Jump to content

retreive forgotten pass


Pavlos1316
 Share

Recommended Posts

Hello,

 

I have this code to retreive forgotten pass:

//here is my db connection//

$result = mysql_query("SELECT email FROM db WHERE email='$email'"); 
if(!$result){
}  
else  
if($email!= mysql_result($result, 0)){
include 'recover.php';
echo "bla bla";
exit();
}

$sql= mysql_query("SELECT pass FROM db WHERE email='$email'");
$result=mysql_query($sql);
// if found e-mail address, row must be 1 row
// keep value
$count=mysql_num_rows($result);

if($count==1){
$rows=mysql_fetch_array($result);
// keep password
$pass=$rows['pass'];
exit();
}
//here I have the Send Email code including:
$email
$pass

I get no errors, but inside the email I only get the $email and not the $pass.

 

Any help?

 

Thank you

Link to comment
Share on other sites

You don't have any error reporting in your database query,

I would also add, Limit 1 since i guess there can be only 1 user.

But on the other hand, if your passwords are hashed, all you get back is a hash. I am not sure if you ant that and if it would be better for them to just set a new password and email it to them.

Link to comment
Share on other sites

Why this:

$sql= mysql_query("SELECT pass FROM db WHERE email='$email'");
$result=mysql_query($sql);

Why two times mysql_query?

 

why exit() after $pass?

 

Try this

//here is my db connection//

$result = mysql_query("SELECT email FROM db WHERE email='$email'"); 
if(!$result){
}  
else  
if($email!= mysql_result($result, 0)){
include 'recover.php';
echo "bla bla";
exit();
}

$sql= "SELECT pass FROM db WHERE email='$email'";
$result=mysql_query($sql);
// if found e-mail address, row must be 1 row
// keep value
$count=mysql_num_rows($result);

if($count==1){
$rows=mysql_fetch_array($result);
// keep password
$pass=$rows['pass'];
}
//here I have the Send Email code including:
$email
$pass

 

Also we don't know how your email code looks like.

Link to comment
Share on other sites

god... now it gave me the error log.... (or now I noticed it)

 

$count=mysql_num_rows()

it says that supplied argument is not a valid MySQL result resource

 

What is wrong here?

 

After I removed the mysql_query, I got NO error msgs (for sure) but no email at all as well!

This is my email code..

$yoursite='';
$webmaster='Administrators';
$youremail='';

$subject="Υπενθύμιση Κωδικού Πελάτη";
$message="
E-Mail: $email
Κωδικός Πελάτη: $pass

Ευχαριστώ,
$webmaster";

mail($email, $subject, $message, "From: $yoursite<$youremail>\nX-Mailer:PHP/" .phpversion());

Link to comment
Share on other sites

Here it is I have only changed "SELECT pass" to "SELECT *"

 

<?php

//Database Information

$dbhost = "localhost";
$dbname = "masterdb";
$dbuser = "";
$dbpass = "";

//Connect to database

mysql_connect ($dbhost, $dbuser, $dbpass)or die("Error: " .mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email=$_POST['email'];

if(!($email)){
include 'recover.php';
echo "";
exit();
}

$result = mysql_query("SELECT email FROM db WHERE email='$email'"); 
if(!$result){
}  
else  
if($email!= mysql_result($result, 0)){
include 'recover.php';
echo "";
exit();
}

$sql = mysql_query("SELECT * FROM db WHERE email='$email'");
$result = mysql_query($sql);
// if found e-mail address, row must be 1 row
// keep value
$count = mysql_num_rows($result);

if($count==1){
$rows = mysql_fetch_array($result);
// keep password
$pass = $rows['pass'];
$name = $rows['name'];
exit();
}

session_start();
if($_SESSION['captchaCheck'] != $_POST['providedCaptcha'] && !empty($_SESSION['captchaCheck'])){
// TODO
include 'recover.php';
echo "";
unset($_SESSION['captchaCheck']);
exit();
}

{
include 'blank.php';
echo "";
echo '<META HTTP-EQUIV="Refresh" Content="5; URL=index.php">';
}

$yoursite='';
$webmaster='Administrators';
$youremail='';

$subject="Υπενθύμιση Κωδικού Πελάτη";
$message="Αγαπητή/έ $name, 

E-Mail: $email
Κωδικός Πελάτη: $pass

Ευχαριστώ,
$webmaster";

mail($email, $subject, $message, "From: $yoursite<$youremail>\nX-Mailer:PHP/" .phpversion());

?>

Link to comment
Share on other sites

I have updated your code, but not tested. Backup your old file 1st.

Try to adjust where you need to, also i would suggest to work on the if else statements.

<?php
session_start();

//Database Information
$dbhost = "localhost";
$dbname = "masterdb";
$dbuser = "";
$dbpass = "";

//Connect to database
mysql_connect ($dbhost, $dbuser, $dbpass)or die("Error: " .mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$email=mysql_real_escape_string($_POST['email']);

if(!$email){
include 'recover.php';
//echo "";
exit();
}

$query_email = mysql_query("SELECT email FROM db WHERE email='$email'") or die(mysql_error());
$num_email = mysql_num_rows($query_email);
if($num_email != 1){
include 'recover.php';
echo "";
exit();
}
else
{

$sql = mysql_query("SELECT * FROM db WHERE email='$email'") or die(mysql_error());
$result = mysql_query($sql);
// if found e-mail address, row must be 1 row
// keep value
$count = mysql_num_rows($result);

if($count==1){
$rows = mysql_fetch_array($result);
// keep password
$pass = $rows['pass'];
$name = $rows['name'];
}


if($_SESSION['captchaCheck'] != $_POST['providedCaptcha'] && !empty($_SESSION['captchaCheck'])){
// TODO
include 'recover.php';
echo "";
unset($_SESSION['captchaCheck']);
exit();
}
else
{
include 'blank.php';
echo "";
echo '<META HTTP-EQUIV="Refresh" Content="5; URL=index.php">';
}

$yoursite='';
$webmaster='Administrators';
$youremail='';

$subject="&#933;&#960;&#949;&#957;&#952;&#973;&#956;&#953;&#963;&#951; &#922;&#969;&#948;&#953;&#954;&#959;&#973; &#928;&#949;&#955;&#940;&#964;&#951;";
$message="&#913;&#947;&#945;&#960;&#951;&#964;&#942;/&#941; $name, 

E-Mail: $email
&#922;&#969;&#948;&#953;&#954;&#972;&#962; &#928;&#949;&#955;&#940;&#964;&#951;: $pass

&#917;&#965;&#967;&#945;&#961;&#953;&#963;&#964;&#974;,
$webmaster";

mail($email, $subject, $message, "From: $yoursite<$youremail>\nX-Mailer:PHP/" .phpversion());
}
?>

 

Link to comment
Share on other sites

$sql = mysql_query("SELECT * FROM db WHERE email='$email'") or die(mysql_error());
$result = mysql_query($sql);

 

That's your error.  You're making a query of the result or the error.  Also, you should be checking whether your query returns FALSE (if not a valid query, which is different from returning 0 rows), that way you know whether your result is a valid resource or a boolean value.

I'd say echo out the query where or before it errors and test for yourself directly (in MySQL or phpMyAdmin) and see what it returns.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.