stormx Posted August 31, 2008 Share Posted August 31, 2008 I've been working on this script but can't diagnose the problem. Here is my code: <?php function forgotPassword($serviceNumber, $emailAddress) { // Is the service number actually digits? if(!ctype_digit($serviceNumber)) { die("You can only enter numbers as your service number.<a href='password_recover.php>Back</a>"); } // Parse the form to clear any nasties $serviceNumber = clean($serviceNumber); $emailAddress = clean($emailAddress); // Prevent SQL Injection // NOTE: WHATEVER VARIABLE YOU USE FOR $... = mysql_connect REPLACE '$link' WITH THE PROPER VAR NAME $serviceNumber = mysql_real_escape_string($serviceNumber); $emailAddress = mysql_real_escape_string($emailAddress); // Prepare the query! $sql = "SELECT * FROM `users` WHERE `service` = '{$serviceNumber}' AND `email` = '{$emailAddress}' LIMIT 1"; // Send the SQL Query $query = mysql_query($sql); // Check the results if(mysql_num_rows($query) > 0) { // Combination is right, reset their password! $newPassword = generatePass(); //Secure the password $salt = "thecoolsecuirtyteam"; $pass = $newPassword; $pass1 = sha1($pass); $pass2 = md5($pass1.$salt); // Prepare the SQL Query to update the new pass $sql2 = "UPDATE `users` SET `password` = '{$pass2}' WHERE `service` = '{$service}' AND `email` = '{$emailAddress}' LIMIT 1"; // Send the SQL Query $query2 = mysql_query($sql2); // Prepare to send the email! $to = "{$emailAddress}"; $subject = 'Forgotten Password'; $message = "Your new password is : {$newPassword} \r\n Support"; $headers = 'From: support@example.com' . "\r\n" . 'Reply-To: support@example.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); // Send the user the email! mail($to, $subject, $message, $headers); // Tell the user what has happened! echo "Your new password has been sent to your email address."; } else { // Details wont right, alert them! die("Service Number or Email Address does not match our records, please check to make sure you have entered them correctly.<a href='password_recover.php>Back</a>"); } } // Function for cleaning user input to make sure they cant hack it function clean($var) { $var = stripslashes(strip_tags(htmlentities($var))); return $var; } // Generate a new random password! function generatePass() { $varPass = md5(rand(1000,9999999999)); return $varPass; } forgotPassword($_POST['login_name'], $_POST['contact_email']); ?> Now it sends the email to the end user, but it doesn't update the database with the new password, whats wrong? Cheers Quote Link to comment https://forums.phpfreaks.com/topic/122076-need-help-with-a-forgot-password-function/ Share on other sites More sharing options...
sKunKbad Posted August 31, 2008 Share Posted August 31, 2008 You should try running your SQL update statement directly in the MySQL command line or phpmyadmin to see if there is an error. Quote Link to comment https://forums.phpfreaks.com/topic/122076-need-help-with-a-forgot-password-function/#findComment-630238 Share on other sites More sharing options...
dropfaith Posted August 31, 2008 Share Posted August 31, 2008 <?php if (isset($_POST['lostpass'])){ if (lostPassword($_POST['username'], $_POST['email'])){ echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br /> <a href='./index.php'>Click here to return to the homepage.</a> "; }else { echo "Username or email was incorrect !"; show_lostpassword_form(); } } else { //user has not pressed the button show_lostpassword_form(); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/122076-need-help-with-a-forgot-password-function/#findComment-630242 Share on other sites More sharing options...
stormx Posted August 31, 2008 Author Share Posted August 31, 2008 <?php if (isset($_POST['lostpass'])){ if (lostPassword($_POST['username'], $_POST['email'])){ echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br /> <a href='./index.php'>Click here to return to the homepage.</a> "; }else { echo "Username or email was incorrect !"; show_lostpassword_form(); } } else { //user has not pressed the button show_lostpassword_form(); } ?> Where was that meant to go? Cheers. Quote Link to comment https://forums.phpfreaks.com/topic/122076-need-help-with-a-forgot-password-function/#findComment-630243 Share on other sites More sharing options...
GingerRobot Posted August 31, 2008 Share Posted August 31, 2008 Do some debugging on the query. Change this: $query2 = mysql_query($sql2); To this: $query2 = mysql_query($sql2) or trigger_error(mysql_error(),E_USER_ERROR); Also, what's with all the whitespace in your code? Makes it very hard to read. Quote Link to comment https://forums.phpfreaks.com/topic/122076-need-help-with-a-forgot-password-function/#findComment-630252 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.