Password Changer

[jrws]

Hey guys this is really annoying me, as I have never come across this type of problem before. The problem is this, after the form searches the database for the username, after successfully getting the secret question when that form is submitted it takes you back the the original page.

<?php
include_once ('libary/header.php');//Includes style sheet, config and functions
if (!isset($_POST['submit']))
        {
?>
	<p>Please enter your username below.</p>
	<form method="POST" action="<?= $PHP_SELF; ?>">
Username:<input type = "text" name="username" ><br>
<input type = "submit" name = "submit" value ="Submit">
</form>
	<?php
        } else
        {
            $username = clean($_POST['username']);
            $sql = "SELECT secretQuestion FROM user WHERE username = '$username' AND u_level>=1 LIMIT 1";
            $result = mysql_query($sql) or die(mysql_error());
            if (mysql_num_rows($result) != 0)
            {
                $row = mysql_fetch_array($result);
                $secretQuestion = ($row['secretQuestion']);
                if (!isset($_POST['secretAnswer']))
                {
?><p>Please enter your answer to your secret question (CaSe SenSeTiVe).</p>
	<form method="POST" action="<?= $PHP_SELF; ?>">
Secret Question:<input type = "text" value="<?= $secretQuestion; ?>" ><br>
Answer:<input type = "text" name="answer" ><br>
<input type = "submit" name = "secretAnswer" value ="Submit">
</form>
<?php
                }else{
				echo 'Processing here.';
			}
                }else
            
            {
                echo '<div class="error">The username you have supplied does not exist, or is not activated! Please supply another username.<a href="' .
                    $siteURL . 'login.php?newPassword">Back</a></div>';
            }
        }
?>

[trq]

You have described what your code does and stated it is a problem, however, you have failed to tell us what you actually want the script to do.

[jrws]

Oh sorry, I thought I had. Basically this is the flow chart:

 

 

User enters username

          |

          V

Checks that username exists

Exists                        Doesn't -> Throw an error

  |

  v

Displays the secret question, gets user to answer

  Right answer                      Wrong answer-> Throw an error

    |

    v

Displays a new password form for user to enter password

  Update is successful        Not successful-> Throw an error

    |

    V

redirects back to login

 

 

The problem is that it doesn't get to the new password form. I hope that has clarified it.

[ratcateme]

i can't see a new password part of the code you posted?

 

Scott.

[jrws]

That's because as soon as you answer the secret question, it doesn't process the form at all, but rather just takes you back to the main part of the page, the user selection.

[ratcateme]

you need to look into sessions and use them to store the username from the first part so you can use it later on.

you also you to use session to keep track of where the form is up to

 

 

Scott.

[redarrow]

safer this way i guess.

 

User enters username and email address

          |

          V

Checks that user exists via username and email address

 

Exists                        Doesn't -> Throw an error

  |

  v

Displays the secret question, gets user to answer

  Right answer                      Wrong answer-> Throw an error

    |

    v

redirect user to a page.

send the user  a random new password via email

tell user a email with new password has been sent.

 

let a user log into the web site to alter there password or keep the random one, safer.

 

never re set a password via the web site unless the user is logged in.

[jrws]

This would only be on a testing server since I cannot test mail on my localhost, ie my machine as I don't know what program I need, and the programs I have used don't work