Jump to content

Archived

This topic is now archived and is closed to further replies.

libinaz

password reset need debugged...how do I do that?

Recommended Posts

Hi, I am trying to set up a reset password which isn't working.

in all, it just refreshes. what code and where do I put it for debugging?

forgot_password.php:
[code]
<?php
if (isset($_POST['submit'])) { // Handle the form.
require_once ('db_connect.php');

if (empty($_POST['bill_email'])) {
$billEmail = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your email!</font></p>';
} else {
$billEmail = escape_data($_POST['bill_email']);
}

if (empty($_POST['secretquestion'])) {
$squestion = FALSE;
echo '<p><font color="red" size="+1">You forgot to select a secret question!</font></p>';
} else {
$squestion = escape_data($_POST['secretquestion']);
}

if (empty($_POST['secretanswer'])) {
$sanswer = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your secret answer!</font></p>';
} else {
$sanswer = escape_data($_POST['secretanswer']);

}

if ($billEmail && $squeston && $sanswer) {

$query = "SELECT bill_email, secretquestion, secretanswer FROM users_tbl
WHERE bill_email='$billEmail' AND secretquestion='$secretquestion' AND secretanswer='$secretanswer'";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {
$billEmail = $row[0];
$squestion = $row[1];
$sanswer = $row[2];
} else {
echo '<p><font color="red" size="+1">The submitted user information does not match
those on file!</font></p>';
$billEmail = FALSE;
}

}

if ($billEmail) {

// Create a new, random password.
$p = substr ( md5(uniqid(rand(),1)), 3, 10);

// Make the query.
$query = "UPDATE users_tbl SET passwd=PASSWORD('$p') WHERE bill_email=$billEMail";
$result = @mysql_query ($query); // Run the query.
if (mysql_affected_rows() == 1) { // If it ran OK.

// Send an email.
$body = "Your password to log into NAACO has been temporarily changed to '$p'.
Please log-in using your email and this password. At that time you may change
your password to something more familiar.";
mail ($email, 'Your temporary password.', $body, 'From: me@mysite.com');
echo '<h3>Your password has been changed. You will receive the new,
temporary password at the email address with which you registered. Once you
have logged in with this password, you may change it by clicking on the
"Change Password" link.</h3>';

exit();

} else { // If it did not run OK.

// Send a message to the error log, if desired.
$message = '<p><font color="red" size="+1">Your password could not be
changed due to a system error. We apologize for any inconvenience.</font></p>';

}
mysql_close(); // Close the database connection.

} else { // Failed the validation test.
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}

} // End of the main Submit conditional.

?>
[/code]

and then the html form in the body with the action:
[code]
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">[/code]

any help is appreciated. thanks

Share this post


Link to post
Share on other sites
does it actually give you the error messages, or just refreshes and do nothing??

anyway, there's an error in the update query. add single quotes around $billEmail. also, it's $billEmail, not $billEMail.
[code]$query = "UPDATE users_tbl SET passwd=PASSWORD('$p') WHERE bill_email='$billEmail'";[/code]

a good way to debug is to use mysql_error().

Share this post


Link to post
Share on other sites
Yes, the page just refreshes and shows the information posted. Where do I put the mysql_error()? I did change the billEMail and the quotes, it still just refreshes.

Share this post


Link to post
Share on other sites
you should remove the @ signs before mysql_query.. you actually WANT to see the errors if it goes wrong. then add mysql_error() like this
[code]$result = mysql_query($query) or die(mysql_error());[/code]

Share this post


Link to post
Share on other sites
It still doesn't show any errors. It just refreshes. I removed the echo's in the form and now, when it refreshes, nothing is in the form.

here is the full code:
[code]
<?php
session_start();
// Set the page title and include the HTML header.
require_once ('db_fns.php'); // Connect to the database.
$conn = db_connect();
  if (!$conn)
    return 'Could not connect to database server - please try later.';

if (isset($_POST['submit'])) {

if (empty($_POST['bill_email'])) {
$billEmail = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your email!</font></p>';
} else {
$billEmail = escape_data($_POST['bill_email']);
}
if (empty($_POST['secretquestion'])) {
$squestion = FALSE;
echo '<p><font color="red" size="+1">You forgot to select a secret question!</font></p>';
} else {
$squestion = escape_data($_POST['secretquestion']);
}
if (empty($_POST['secretanswer'])) {
$sanswer = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your secret answer!</font></p>';
} else {
$sanswer = escape_data($_POST['secretanswer']);
}

if ($billEmail && $squeston && $sanswer) {

$query = "SELECT bill_email, secretquestion, secretanswer FROM users_tbl WHERE bill_email='$billEmail' AND secretquestion='$secretquestion' AND secretanswer='$secretanswer'";
$result = mysql_query ($query) or die(mysql_error());
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {
$billEmail = $row[0];
$squestion = $row[1];
$sanswer = $row[2];
} else {
echo '<p><font color="red" size="+1">The submitted user information does not match those on file!</font></p>';
$billEmail = FALSE;
}

}

if ($billEmail) {

// Create a new, random password.
$p = substr ( md5(uniqid(rand(),1)), 3, 10);

// Make the query.
$query2 = "UPDATE users_tbl SET passwd=PASSWORD('$p') WHERE bill_email='$billEmail'";
$result2 = mysql_query ($query2)  or die(mysql_error());; // Run the query.
if (mysql_affected_rows() == 1) { // If it ran OK.

// Send an email.
$body = "Your password to log into NAACO has been temporarily changed to '$p'. Please log-in using your email and this password. At that time you may change your password to something more familiar.";
mail ($email, 'Your temporary password.', $body, 'From: me@mysite.com');
echo '<h3>Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you have logged in with this password, you may change it by clicking on the "Change Password" link.</h3>';

exit();

} else { // If it did not run OK.

// Send a message to the error log, if desired.
$message = '<p><font color="red" size="+1">Your password could not be changed due to a system error. We apologize for any inconvenience.</font></p>';

}
mysql_close(); // Close the database connection.

} else { // Failed the validation test.
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}

} // End of the main Submit conditional.

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="userscss.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="512" border="0" cellpadding="6" cellspacing="0" bgcolor="#FFFFFF">
  <tr>
    <td><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
      <table width="500" cellpadding=2 cellspacing=0 bgcolor="#FFFFFF">
        <tr>
          <td colspan="2" class="bodytext"><span class="header">NAACO Password
              Retrieval</span><br>
                  <span class="membertext">If you have forgotten your password,
                  please enter your username, your secret question and your secret
                  answer. Your password will be sent to your email address.</span></td>
        </tr>
        <tr>
          <td width="35%" class="bodytext">&nbsp;</td>
          <td width="65%">&nbsp;</td>
        </tr>
        <tr class="membertext">
          <td class="bodytext">Enter your username (eMail address)</td>
          <td>
            <input name="bill_email" type="text" class="bodytext" size="30">
          </td>
        </tr>
        <tr class="membertext">
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr class="membertext">
          <td class="bodytext">What was your secret question (select)</td>
          <td>
            <select name="secretquestion" size="1" class="bodytext" id="select4" tabindex="30">
              <option value="" selected>Select one</option>
              <option value="What is your favorite color">What is your favorite
              color</option>
              <option value="What is your favorite sport">What is your favorite
              sport</option>
              <option value="What is your mothers maiden name">What is your mothers
              maiden name</option>
            </select>
          </td>
        </tr>
        <tr class="membertext">
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr class="membertext">
          <td class="bodytext">What is the answer to your secret question</td>
          <td><input name="secretanswer" type="text" class="bodytext" size="30">
          </td>
        </tr>
        <tr class="membertext">
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr align="left" class="membertext">
          <td colspan=2><input type="submit" name="Submit" value="Submit">
</td>
        </tr>
      </table>
    </form></td>
  </tr>
</table>
</body>
</html>

[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.