Hi,
I think the problem is with not having GET variables; I'm not sure where to have them either, I use 3 files, I'll paste the important parts in here.
<<forgotPassword.php>>
....
<div id="page">
<h1 style="text-align:center;margin-left:auto;margin-right:auto;">Forgotten Password</h1>
<h2>Please enter your email address below & check your mail for instructions</h2>
<br />
<br />
</div>
<?php
session_start();
if( isset($_POST['submit'])) {
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {
// Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
echo 'Thank you. Your message said "'.$_POST['message'].'"';
unset($_SESSION['security_code']);
} else {
// Insert your code for showing an error message here
echo 'Sorry, you have provided an invalid security code';
}
} else {
?>
<form method="post" action="sendEmailAddress.php">
<div id="container">
<div id="main">
Email: <input type="text" name="email" id="email" /><br />
<br />
<br />
<img src="CaptchaSecurityImages.php?width=100&height=40&characters=5" /><br />
<label for="security_code">Enter security code above: </label><input id="security_code" name="security_code" type="text" />
<br></br>
<br></br>
<input type="submit" value="Submit" name="submit" id="submit" />
....
<<sendEmailAddress.php>>
if (isset ( $_POST ['submit'] )) {
if ($_SESSION ['security_code'] == $_POST ['security_code'] && ! empty ( $_SESSION ['security_code'] )) {
$email = $_POST ['email'];
$site_owners_email = 'me@gmail.com'; // Replace this with your own email address
$site_owners_name = 'ME; // replace with your name
$key=2314123;
$pwdLink = 'http://localhost/secureLotto/changePassword.php?email='.$email.'&'.$key=$key;
if (! preg_match ( '/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is', $email )) {
$error ['email'] = "Please enter a valid email address";
}
if (! $error) {
$mailResult = mysql_query ( "SELECT confirm_code FROM members WHERE email='$email'" );
if ($mailResult) {
if (mysql_num_rows ( $mailResult ) == 1) {
$crap = mysql_result ( $mailResult, 0 );
}
else {
//Login failed
header ( "location: changePassword-failed.php" );
exit ();
}
} else {
die ( "Query failed" );
}
require_once ('phpMailer/class.phpmailer.php');
$mail = new PHPMailer ();
$mail->IsSMTP ();
$mail->Host = 'ssl://smtp.gmail.com:465';
$mail->SMTPAuth = TRUE;
$mail->Username = "me@gmail.com"; // SMTP username
$mail->Password = "********"; // SMTP password
$mail->FromName = 'me';
$mail->From = $email;
$mail->Subject = "Forgotten Password";
$mail->AddAddress ( $site_owners_email, $site_owners_name );
$mail->AddAddress ( $email,$name);
$mail->Body = 'Please follow this link ' .$pwdLink .' and enter this conformation code ' . $crap;
$mail->Send ();
echo "<h2 class='success'> Thanks, an email has to sent to " . $email . ". please follow the instructions </h2><h2>(it may be in your spam folder)</h2>";
} # end if no error
<<changePassword.php>>
...
<form id="changePasswordForm" name="changePasswordForm" method="post"
action="changePassword-exec.php">
<input type="hidden" name="md5Pass" value="" />
<input type="hidden" name="md5CPass" value="" />
<table width="300" border="0" align="center" cellpadding="2"
cellspacing="0">
<tr>
<th width="124">Email</th>
<td width="168"><input name="email" type="text" class="textfield"
id="email" /></td>
</tr>
<tr>
<th width="124">Confirmation Code</th>
<td width="168"><input name="code" type="text" class="textfield"
id="code" /></td>
</tr>
<tr>
<th>New Password</th>
<td><input name="password" type="password" class="textfield"
id="password" onKeyUp="checkPassword(this.value)" /></td>
...
any help would be appreciated to tell me where to place the GET variables & reset the link if a user changes it(see first post)
thanks,
SB