Lost Password script

[timwhelan]

Okay I am a beginner and haven't coded in months. I am trying to find a tutorial or help figuring out how to build a lost password script for user log-in system I built a while ago.

 

Can anyone help with either something that works that I can learn from, a tutorial somewhere?

 

thanks

Tim

[litebearer]

http://phpeasystep.com/phptu/21.html

[timwhelan]

Thanks for the link.

 

I followed all the steps. Everything acts like it is working - it processes the information - sends the email with passcode - and clicking the passcode process and deletes from the temp db table, however it doesn't write the new password to the old database table. Below is the code, am I missing something?  The one thing I can question is I have a lot more fields in the db table that I want to write beside the first name, last name, password and userid - which is there email, would that be the problem?

 

Thanks for helping!!!

 

<?
include('db.php');

// Passkey that got from link
$passkey=$_GET['passkey'];

$tbl_name1="temp_applicants";

// Retrieve data from table where row that match this passkey
$sql1="SELECT * FROM $tbl_name1 WHERE confirmation_code ='$passkey'";
$result1=mysql_query($sql1);

// If successfully queried
if($result1){

// Count how many row has this passkey
$count=mysql_num_rows($result1);

// if found this passkey in our database, retrieve data from table "temp_applicants"
if($count==1){

$rows=mysql_fetch_array($result1);
$first_name=$rows['first_name'];
$userid=$rows['userid'];
$password=$rows['password'];
$last_name=$rows['last_name'];

$tbl_name2="astro_applicants";

// Insert data that retrieves from "temp_applicants" into table "astro_applicants"
$sql2="INSERT INTO $tbl_name2(userid, password, first_name, last_name)VALUES('$userid', '$password', '$first_name', '$last_name')";
$result2=mysql_query($sql2);
}


// if not found passkey, display message "Wrong Confirmation code"
else {
echo "Wrong Confirmation code";
}

// if successfully moved data from table"temp_applicants" to table "astro_applicants" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_applicants"
if($result2){

echo "Your account has been activated";

// Delete information of this user from table "temp_applicants" that has this passkey
$sql3="DELETE FROM $tbl_name1 WHERE confirmation_code = '$passkey'";
$result3=mysql_query($sql3);

}

}
?>

[elmas156]

try changing this:

<?php
$sql2="INSERT INTO $tbl_name2(userid, password, first_name, last_name)VALUES('$userid', '$password', '$first_name', '$last_name')";
?>

 

 

to this:

<?php
$sql2=("INSERT INTO $tbl_name2(userid, password, first_name, last_name)VALUES('$userid', '$password', '$first_name', '$last_name')"); //added open and closed parenthesis before and after the open and closed quotes...
?>

[PFMaBiSmAd]

Given that a 'lost password' script would involve updating an existing user's password field, not INSERTing a new record for him, are you sure your script is attempting to do what you want?

[timwhelan]

elmas I haven't tried your method yet. I will...

However, wanted to respond to PFMaBiSmAd - Since I am still a little new I am learning some proper procedures.

 

Is there an UPDATE trigger versus an INSERT. Will start looking and will work to research if you can help point me in the right direction. If there are tutorials or links you can share I will read. I was initially following the link above to start figuring this out.

 

Thanks again!!!

Tim

 

[PFMaBiSmAd]

http://w3schools.com/php/php_mysql_update.asp (this link is part of a whole basic php/mysql tutorial that you should probably read through.)

 

Putting () around a string has no meaning and may even produce an error.

[timwhelan]

Right on. This is what I did. It took a few tries but I got it working.

Thanks for dealing with a noob! Looking forward to more challenges.

 

Peace - have a good weekend!