kaiman

No luck after adding the error code, no errors display and it still just redirects me to error page at bottom and does not update database. I know it is connecting to the database ok because the first to conditions come back with the echos if not met correctly. Below is the complete script code minus personal info. You will notice that I changed the sha1 mysql code slightly to see if that made a difference, but no go. Other help is appreciated. Thanks! kaiman // connects to server and selects database. include ("dbconnect.inc.php"); // table name $tbl_name="registered_members"; // generates random password // include ("randompass.inc.php"); // generates random password with the following letters and numbers function randomPass($length) { $letters = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9); $newpass = ""; for($i = 0; $i < $length; $i++) { $newpass .= $letters[rand(0,61)]; } return $newpass; } // returns random 8 character password $pass = randomPass(; // protects against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // values sent from form $username = cleanString($_POST['username']); $email = cleanString($_POST['email']); // check for empty fields if (empty($username) || empty($email)) { echo "Please Complete All Form Fields"; exit ; } //account check $sql="SELECT count(*) FROM $tbl_name WHERE username='$username' and email='$email'"; $result=mysql_query($sql); $num = mysql_result($result,0); //check to see if username and email exists or not. if($num < 1){ echo "That Username or Email Address Does Not Match Our Records. Please Provide A Valid Username and Email Address."; exit(); } // if username and email is found update data in database $sql="UPDATE $tbl_name SET pass=sha1('$pass') WHERE username='$username' and email='$email'"; $result=mysql_query($sql); echo mysql_error(); // if data is successfully updated in database, send email to user if($result){ // send e-mail to $to="$email"; // your subject $subject="Password Reset"; // from $header="from: Email <email@domain.com>"; // your message $message= "Dear $email,\n\n" . "Your password has been reset.\n\n" . "Your temporary password is $pass.\n\n" . "To complete the process, please login to http://domain.com/ and change your password.\n\n" . "If you believe you recieved this email in error or need further assistance\n" . "please email email@domain.com\n\n" . "Sincerely,\n\n" . "Domain\n" . "http://domain.com\n"; // send email $sentmail = mail($to,$subject,$message,$header); } // if not found else { echo "Could Not Send Email"; } // if your email was succesfully sent if($sentmail){ header( "Location: http://domain.com/success/" ); } else { header( "Location: http://domain.com/error/" ); exit; } ?>

It is on for that domain, but no error log was written. I have a feeling that the issue lies somewhere in between the password generation and the database UPDATE, but my PHP isn't good enough to determine where! I have a similar script that does the mysql DELETE function and seems to work flawlessly so I am at a loss to where this is going awry. Any other ideas? Thanks again, kaiman

It just sends me to a blank page and I don't get an email verifying that it has been updated. When I go and look in phpMyAdmin to see if the password sha1 has changed, it has not. Any ideas? Am I missing some sql code that would help make sure the record is updated? Thanks, kaiman

Hi, I am trying to write a password reset script that will generate a random password, update the table in the database (adding sha1 to the randomly generated password) and then email the randomly generated password (before sha1 hashing) to the user so they can login and then change it to something they will remember. My problem is that it keeps erroring out and won't update the record. My guess is that there is some syntax that is missing/wrong, but I've been beating my head against this and can't seem to get it to work. The code is below. Please help! Thanks in advance, kaiman // connects to server and selects database. include ("dbconnect.inc.php"); // table name $tbl_name="registered_members"; // generates random password // include ("randompass.inc.php"); // generates random password with the following letters and numbers function randomPass($length) { $letters = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9); $newpass = ""; for($i = 0; $i < $length; $i++) { $newpass .= $letters[rand(0,61)]; } return $newpass; } // returns random 8 character password $pass = randomPass(; // protects against mysql injection function cleanString($string){ htmlentities(mysql_real_escape_string($string)); return $string; } // values sent from form $username = cleanString($_POST['username']); $email = cleanString($_POST['email']); // check for empty fields if (empty($username) || empty($email)) { echo "Please Complete All Form Fields"; exit ; } //account check $sql="SELECT count(*) FROM $tbl_name WHERE username='$username' and email='$email'"; $result=mysql_query($sql); $num = mysql_result($result,0); //check to see if username and email exists or not. if($num < 1){ echo "That Username or Email Address Does Not Match Our Records. Please Provide A Valid Username and Email Address."; exit(); } // if email is found update data in database $sql="UPDATE $tbl_name SET pass='" . sha1($pass) . "' WHERE username='$username' and email = '$email'"; $result=mysql_query($sql); // if data is successfully changed in database, send email to user if($result){ // send e-mail to code, blah, blah, blah