NLT Posted July 8, 2011 Share Posted July 8, 2011 Hello, I've come to ask you 2 things I've coded a little script where it will send you a md5 string so you can click that and it'll send you a random password. But, when I type in my email or anyone else email in the form, it emails it. Even if it's not found in database. Another thing, the $user query isn't working, when I submit the form and I get "Thank you Resource id #6, a confirmation link has been sent to your email." Could you tell me what's wrong with the above? And how could I get it so it emails from a specific email? Thanks. here's the code. <?php $host="localhost"; // Host name $username="user"; // Mysql username $password="pass"; // Mysql password $db_name="db"; // Database name //Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); mysql_select_db("$db_name")or die("cannot select DB"); $email=$_POST['email']; $tbl_name=users; $sql="SELECT mail FROM $tbl_name WHERE mail='$email'"; $result=mysql_query($sql); $query_user="SELECT username FROM $tbl_name WHERE mail='$email'"; $user=mysql_query($query_user); $confirmation=md5(uniqid(rand())); $hotel_name=Hotel; // Email $to=$email; $subject="Password Reset - $hotel_name"; $header="test"; $message="Your confirmation link\r\n"; $message.="Click on this link to to have a password sent to you\r\n"; $message.="http://fustigate.net/confirmation.php?code=$confirmation"; $sentmail = mail($to,$subject,$header,$message); if($sentmail){ echo "Thank you $user, a confirmation link has been sent to your email."; } ?> Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 change to: <?php $query_user="SELECT username FROM $tbl_name WHERE mail='$email'"; $query=mysql_query($query_user); $row = mysql_fetch_array($query); $user = $row['username']; ?> and: $header="From: <your email address here>\r\n"; Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 Hello. I've done that, the username thing worked, but the mail from doesn't. It still says fustigat@srv42.hosting24.com when I want it to come from my email. Thanks in advance. I should also add, the header just shows at the bottom of the email. Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 what exactly did you try for your header? Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 I did this: $header="From:<fustigate@fustigate.net>\r\n"; And on my email it shows Your confirmation link Click on this link to to have a password sent to you http://fustigate.net/confirmation.php?code=7f926ad56a3a2a0a29286cdd75623732 From:<fustigate@hotmail.com> Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 Sorry, bad habbit of mine, i use the <> to basically say insert here. should be: $header="From: fustigate@fustigate.net\r\n"; Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 It's still the same =/ Your confirmation link Click on this link to to have a password sent to you http://fustigate.net/confirmation.php?code=c5d9178bec880ad63aeedd33758d5a8d From: fustigate@fustigate.net Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 youve got your mail function back to front: $sentmail = mail($to,$subject,$header,$message); should be: $sentmail = mail($to,$subject,$message,$header); Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 Ahh, that is great! How could I make it display an error for any email that isn't in the database rather than sending it out anyway? Because right now if you type in any email it'll send you the password link and things. Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 do you mean something like this? <?php $host="localhost"; // Host name $username="fustigat_lol"; // Mysql username $password="lol123"; // Mysql password $db_name="fustigat_phoenix"; // Database name //Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); mysql_select_db("$db_name")or die("cannot select DB"); $email=$_POST['email']; $tbl_name=users; $sql="SELECT mail FROM $tbl_name WHERE mail='$email'"; $result=mysql_query($sql); if(mysql_num_rows($result)== 0) { echo 'You did not submit a valid email'; } else { $query_user="SELECT username FROM $tbl_name WHERE mail='$email'"; $user=mysql_query($query_user); $confirmation=md5(uniqid(rand())); $hotel_name=Hotel; // Email $to=$email; $subject="Password Reset - $hotel_name"; $header="From: fustigate@fustigate.net\r\n"; $message="Your confirmation link\r\n"; $message.="Click on this link to to have a password sent to you\r\n"; $message.="http://fustigate.net/confirmation.php?code=$confirmation"; $sentmail = mail($to,$subject,$message,$header); if($sentmail){ echo "Thank you $user, a confirmation link has been sent to your email."; } } ?> Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 No. If you go to to http://fustigate.net/forgotpass and you typed in your email, it'll send it to you even though your email isn't in the database. I only want it sending emails to the emails stored in the database. Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 did you look at the code i just posted? I added an if else loop around your query, saying if email does not exist then show error, else email Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 That is great. I'm sorry, I didn't notice. Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 Another problem in confirmation.php <? include('config.php'); $confirmation=$_GET['code']; $table1="pass_reset"; $selectkey="SELECT * FROM $table1 WHERE confirm_code =$confirmation'"; $gotkey=mysql_query($selectkey); if($gotkey){ $count=mysql_num_rows($gotkey); } if($count==1){ $rows=mysql_fetch_array($gotkey); $email=$rows['email']; } $random_password=md5(uniqid(rand())); $new_password=substr($random_password, 0, ; $table2="users"; $updpass="UPDATE `users` SET password='$new_password' WHERE mail='$email'"; ?> it's not updating users Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 its because your not executing your query $updpass="UPDATE `users` SET password='$new_password' WHERE mail='$email'"; mysql_query($updpass); Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 It's still not updating the only 1 user. If I removed the $mail bit it will update all users (Which it should) but I can't get it to just update the one. I should add, I want it to make the password in the database md5, but I want it to send the email with plaintext (needs to be created) Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 echo out the email variable and make sure it matches what is in the database Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 What do you mean by echo it out? I'm pretty new to PHP. I appreciate all this help, btw ^^ Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 thisnk ive found your problem: $selectkey="SELECT * FROM $table1 WHERE confirm_code =$confirmation'"; you have a ' after confirmation. should be: $selectkey="SELECT * FROM $table1 WHERE confirm_code ='$confirmation'"; Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 Worked, cheers! Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 dont forget to click on resolved Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 Last one, and I should be fine. I asked my mate about generating a random plain and md5 password. Plain for the email, md5 for the database. He gave me $plain_password = passGen(); $md_password = md5($plain_password); I'm not sure if that's right or what, but I'm guessing something by there is wrong because I'm getting an error with them. Fatal error: Call to undefined function passgen() in /home/fustigat/public_html/forgotpass/confirmation.php on line 22 I think after this is done, the script is finished Quote Link to comment Share on other sites More sharing options...
jnvnsn Posted July 8, 2011 Share Posted July 8, 2011 Is passGen() your function? try this: $plain_password = substr ( md5(uniqid(rand(),1)), 3, 10); Quote Link to comment Share on other sites More sharing options...
NLT Posted July 8, 2011 Author Share Posted July 8, 2011 That worked. Now it won't delete a row with the query I used mysql_query("DELETE from `pass_reset` WHERE 'confirm_code='$confirmation'"); Quote Link to comment Share on other sites More sharing options...
gristoi Posted July 8, 2011 Share Posted July 8, 2011 what was it you said? :" i have 2 problems" lol: mysql_query("DELETE from `pass_reset` WHERE 'confirm_code='$confirmation'"); should be mysql_query("DELETE from `pass_reset` WHERE `confirm_code`='$confirmation'"); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.