature[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2020-08-15T21:57:00

Bad idea - very bad.
The only way to do that is to store user passwords: and that's insecure.
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

And remember: if this is web based and you have any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and store them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.

Instead of "here is your password", you set a temporary password (which expires after say 24 hours) and allow them to log in with either that (in which case you set that as the new password and allow them to change it) or with the original (in which case you discard the temporary one).
I like to use a Guid, because nobody wants to type it and that encourages them to set it to a new value ...