Good day all,
I have this change password code and it works well when all the parameters are ok, like username correct and email correct. But when I test it to see the result if the wrong username or email is entered the else statement doesnt run, not even an error, just skips the code and shows the other parts of the page, just as if the code did not run.
Here is the code:
<?php
include("mysql_connect.php");
$username=$_POST['username'];
$email=$_POST['email'];
$newpassword=$_POST['newpassword'];
$confirm_newpassword=$_POST['confirm_newpassword'];
$query = "SELECT * FROM users WHERE username='$username' AND email='$email'";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if ($username == $row["username"] && $email == $row["email"]){
echo "<center><h1>Thank you " . $row["firstname"] ." ". $row["surname"] .". Your password has been changed.<br/> An email has also been sent to $email with the details of the new password.</h1></center>";
$sql="UPDATE users SET password = '$newpassword', password_confirm='$confirm_newpassword' WHERE (id = $row[id])";
$update = mysql_query($sql) or die(mysql_error());
$to = $row["email"];
$subject = "Your password change at My Site";
$message = "Dear " . $row["firstname"] ." ". $row["surname"] .",\r\rYour Password Change has been completed successfully.\r\rYour New Password is:\r". $row["password"] .".\r\rPlease guard this Password carefully.\r\rRegards,\rAdmin - My Site";
require_once "class.phpmailer.php";
$mail = new PHPMailer();
$mail->IsSendmail();
$mail->SetFrom('admin@mysite.com', 'Admin - My Site');
$mail->AddAddress($to);
$mail->Subject = $subject;
$mail->Body = $message;
$mail->Send();
}
else{
echo"<center><h1>Invalid username and/or email.<br/>Please go back to the <a href=\"password_recovery.php\">Password Change Request</a> page and enter correct details.</h1></center>";
}
}
?>