Jump to content


Photo

password reset need debugged...how do I do that?


  • Please log in to reply
4 replies to this topic

#1 libinaz

libinaz
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 25 July 2006 - 11:51 PM

Hi, I am trying to set up a reset password which isn't working.

in all, it just refreshes. what code and where do I put it for debugging?

forgot_password.php:
<?php 
if (isset($_POST['submit'])) { // Handle the form.
	require_once ('db_connect.php');

if (empty($_POST['bill_email'])) {
$billEmail = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your email!</font></p>';
} else {
$billEmail = escape_data($_POST['bill_email']);
}

if (empty($_POST['secretquestion'])) {
$squestion = FALSE;
echo '<p><font color="red" size="+1">You forgot to select a secret question!</font></p>';
} else {
$squestion = escape_data($_POST['secretquestion']);
		}

if (empty($_POST['secretanswer'])) {
$sanswer = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your secret answer!</font></p>';
} else {
$sanswer = escape_data($_POST['secretanswer']);

}

if ($billEmail && $squeston && $sanswer) {
	
$query = "SELECT bill_email, secretquestion, secretanswer FROM users_tbl 
WHERE bill_email='$billEmail' AND secretquestion='$secretquestion' AND secretanswer='$secretanswer'";		
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM); 
if ($row) {
$billEmail = $row[0];
$squestion = $row[1];
$sanswer = $row[2];
} else {
echo '<p><font color="red" size="+1">The submitted user information does not match 
those on file!</font></p>';
$billEmail = FALSE;
}
		
}
	
if ($billEmail) {

		// Create a new, random password.
		$p = substr ( md5(uniqid(rand(),1)), 3, 10);

		// Make the query.
		$query = "UPDATE users_tbl SET passwd=PASSWORD('$p') WHERE bill_email=$billEMail";		
		$result = @mysql_query ($query); // Run the query.
		if (mysql_affected_rows() == 1) { // If it ran OK.
		
			// Send an email.
			$body = "Your password to log into NAACO has been temporarily changed to '$p'. 
Please log-in using your email and this password. At that time you may change 
your password to something more familiar.";
			mail ($email, 'Your temporary password.', $body, 'From: me@mysite.com');
			echo '<h3>Your password has been changed. You will receive the new, 
temporary password at the email address with which you registered. Once you 
have logged in with this password, you may change it by clicking on the 
"Change Password" link.</h3>';
			
			exit();				
			
		} else { // If it did not run OK.
		
			// Send a message to the error log, if desired.
			$message = '<p><font color="red" size="+1">Your password could not be 
changed due to a system error. We apologize for any inconvenience.</font></p>'; 

		}		
		mysql_close(); // Close the database connection.

	} else { // Failed the validation test.
		echo '<p><font color="red" size="+1">Please try again.</font></p>';		
	}

} // End of the main Submit conditional.

?>

and then the html form in the body with the action:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

any help is appreciated. thanks


#2 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 25 July 2006 - 11:55 PM

does it actually give you the error messages, or just refreshes and do nothing??

anyway, there's an error in the update query. add single quotes around $billEmail. also, it's $billEmail, not $billEMail.
$query = "UPDATE users_tbl SET passwd=PASSWORD('$p') WHERE bill_email='$billEmail'";

a good way to debug is to use mysql_error().
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#3 libinaz

libinaz
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 25 July 2006 - 11:59 PM

Yes, the page just refreshes and shows the information posted. Where do I put the mysql_error()? I did change the billEMail and the quotes, it still just refreshes.

#4 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 26 July 2006 - 12:02 AM

you should remove the @ signs before mysql_query.. you actually WANT to see the errors if it goes wrong. then add mysql_error() like this
$result = mysql_query($query) or die(mysql_error());

Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#5 libinaz

libinaz
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 26 July 2006 - 02:46 PM

It still doesn't show any errors. It just refreshes. I removed the echo's in the form and now, when it refreshes, nothing is in the form.

here is the full code:
<?php 
session_start();
// Set the page title and include the HTML header.
require_once ('db_fns.php'); // Connect to the database.
	$conn = db_connect();
  	if (!$conn)
    	return 'Could not connect to database server - please try later.';

if (isset($_POST['submit'])) {

		if (empty($_POST['bill_email'])) {
		$billEmail = FALSE;
		echo '<p><font color="red" size="+1">You forgot to enter your email!</font></p>';
	} else {
		$billEmail = escape_data($_POST['bill_email']);
		}
		if (empty($_POST['secretquestion'])) {
		$squestion = FALSE;
		echo '<p><font color="red" size="+1">You forgot to select a secret question!</font></p>';
	} else {
		$squestion = escape_data($_POST['secretquestion']);
		}
		if (empty($_POST['secretanswer'])) {
		$sanswer = FALSE;
		echo '<p><font color="red" size="+1">You forgot to enter your secret answer!</font></p>';
	} else {
		$sanswer = escape_data($_POST['secretanswer']);
}

if ($billEmail && $squeston && $sanswer) {
	
		$query = "SELECT bill_email, secretquestion, secretanswer FROM users_tbl WHERE bill_email='$billEmail' AND secretquestion='$secretquestion' AND secretanswer='$secretanswer'";		
		$result = mysql_query ($query) or die(mysql_error());
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		if ($row) {
			$billEmail = $row[0];
			$squestion = $row[1];
			$sanswer = $row[2];
		} else {
			echo '<p><font color="red" size="+1">The submitted user information does not match those on file!</font></p>';
			$billEmail = FALSE;
		}
		
	}
	
	if ($billEmail) {

		// Create a new, random password.
		$p = substr ( md5(uniqid(rand(),1)), 3, 10);

		// Make the query.
		$query2 = "UPDATE users_tbl SET passwd=PASSWORD('$p') WHERE bill_email='$billEmail'";		
		$result2 = mysql_query ($query2)  or die(mysql_error());; // Run the query.
		if (mysql_affected_rows() == 1) { // If it ran OK.
		
			// Send an email.
			$body = "Your password to log into NAACO has been temporarily changed to '$p'. Please log-in using your email and this password. At that time you may change your password to something more familiar.";
			mail ($email, 'Your temporary password.', $body, 'From: me@mysite.com');
			echo '<h3>Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you have logged in with this password, you may change it by clicking on the "Change Password" link.</h3>';
			
			exit();				
			
		} else { // If it did not run OK.
		
			// Send a message to the error log, if desired.
			$message = '<p><font color="red" size="+1">Your password could not be changed due to a system error. We apologize for any inconvenience.</font></p>'; 

		}		
		mysql_close(); // Close the database connection.

	} else { // Failed the validation test.
		echo '<p><font color="red" size="+1">Please try again.</font></p>';		
	}

} // End of the main Submit conditional.

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="userscss.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="512" border="0" cellpadding="6" cellspacing="0" bgcolor="#FFFFFF">
  <tr>
    <td><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
      <table width="500" cellpadding=2 cellspacing=0 bgcolor="#FFFFFF">
        <tr>
          <td colspan="2" class="bodytext"><span class="header">NAACO Password
              Retrieval</span><br>
                  <span class="membertext">If you have forgotten your password,
                  please enter your username, your secret question and your secret
                  answer. Your password will be sent to your email address.</span></td>
        </tr>
        <tr>
          <td width="35%" class="bodytext">&nbsp;</td>
          <td width="65%">&nbsp;</td>
        </tr>
        <tr class="membertext">
          <td class="bodytext">Enter your username (eMail address)</td>
          <td>
            <input name="bill_email" type="text" class="bodytext" size="30">
          </td>
        </tr>
        <tr class="membertext">
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr class="membertext">
          <td class="bodytext">What was your secret question (select)</td>
          <td>
            <select name="secretquestion" size="1" class="bodytext" id="select4" tabindex="30">
              <option value="" selected>Select one</option>
              <option value="What is your favorite color">What is your favorite
              color</option>
              <option value="What is your favorite sport">What is your favorite
              sport</option>
              <option value="What is your mothers maiden name">What is your mothers
              maiden name</option>
            </select>
          </td>
        </tr>
        <tr class="membertext">
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr class="membertext">
          <td class="bodytext">What is the answer to your secret question</td>
          <td><input name="secretanswer" type="text" class="bodytext" size="30">
          </td>
        </tr>
        <tr class="membertext">
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr align="left" class="membertext">
          <td colspan=2><input type="submit" name="Submit" value="Submit">
</td>
        </tr>
      </table>
    </form></td>
  </tr>
</table>
</body>
</html>






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users