Jump to content

Reset password script problem


Hybride

Recommended Posts

I do apologise before hand if there is a script like this or if am just generally irritating. I've been staring at this script for two days now, and I can't figure out what's wrong with it.

My problem deals with the "reset_pass.php" script. It's half taken from a book, half editted to my specs. I'm currently running PHP 4.4 I do believe so on the server. Now, the problem that am having is that everything works with the error part of the script - i.e.: if incorrect or incomplete email is typed, the error states it. However, if is a correct email, then the page just reverts back to itself (meaning, the script shows up, but no confirmation is stated or email sent.)

[code]<?
ob_start();

session_start();

DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'main');

$dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to
MySQL:' . mysql_error() );

@mysql_select_db (DB_NAME) OR die ('Could not select the database:' . mysql_error() );
?>

<center>
<?
include ("../themes/eventures/header.php");
include("../topmenu.php");
include("../leftmenu.php");

?>

<center><b><p>Forgot Password</p></b></center>

<p>Enter the email you used when registered to the site.</p>

<form method="post" action="../client/forgot_pass.php">

<table border="0" cellpadding="3" cellspacing="1" >
<tr>
<td><b>Email: </b></td>
<td>
<input name="email" type="text" size="25" maxlength="50"><br />
<input type="submit" name="submitted" value="Reset Password"></p>

<?
$login =  $_POST['login'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$temppass = $_POST['temppass'];
$client_id = $_POST['client_id'];

if (isset($_POST['submitted'])) {

$errors = array();

if (empty($email)) {
$errors[] = print '<p><b>Error:</b> Please enter your email.</P>';
} else {
$email = trim($email);

$query = "SELECT client_id, email FROM client WHERE email='$email'";
$result = mysql_query($query);
$row = mysql_fetch_array ($result, MYSQL_ASSOC);
if ($row) {
$row['pass'];
$row['email'];
$row['client_id'];

} else {
$errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>';
}
}


if ($email == $row[pass]) {

$temppass = substr ( md5(uniqid(rand(),1)), 3, 10);
$temppass = $pass;

$query = "SELECT client_id, email FROM client WHERE email='$email'";
$result = mysql_query ($query);
$num = mysql_num_rows($result);
if (mysql_num_rows($result) == 0) {

$row = mysql_fetch_array ($result, MYSQL_NUM);
$query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'";
$result = mysql_query ($query);
if (mysql_affected_rows() == 1) {

print '<p>Your password has been changed. An email has been sent to your account.</p>';
exit();

$body = "Your password has been temporarily changed to '$temppass'.";
$body .= "You may login using this password, and upon login, change it.\r\n";
$body .= "Support at Electronic Commerce, Inc.";

mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com');


} else {

$errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error();
}
mysql_close();

} else {
$errors[] .= print '<p>Please try again.</p>';
}
}
}
?>

</form>
</td>
</tr>
</table>

<? include ("../footer.php"); ?>
</center>[/code]

Am not certain, but could it be the update query? Any help would be greatly appreciated.
Link to comment
Share on other sites

Actually, what am getting is everything *but* the update. The errors are all correct - they all show up when something is done wrong. However, when the correct email is put in, it doesn't show up/register.

And I've tried the $row['pass'] and unfortunately, doesn't work. Thanks for the tip, though. :)
Link to comment
Share on other sites

You need to go throw the page step by step you also need to
comment as you program for reasons of this nature errors ok.

debug all the code ok

good luck.


Database working or not ?

Why use the @ as this will stop errors.if there there post them.
[code]
<?
ob_start();
session_start();
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'main');

$dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to
MySQL:' . mysql_error() );
@mysql_select_db (DB_NAME) OR die ('Could not select the database:' . mysql_error() );
?>

[/code]

includes working ?
[code]
<center>
<?
include ("../themes/eventures/header.php");
include("../topmenu.php");
include("../leftmenu.php");

?>

[/code]

is the form correct ?
[code]
<center><b><p>Forgot Password</p></b></center>

<p>Enter the email you used when registered to the site.</p>

<form method="post" action="../client/forgot_pass.php">

<table border="0" cellpadding="3" cellspacing="1" >
<tr>
<td><b>Email: </b></td>
<td>
<input name="email" type="text" size="25" maxlength="50"><br />
<input type="submit" name="submitted" value="Reset Password"></p>

[/code]


[code]


<?
$login =  $_POST['login'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$temppass = $_POST['temppass'];
$client_id = $_POST['client_id'];

if (isset($_POST['submitted'])) {

$errors = array();

if (empty($email)) {
$errors[] = print '<p><b>Error:</b> Please enter your email.</P>';
} else {
$email = trim($email);

// are you selecting corect database query it ok.

$query = "SELECT client_id, email FROM client WHERE email='$email'";
$result = mysql_query($query);
$row = mysql_fetch_array ($result, MYSQL_ASSOC);
if ($row) {
$row['pass'];
$row['email'];
$row['client_id'];

} else {
$errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>';
}
}


if ($email == $row[pass]) {

$temppass = substr ( md5(uniqid(rand(),1)), 3, 10);
$temppass = $pass;

$query = "SELECT client_id, email FROM client WHERE email='$email'";
$result = mysql_query ($query);
$num = mysql_num_rows($result);
if (mysql_num_rows($result) == 0) {

$row = mysql_fetch_array ($result, MYSQL_NUM);
$query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'";
$result = mysql_query ($query);
if (mysql_affected_rows() == 1) {

print '<p>Your password has been changed. An email has been sent to your account.</p>';
exit();

$body = "Your password has been temporarily changed to '$temppass'.";
$body .= "You may login using this password, and upon login, change it.\r\n";
$body .= "Support at Electronic Commerce, Inc.";

mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com');


} else {

$errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error();
}
mysql_close();

} else {
$errors[] .= print '<p>Please try again.</p>';
}
}
}
?>

</form>
</td>
</tr>
</table>

<? include ("../footer.php"); ?>

</center>

[/code]
Link to comment
Share on other sites

there are a few problems with this code:

1.  this if() statement:

[code] if ($row) {
$row['pass'];
$row['email'];
$row['client_id'];

} else {[/code]

does nothing, when executing.  you are also not selecting pass from the table, so technically $row['pass'] doesn't exist.

2.  why SELECT the email from the database if you've got it sitting in a variable already?  this just adds pointless load to the server.  you don't have to select fields that you use in the WHERE clause.

3.  two things wrong with this if() statement:

[code] if (mysql_num_rows($result) == 0) {[/code]

first, you already have the results from that call in $num.  no need to call it again in the if().  second, this means you will only process the update if the CLIENT WAS NOT FOUND IN THE DB.  meaning it's only if they submit a false address that they'll get updated.

4.  this is useless:

[code]$row = mysql_fetch_array ($result, MYSQL_NUM);[/code]

(it's in the if() statement i just mentioned)

5.  this should work:

[code]$query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'";[/code]

however, you'll have to check against the password using PASSWORD() when they login, because $temppass will not actually be what's inserted into the field.  just making sure you know that.

6.  when in doubt, use or die(mysql_error()) on ALL of your mysql_query() functions.  if the query fails, you will immediately know:

[code]$resource = mysql_query($query) or die(mysql_error());[/code]

hth
Link to comment
Share on other sites

Redarrow, you are correct on all of the code parts.

And akitchin, I did as you said, and updated the code a bit. Unfortunately, even with the mysql_error() added, it is still the same problem. Am thinking it may be the (if($email) == $row['pass']), but am not sure if it is, or what to change it to.

[code]<center><b><p>Forgot Password</p></b></center>

<p>Enter the email you used when registered to the site.</p>

<form method="post" action="../client/forgot_pass.php">

<table border="0" cellpadding="3" cellspacing="1" >
<tr>
<td><b>Email: </b></td>
<td>
<input name="email" type="text" size="25" maxlength="50"><br />
<input type="submit" name="submitted" value="Reset Password"></p>

<?
$login =  $_POST['login'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$temppass = $_POST['temppass'];
$client_id = $_POST['client_id'];


if (isset($_POST['submitted'])) {

$errors = array();

if (empty($email)) {
$errors[] = print '<p><b>Error:</b> Please enter your email.</P>';
} else {
$email = trim($email);

$query = "SELECT client_id, pass FROM client WHERE email='$email'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array ($result, MYSQL_ASSOC);
if ($row) {
$row['pass'];
$row['email'];
$row['client_id'];

} else {
$errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>';
}
}


if ($email == $row['pass']) {

$pass = substr ( md5(uniqid(rand(),1)), 3, 10);

$query = "SELECT client_id, email FROM client WHERE email='$email'";
$result = mysql_query ($query) or die(mysql_error());
$num = mysql_num_rows($result);

if (mysql_num_rows($result) == 1) {

$query = "UPDATE client SET pass=PASSWORD('$pass') WHERE email='$email'";
$result = mysql_query ($query);
if (mysql_affected_rows() == 1) {

echo '<p>Your password has been changed. An email has been sent to your account.</p>';
exit();

$body = "Your password has been temporarily changed to '$pass'.";
$body .= "You may login using this password, and upon login, change it.\r\n";
$body .= "Support at Electronic Commerce, Inc.";

mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com');


} else {

$errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error();
}
mysql_close();

} else {
$errors[] .= print '<p>Please try again.</p>';
}
}
}
?>

</form>
</td>
</tr>
</table>[/code]

Thank you again for helping!
Link to comment
Share on other sites

change this

if($email === $row['pass']),



chage select statement

$query = "SELECT client_id, email, pass FROM client WHERE email='$email'";
$result = mysql_query($query);
$row = mysql_fetch_array ($result, MYSQL_ASSOC);
if ($row) {
$row['pass'];
$row['email'];
$row['client_id'];


chage this  used $num as already used.

$query = "UPDATE client SET pass=PASSWORD('$pass') WHERE email='$email'";
$result = mysql_query ($query);
if ($num) {


thats 3 so far
Link to comment
Share on other sites

You probably want to do a mysql_real_escape_string on $email before you use it in your select statement.

This:
[code]if ($row) {
$row['pass'];
$row['email'];
$row['client_id'];

} else {[/code]
doesn't make sense.  Assign them to variables or don't use them.  If you are only wanting to check to make sure that person's email address in in the db, do a mysql_num_rows on $result and make sure it equals 1.

This:
[code]if ($email == $row['pass']) {[/code]
also doesn't make sense...why would their password and email address be the same?  Shouldn't that be row['email']?

Why is there an exit() here:
[code]echo '<p>Your password has been changed. An email has been sent to your account.</p>';
exit();[/code]
That causes the rest of your script to not execute when the if statement above it returns true...which it should...which means no email is being sent.
Link to comment
Share on other sites

I tried lol............
[code]

<center><b><p>Forgot Password</p></b></center>

<p>Enter the email you used when registered to the site.</p>

<form method="post" action="../client/forgot_pass.php">

<table border="0" cellpadding="3" cellspacing="1" >
<tr>
<td><b>Email: </b></td>
<td>
<input name="email" type="text" size="25" maxlength="50"><br />
<input type="submit" name="submitted" value="Reset Password"></p>

<?
$login =  $_POST['login'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$temppass = $_POST['temppass'];
$client_id = $_POST['client_id'];


if (isset($_POST['submitted'])) {

$errors = array();

if (empty($email)) {
$errors[] = print '<p><b>Error:</b> Please enter your email.</P>';
} else {
$email = trim($email);

$query = "SELECT client_id, pass FROM client WHERE email='$email'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array ($result, MYSQL_ASSOC);
if ($row) {
$password=$row['pass'];
$email=$row['email'];
$client_id=$row['client_id'];

} else {
$errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>';
}
}


if ($email == $password) {

$pass = substr ( md5(uniqid(rand(),1)), 3, 10);

$query = "SELECT client_id, email FROM client WHERE email='$email'";
$result = mysql_query ($query) or die(mysql_error());
$num = mysql_num_rows($result);

if ($num == 1) {

$query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'";
$result = mysql_query ($query);

                                      if ($num==1) {

echo '<p>Your password has been changed. An email has been sent to your account.</p>';


$body = "Your password has been temporarily changed to '$pass'.";
$body .= "You may login using this password, and upon login, change it.\r\n";
$body .= "Support at Electronic Commerce, Inc.";

mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com');


} else {

$errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error();
}
mysql_close();

} else {
$errors[] .= print '<p>Please try again.</p>';
}
}
}
?>

</form>
</td>
</tr>
</table>

[/code]
Link to comment
Share on other sites

I thought it meant that if the $pass = $email, that the pass would be from the $email typed in (meaning, when the user submitted the email, if the two would equal, that it would a match). However, I went back and changed it to just if($email) {} . The code still doesn't work even with arrow's edits, unfortunately.  :-\
Link to comment
Share on other sites

Just wrote this for you alter all database,select

good luck.

the code works as it is ok.

[b]There is full support for anybody via pm for the script just pm me cheers.[/b]

[code]
<?

//if email_fogot from form is not entered then echo message.

$forgot_email=$_POST['forgot_email'];

if(!$fogot_email=="none") {
echo " <font color='red'>Sorry please fill in the form</font> <br>";
}


//  connect database.

$db=mysql_connect("localhost","xxuser_namexxx","xxpasswordxxxx");
mysql_select_db("xxdatabase_namexx",$db);



// post varables password and email.

$email=($_POST['email']);
$password=($_POST['password']);





//select the database.

$query = "SELECT * FROM pro_membersu WHERE id='00003'";




//returd database results

$result = mysql_query($query) or die(mysql_error());




// do a while loop to get data.

while($record=mysql_fetch_assoc($result)){



//if form email match database email address send meassage.

if(!$fogot_email==$record['email']){

echo"<font color='red'> Sorry your email does not match our records</font><br>";


}else{


//if email does not exist from database give message to contack admin ok.

if(!$record['email']==1) {
echo"<font color='red'>Sorry no email address matches please contact admin!</a>";




// else send a password to the member.

}else{



//convert varables from database for the email to understand easly.

$email=$record['email'];
$password=$record['password'];



// give a message for the password.

$inportant_message= " Your password is $password ";



//get the email from the database but in easy readable format.

$to=$email;



// give a subject in the email.

$subject='This is your password reminder!';



// assign message varable to inportant meassage varable.

$message=$inportant_message;


// add a from for the mail message usally admin's email.


$headers = "From: me@me.com\r\n" .

// this is mail headers to send email with php.



       'X-Mailer: PHP/' . phpversion() . "\r\n" .
       "MIME-Version: 1.0\r\n" .
       "Content-Type: text/html; charset=utf-8\r\n" .
       "Content-Transfer-Encoding: 8bit\r\n\r\n";



// this sends all the information in all the mail.



mail($to, $subject, $message, $headers);



// echo message to user that the email has been with there password sent.

echo "<font color='red'>Lost password sent to email address!</font> ";

}
}
  }
   ?>



<center><b><p>Forgot Password</p></b></center>

<p>Enter the email you used when registered to the site.</p>

<form method="POST" action="">

<table border="0" cellpadding="3" cellspacing="1" >
<tr>
<td><b>Email: </b></td>
<td>
<input name="fogot_email" type="text" size="25" maxlength="50"><br />
<input type="submit" name="submit" value="Lost Password"></p>
</form>[/code]
Link to comment
Share on other sites

I've tried the code, and am currently fixing some errors in it ($forgot versus $fogot for example). Thank you very much for it, of course. Looking at the old code as well, I've noticed that it has to do with the UPDATE part. I've tried on several other codes that I have to update the database, though no luck. Everything works but the update (I checked the db after using an update profile script to see if the variables change, which they don't.)

Is this because I still run PHP4?
Link to comment
Share on other sites

$query="update users set name='$name' WHERE id='$id' ";

example above

//query the database
$query=" ";

//update the database
update

//select the table field to update
users

//set meaning set the name of field in table to update

set

// i am to set the field that is name=$name in the table
name=$name

// what order to update the table field
where

// i want the table field id='$id' of the users id login updated.
id='$id'

The were staement in the sql code is the most inportant to update information.

this will exsplin everythink you ever need to know read it slowly ok.
[code]

Once there's data in the table, we might find that there is a need to modify the data. To do so, we can use the UPDATE command. The syntax for this is

UPDATE "table_name"
SET "column_1" = [new value]
WHERE {condition}

For example, say we currently have a table as below:

Table Store_Information
store_name Sales Date
Los Angeles $1500 Jan-05-1999
San Diego $250 Jan-07-1999
Los Angeles $300 Jan-08-1999
Boston $700 Jan-08-1999


and we notice that the sales for Los Angeles on 01/08/1999 is actually $500 instead of $300, and that particular entry needs to be updated. To do so, we use the following SQL:

UPDATE Store_Information
SET Sales = 500
WHERE store_name = "Los Angeles"
AND Date = "Jan-08-1999"

The resulting table would look like

Table Store_Information
store_name Sales Date
Los Angeles $1500 Jan-05-1999
San Diego $250 Jan-07-1999
Los Angeles $500 Jan-08-1999
Boston $700 Jan-08-1999


In this case, there is only one row that satisfies the condition in the WHERE clause. If there are multiple rows that satisfy the condition, all of them will be modified.

It is also possible to UPDATE multiple columns at the same time. The syntax in this case would look like the following:

UPDATE "table_name"
SET column_1 = [value1], column_2 = [value2]
WHERE {condition}

[/code]
Link to comment
Share on other sites

I apologise for the bump, but the server was down, and I wasn't able to work.

I have realised that the problem is actually just the UPDATE query. What happens is that it changes on the site, but it doesn't save to the database; nor when you login/logout, the changes revert back as to what you registered. (Meaning, it just saves on the page, not into the database.) I tried to work my way around it by making the mysql_query delete then insert updated data, but that creates a new user. Is there any other way I can fix this?
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.