Jump to content

Recommended Posts

I've been working on this script but can't diagnose the problem.

 

Here is my code:

 

          <?php







function forgotPassword($serviceNumber, $emailAddress)

{



// Is the service number actually digits?



if(!ctype_digit($serviceNumber))

{

	die("You can only enter numbers as your service number.<a href='password_recover.php>Back</a>");

}



// Parse the form to clear any nasties



$serviceNumber = clean($serviceNumber);

$emailAddress = clean($emailAddress);



// Prevent SQL Injection

// NOTE: WHATEVER VARIABLE YOU USE FOR $... = mysql_connect REPLACE '$link' WITH THE PROPER VAR NAME



$serviceNumber = mysql_real_escape_string($serviceNumber);

$emailAddress = mysql_real_escape_string($emailAddress);



// Prepare the query!



$sql = "SELECT * FROM `users` WHERE `service` = '{$serviceNumber}' AND `email` = '{$emailAddress}' LIMIT 1";



// Send the SQL Query



$query = mysql_query($sql);



// Check the results



if(mysql_num_rows($query) > 0)

{

	// Combination is right, reset their password!



	$newPassword = generatePass();



	//Secure the password

	$salt = "thecoolsecuirtyteam";
  		$pass = $newPassword;
  		$pass1 = sha1($pass);
  		$pass2 = md5($pass1.$salt);




	// Prepare the SQL Query to update the new pass



	$sql2 = "UPDATE `users` SET `password` = '{$pass2}' WHERE `service` = '{$service}' AND `email` = '{$emailAddress}' LIMIT 1"; 



	// Send the SQL Query



	$query2 = mysql_query($sql2);



	// Prepare to send the email!



	$to      = "{$emailAddress}";

	$subject = 'Forgotten Password';

	$message = "Your new password is : {$newPassword} \r\n Support";

	$headers = 'From: support@example.com' . "\r\n" .

				   'Reply-To: support@example.com' . "\r\n" .

				   'X-Mailer: PHP/' . phpversion();



	// Send the user the email!



	mail($to, $subject, $message, $headers);



	// Tell the user what has happened!



	echo "Your new password has been sent to your email address.";



}

else

{

	// Details wont right, alert them!



	die("Service Number or Email Address does not match our records, please check to make sure you have entered them correctly.<a href='password_recover.php>Back</a>");

}

}



// Function for cleaning user input to make sure they cant hack it



function clean($var)

{



$var = stripslashes(strip_tags(htmlentities($var)));



return $var;



}



// Generate a new random password!



function generatePass()

{



$varPass = md5(rand(1000,9999999999));



return $varPass;



}



forgotPassword($_POST['login_name'], $_POST['contact_email']);


?>

 

Now it sends the email to the end user, but it doesn't update the database with the new password, whats wrong?

 

Cheers

<?php
if (isset($_POST['lostpass'])){
   
    if (lostPassword($_POST['username'], $_POST['email'])){
       
        echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br />
        <a href='./index.php'>Click here to return to the homepage.</a>
        ";
       
    }else {
       
        echo "Username or email was incorrect !";
        show_lostpassword_form();
       
    }
   
} else {
    //user has not pressed the button
    show_lostpassword_form();   
}


?>

 

 

 

<?php
if (isset($_POST['lostpass'])){
   
    if (lostPassword($_POST['username'], $_POST['email'])){
       
        echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br />
        <a href='./index.php'>Click here to return to the homepage.</a>
        ";
       
    }else {
       
        echo "Username or email was incorrect !";
        show_lostpassword_form();
       
    }
   
} else {
    //user has not pressed the button
    show_lostpassword_form();   
}


?>

 

 

 

 

Where was that meant to go?

 

Cheers.

Do some debugging on the query. Change this:

 

$query2 = mysql_query($sql2);

 

To this:

 

$query2 = mysql_query($sql2) or trigger_error(mysql_error(),E_USER_ERROR);

 

Also, what's with all the whitespace in your code? Makes it very hard to read.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.