Kadage Posted August 2, 2011 Share Posted August 2, 2011 Hey everyone, im rather new to PHP and I need a little bit of help with a script im writing. If anybody can help it would be great. Basically the code checks to see if the email field has text in it, if it does it will then check to see if that email address has been registered to an account. If an account is registred with that email it willl generate a random md5 code and insert it into a table, it will also send that code the email address. Lastly it will allow you to insert the code that was just emailed and it will check to see if it matches the one on the database. This is where im having trouble... <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Synical-Soldiers</title> <link href="scripts/style.css" rel="stylesheet" type="text/css" /> <link rel="shortcut icon" href="images/favicon.ico" /> </head> <?php session_start(); $EmailReset = $_POST['email']; ?> <body> <?php if($_SESSION['CodeSent'] != 'true') { ?> <form action="passwordReset.php" method="post" name="verification"> <table width="300" border="0"> <tr> <td colspan="2"><h2 align="center">Synical-Soldiers: Reset Password</h2></td> </tr> <tr> <td colspan="2"><b>Please enter the Email you used to register.</b></td> </tr> <tr> <td width="72"><b>Email:</b></td> <td width="218"><input name="email" type="text" class="textBoxReset" value="<?php echo $EmailReset; ?>"/></td> </tr> <tr> <td> </td> <td><input name="submit" type="submit" class="button" /></td> </tr> </table> </form> <?php if($_POST['submit']) { if ($EmailReset == "") { echo "<b><font color='#FF0000'>Error(s) Listed Below:</font></b> <br/><b>Please enter your Email.</b> <br/>"; die(); } // Connect the config file include_once("scripts/config.php"); // Connect to the Server mysql_connect($db_host,$db_user,$db_password) or die(mysql_error()); // Select the Database mysql_select_db($db_name) or die(mysql_error()); // Check if the Email is in use. $VEmail = mysql_query("SELECT email FROM tbl_members WHERE email = '$EmailReset'") or die(mysql_error()); $check2 = mysql_num_rows($VEmail); if ($check2 != 1) { echo "<b><font color='#FF0000'>Error(s) Listed Below:</font></b> <br/><b>No account is registered with that Email.</b> <br/>"; die; } $RandomCode=md5(uniqid(rand())); $VerificationCode=substr($RandomCode, 0, ; $EncryptCode = md5($VerificationCode); $query = sprintf("INSERT INTO tbl_resetPassword VALUES ('NULL', '$_SERVER[REMOTE_ADDR]', '$EmailReset','%s', 'no')", mysql_real_escape_string($EncryptCode)); mysql_query($query)or die('Could not Reset Password ' . mysql_error()); $subject = "Verification Code"; $siteName = "http://www.synical-soldiers.com.au"; $siteEmail = "support@pixemadesigns.com.au"; $message = "If you did not request a password reset for the site 'Synical-Soldiers.com.au' please ignore this email. ---------------------------- Verification Code: $VerificationCode ---------------------------- This email was automatically generated."; if(!mail($EmailReset, $subject, $message, "FROM: $siteName <$siteEmail>")) { die ("Sending Email Failed, Please Contact a Site Admin!)"); } $_SESSION['CodeSent'] = 'true'; $_SESSION['EmailVerification'] = $EmailReset; header("location: test.php"); } } else { echo'<form action="passwordReset.php" method="post" name="reset"> <table width="300" border="0"> <tr> <td colspan="2"><h2 align="center">Synical-Soldiers: Reset Password</h2></td> </tr> <tr> <td colspan="2"><b><font color="#00FF00">Verification Code Sent to:</font></b></td> </tr> <tr> <td colspan="2"><b>Email: </b>'; echo $_SESSION['EmailVerification']; echo'</td> </tr> <tr> <td width="72"><b>Code:</b></td> <td width="218"><input name="code" type="text" class="textBox" value="'; echo $_POST['code']; echo'"/></td> </tr> <tr> <td> </td> <td><input name="submit2" type="submit" class="button" /></td> </tr> </table> </form>'; if($_POST['submit2']) { $CodeReset = md5($_POST['code']); $ResetEmail = $_SESSION['EmailVerification']; if ($CodeReset == "") { echo "<b><font color='#FF0000'>Error(s) Listed Below:</font></b> <br/><b>Please enter your Verification Code.</b> <br/>"; die(); } $SQL = "SELECT * from tbl_resetPassword WHERE email = '$ResetEmail'"; $Result = mysql_query($SQL); $DATA = mysql_fetch_assoc($Result); if($CodeReset != $DATA['resetCode']) { echo "Pass"; } else { echo "Fail"; } } } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted August 2, 2011 Share Posted August 2, 2011 what trouble? Quote Link to comment Share on other sites More sharing options...
IrOnMaSk Posted August 2, 2011 Share Posted August 2, 2011 So what's the problem? is your code complete or you need help completing the part? what's the error? Quote Link to comment Share on other sites More sharing options...
Kadage Posted August 2, 2011 Author Share Posted August 2, 2011 Ohh sorry, okay well the script generates the random code and uploads it to the database as well as sends it to the email. However i cant get the second part of the script right so the info typed into the text box is equal to whats on the database the script will progress. It just passes no matter what text is in the box. Quote Link to comment Share on other sites More sharing options...
Zane Posted August 2, 2011 Share Posted August 2, 2011 Why do you have them type ... or copy and paste ... and MD5 string? why not just append it to the link you email them ... as a $_GET variable? Quote Link to comment Share on other sites More sharing options...
xyph Posted August 2, 2011 Share Posted August 2, 2011 Are you sure you've given it much thought? Line 118 - Why are you MD5'ing the value the user has pasted into the form? Shouldn't that ALWAYS be the random value that you've already MD5'd? Line 126 - It might be a better idea to add the MD5 value to the where clause of the query. SELECT * from tbl_resetPassword WHERE email = '$ResetEmail' AND resetCode = '$CodeReset' With those changes, you don't need lines 128 through 137. You can instead simply use if( mysql_num_rows($SQL) > 0 ), which will return TRUE if any rows are found that match your query. As to why your code was letting anything through. Line 130 - You are checking if the two values don't equal each other, and echo'ing 'Pass' if that's TRUE. I think you meant to echo 'Fail.' The reason, in this case, that the right code isn't echoing 'Fail' is due to the above issues on line 118 Quote Link to comment Share on other sites More sharing options...
Kadage Posted August 3, 2011 Author Share Posted August 3, 2011 Thanks for all your help so far everyone! Much appreciated! Hi Zane, sorry but like i said im really new to php and don't really know too much about it. xyph, I have made the changes you suggested to the code and it's still not working. Im not too sure but i think there is something wrong with the verification code generator. No matter what i type into the text field it always says the code is incorrect. This is the updated script. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Synical-Soldiers</title> <link href="scripts/style.css" rel="stylesheet" type="text/css" /> <link rel="shortcut icon" href="images/favicon.ico" /> </head> <?php session_start(); $EmailReset = $_POST['email']; ?> <body> <?php if($_SESSION['CodeSent'] != 'true') { ?> <form action="passwordReset.php" method="post" name="verification"> <table width="300" border="0"> <tr> <td colspan="2"><h2 align="center">Synical-Soldiers: Reset Password</h2></td> </tr> <tr> <td colspan="2"><b>Please enter the Email you used to register.</b></td> </tr> <tr> <td width="72"><b>Email:</b></td> <td width="218"><input name="email" type="text" class="textBoxReset" value="<?php echo $EmailReset; ?>"/></td> </tr> <tr> <td> </td> <td><input name="submit" type="submit" class="button" /></td> </tr> </table> </form> <?php if($_POST['submit']) { if ($EmailReset == "") { echo "<b><font color='#FF0000'>Error(s) Listed Below:</font></b> <br/><b>Please enter your Email.</b> <br/>"; die(); } // Connect the config file include_once("scripts/config.php"); // Connect to the Server mysql_connect($db_host,$db_user,$db_password) or die(mysql_error()); // Select the Database mysql_select_db($db_name) or die(mysql_error()); // Check if the Email is in use. $VEmail = mysql_query("SELECT email FROM tbl_members WHERE email = '$EmailReset'") or die(mysql_error()); $check2 = mysql_num_rows($VEmail); if ($check2 != 1) { echo "<b><font color='#FF0000'>Error(s) Listed Below:</font></b> <br/><b>No account is registered with that Email.</b> <br/>"; die; } $RandomCode=md5(uniqid(rand())); $VerificationCode=substr($RandomCode, 0, ; $EncryptCode = md5($VerificationCode); $query = sprintf("INSERT INTO tbl_resetPassword VALUES ('NULL', '$_SERVER[REMOTE_ADDR]', '$EmailReset','%s', 'no')", mysql_real_escape_string($EncryptCode)); mysql_query($query)or die('Could not Reset Password ' . mysql_error()); $subject = "Verification Code"; $siteName = "http://www.synical-soldiers.com.au"; $siteEmail = "support@pixemadesigns.com.au"; $message = "If you did not request a password reset for the site 'Synical-Soldiers.com.au' please ignore this email. ---------------------------- Verification Code: $VerificationCode ---------------------------- This email was automatically generated."; if(!mail($EmailReset, $subject, $message, "FROM: $siteName <$siteEmail>")) { die ("Sending Email Failed, Please Contact a Site Admin!)"); } $_SESSION['CodeSent'] = 'true'; $_SESSION['EmailVerification'] = $EmailReset; header("location: passwordReset.php"); } } else { echo'<form action="passwordReset.php" method="post" name="reset"> <table width="300" border="0"> <tr> <td colspan="2"><h2 align="center">Synical-Soldiers: Reset Password</h2></td> </tr> <tr> <td colspan="2"><b><font color="#00FF00">Verification Code Sent to:</font></b></td> </tr> <tr> <td colspan="2"><b>Email: </b>'; echo $_SESSION['EmailVerification']; echo'</td> </tr> <tr> <td width="72"><b>Code:</b></td> <td width="218"><input name="code" type="text" class="textBox" value="'; echo $_POST['code']; echo'"/></td> </tr> <tr> <td> </td> <td><input name="submit2" type="submit" class="button" /></td> </tr> </table> </form>'; if($_POST['submit2']) { $CodeReset = $_POST['code']; $ResetEmail = $_SESSION['EmailVerification']; if ($CodeReset == "") { echo "<b><font color='#FF0000'>Error(s) Listed Below:</font></b> <br/><b>Please enter your Verification Code.</b> <br/>"; die(); } $SQL = "SELECT * from tbl_resetPassword WHERE email = '$ResetEmail' AND resetCode = '$CodeReset'"; $Result = mysql_query($SQL); if(mysql_num_rows($SQL) > 0 ) { echo "Passed"; } else { echo "<b><font color='#FF0000'>Error(s) Listed Below:</font></b> <br/><b>Verification Code is Incorrect.</b> <br/>";; } } } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Kadage Posted August 3, 2011 Author Share Posted August 3, 2011 I got it working!!! Basically my code was mostly right, i just had to add the connection to DB code again once the submit button is pressed. Quote Link to comment Share on other sites More sharing options...
voip03 Posted August 3, 2011 Share Posted August 3, 2011 please mark as solved. the topic solved button can be found at the bottom left of the page. thanks Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted August 3, 2011 Share Posted August 3, 2011 A couple of cleanup suggestions - Don't use SELECT * on tbl_ResetPassword. Any single field, prefferably not one that has any actual relevent acount information, like ID would do. Also, instead of mysql_num_rows > 0 I would suggest you use mysql_num_rows == 1 As you know that if it is working correctly there should only be a single row returned. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.