tristan5522

Hey everyone, this is my first post. Currently this code resets the user's password and replaces it with some random code in the database. Not sure what I am doing wrong, any help would be greatly appreciated. <?php $heading = "Forgot Password"; if(isset($_GET['action']) && $_GET['action'] == "fpwd") { if(count($_POST) > 0) { if(isset($_POST['user_email'])) { $email_address = $_POST['user_email']; $sqlemail = "select user_email from ".TABLE_user." where user_email = '$email_address'"; $resemail = mysql_query($sqlemail); $password = "user".rand(1000,50000); $sql_update = "update ".TABLE_user." set 'password' = '".md5($password)."' where 'user_email' = '$email_address'"; $res = mysql_query($sql); $to = $email_address; $subject = 'Reset Password'; $message = 'Your new password: '.$password; $headers = 'From: '.STORE_EMAIL.'' . "\r\n"; if(mail($to, $subject, $message, $headers)) { fw_goto_page_header(fw_create_link(FILENAME_FORGOT_PWD,'msg=1')); } } } } ?>