Reset password error

[lukep11a]

Hi, I have a forgotten your password link on my site, when a user clicks on it they are presented with a form to enter their email address and then click submit, they are then sent an email with an automatically generated new password. All this works fine, but then when you enter the new password into the login box it fails to login, it also fails to login when you use the old password, so it is updating the table but not with the password the user receives in the email. Here is my processing code, I would be extremely grateful if you could spare some time to look through it and see if there are any errors which could be causing this:

 

<?php function lostPassword($email)
{

global $seed;
    if (!user_exists($email) || !valid_email($email))
    {

        return false;
    }

    $query = sprintf("select userid from login where email = '%s' limit 1",
        $email);

    $result = mysql_query($query);

    if (mysql_num_rows($result) != 1)
    {

        return false;
    }


    $newpass = generate_code(;

    $query = sprintf("update login set password = '%s' where email = '%s'",
        mysql_real_escape_string(sha1($newpass.$seed)), mysql_real_escape_string($email));

    if (mysql_query($query))
    {

            if (sendLostPasswordEmail($email, $newpass))
        {
            return true;
        } else
        {
            return false;
        }      

    } else
    {
        return false;
    }

    return false;

}

?>

[phpmady]

Hi,

 

It Seems you are not updating the new password to the table,

Check ur Update script,

use var_dump or echo to check the valriable

 

$new_pass ="asdf";

 

$SQL = "UPDATE TABLE_NAME SET password = $new_password WHERE email = $email";

 

Thanks,

[lukep11a]

I have tried putting $newpass and $email into the update function but it does exactly the same thing, the only difference is it updates the table in phpmyadmin with the exact password rather than an encrypted one. Any other ideas, sorry I am still a beginner at this..

[phpmady]

Hi,

 

You can use the following function to encrypt the password..

 

function createRandomPassword() {

 

    $chars = "abcdefghijkmnopqrstuvwxyz023456789";

    srand((double)microtime()*1000000);

    $i = 0;

    $pass = '' ;

 

    while ($i <= 7) {

        $num = rand() % 33;

        $tmp = substr($chars, $num, 1);

        $pass = $pass . $tmp;

        $i++;

    }

 

    return $pass;

 

}

 

//function to create password

$ran_password = createRandomPassword();

 

//use md5 to encrypt the password

//md5 is php function to encrypt the password

$md5_ran_password = md5($ran_password);

 

 

$sql = "UPDATE client_employer SET

 

CE_Passwd = '".$md5_ran_password."'

 

WHERE CE_Email  = '".$email."'";

 

 

Thanks

 

 

 

[lukep11a]

Thanks for the password encrypton code but does anyone know why the update does not seem to be working when the password is reset?

[Pikachu2000]

Is anything at all being inserted into the password field in the database? Is it 40 characters long? What is $seed, and where are you storing that value so you can use it in the hash when the password is compared at login? Probably wouldn't hurt to post the processing script for login too.