c-o-d-e Posted January 29, 2010 Share Posted January 29, 2010 I have a password reset form, and it doesn't do anything when I click submit. It refreshes my page. Nothing happens. I don't recieve an email, I've tried to echo the password as soon as it gets created. Nothing echo'd. Seems that NOTHING happens at all. Can anyone help me out? Here is the code. <?php session_start(); include ("inc/config.php"); if(isset($_POST['reset'])) { $username = addslashes(mysql_real_escape_string($_POST['username'])); $email = addslashes(trim(mysql_real_escape_string($_POST['email']))); if(empty($username)){ $error['username'] = '<span style="color:red;">Your Username is required!<br /></span>'; } if(empty($email)){ $error['email'] = '<span style="color:red;">Your registered Email Address is required!<br /></span>'; } $query = mysql_query("SELECT * FROM Users WHERE Username = $username") or trigger_error("Query failed: ".mysql_error()); if(mysql_num_rows($query) > 0) { $row = mysql_fetch_array($query); if($email == $row['Email']){}{ $error['email'] = 'The entered Email is not the registered email!'; } } else { if($username > 0){ $error['username'] = 'The entered Username is not registered!'; } } if(!isset($error)){ $length = 9; $characters = 'abcdefghjkmnpqrstwxyz23456789'; $max = strlen($characters) - 1; $pwd = ''; mt_srand((double)microtime() * 1000000); while (strlen($pwd) < $length + 1) $pwd .= $characters{mt_rand(0, $max)}; $pass = md5($pwd.strtolower($username)); $query = mysql_query("UPDATE Users SET Password = '$pass' WHERE Username = '$username'") or trigger_error('Query failed: '. mysql_error()); $send = mail($email , "Password Reset Request" , "You have applied for a new password at Developers Community\n\nYour Username and New Password are below, Please change your Password when you login!\n\nUser: ".$username."\nPass: ".$pwd."\n\nIf you did not request a New Password, please change your Password and if this continues to happen then please contact us.\n\nPlease do not reply, this is an automated mailer.\n\nThanks", "FROM: no-reply@developers-community.com"); if(($query)&&($send)){ $success['complete'] = 'Your New Password has been sent to your Email Address. The Email could be in your Junk. If you do not recieve the email, please contact us.'; } } } ?> <?php echo ''.$error['username'].''.$error['password'].''.$success['complete'].''; ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" style="width:300px; margin:0 auto;"> <label>Username<br /> <input name="username" type="text" class="textBox" id="username" size="40" /></label> <label><br /> Registered Email Address<br /> <input name="email" type="text" class="textBox" id="email" size="40" /></label> <br /><br /> <input name="reset" type="submit" class="textBox" id="reset" value="Submit" /> </form> Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted January 29, 2010 Share Posted January 29, 2010 Look at your logic - you have it so if the user enters a username ($username > 0) or if the user already has a valid e-mail address ($email == $row['email']) to trigger an error, thereby ignoring the request to send the e-mail and reset the password. That seems pretty backwards to me. Quote Link to comment Share on other sites More sharing options...
c-o-d-e Posted January 29, 2010 Author Share Posted January 29, 2010 ($username > 0) Should be If username is bigger than 0. Would it be < ? I seem not to remember the < and > Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 29, 2010 Share Posted January 29, 2010 Your query is also failing because there are no single-quotes around the string data in it. Again, what trigger_error() does is dependent on the error_reporting and display_errors settings. Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that ALL php errors will be reported and displayed? You are also double-escaping the string data being put into your query. You should only be using mysql_real_escape_string() and NOT using addslashes(). Quote Link to comment Share on other sites More sharing options...
c-o-d-e Posted January 29, 2010 Author Share Posted January 29, 2010 $query = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or trigger_error("Query failed: ".mysql_error()); if(mysql_num_rows($query) > 0) { $row = mysql_fetch_array($query); if($email == $row['Email']){}{ $error['email'] = 'The entered Email is not the registered email!'; } } else { if($username > 0){ $error['username'] = 'The entered Username is not registered!'; } } If there is a row, it checks if the email matches the email of the registered username thats entered, if it matches then no error, so it carries on. If it does not match, report the error, else if there isn't a row by the entered username, and the username has more than 1 character to report the error that its not registered. I changed it so that I am only using mysql_real_escape_string() and I have now put in the single quotes where needed. I just set the error reporting to E_ALL, although in my php.ini it is always set as on. Although with the error reporting set to E_ALL, it doesn't give me any other error that I should not recieve. Quote Link to comment Share on other sites More sharing options...
c-o-d-e Posted January 29, 2010 Author Share Posted January 29, 2010 Oh! Update: I had an error call above the form for Password, it should be Email. Thats why nothing happened. When I type in my exact email address that I registered the account with. It comes up as "The entered Email is not the registered email!" Even though its correct! AND where i has {}{ for the email, Should be {}else{ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.