justlukeyou Posted December 12, 2012 Share Posted December 12, 2012 (edited) Hi, I have a code which reads the email address from a form and issues a new password via email. However, I just cannot get it insert the new password into the database. I have tried to say UPDATE where 'email' = 'email' which is the same method to match the two emails together how this doesn't seem to work. I have also tried the method below but none seems to work. Can one of you clever guys please advise how I can get the new password to insert into the database? (almost there with it) <?php $email=$_POST['email']; $email=mysql_real_escape_string($email); $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); // You can supress the error message by un commenting the above line if (!stristr($email,"@") OR !stristr($email,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ // validation passed now we will check the tables $query = "SELECT * FROM users WHERE email = email"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font size='2' color=red><b>No Password</b><br> Sorry, your email address is not in the database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>"; exit;} //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, ; //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); $query = sprintf("UPDATE `users` SET `password` = '%s' WHERE email = 'email'", mysql_real_escape_string($newpassword)); // formating the mail posting // headers here $headers4="admin@website.com"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; $headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers; // mail funciton will return true if it is successful if(mail("$em","Website.com - Reset Password Request"," Hello $row->firstname, <br> <br> This email is in response to your request for login details at Website.com <br><br> Your new password: $emailpassword <br><br> Please <a href='http://website.com/test/login.php' rel='nofollow' > Log In </a> <br><br> Thank You <br> <br> Site Admin","$headers")) {echo "<center><b>Thank You</b><br><br> Your password is posted to your email address. Please check your email account. </center>";} else{// there is a system problem in sending mail echo " <center>There is a problem in sending login details to your address. Please contact Site Admin: . <br><br><input type='button' value='Retry' onclick='history.go(-1)'></center>";} } ?> Edited December 12, 2012 by justlukeyou Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/ Share on other sites More sharing options...
mrMarcus Posted December 12, 2012 Share Posted December 12, 2012 You're missing the $ on the $email variable. WHERE `email` = '$email' For each of your queries. Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399022 Share on other sites More sharing options...
Jessica Posted December 12, 2012 Share Posted December 12, 2012 $query = sprintf("UPDATE `users` SET `password` = '%s' WHERE email = 'email'", Obvious troll is still obvious. Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399024 Share on other sites More sharing options...
justlukeyou Posted December 12, 2012 Author Share Posted December 12, 2012 Bloody hell. Thanks. Now I changed those 2 points its returned the following two errors. Im saying that $email = email. I though I had it sorted. $query = "SELECT * FROM users WHERE email = $email"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/ukhomefu/website.com/test/resetpasswordengine.php on line 145 $recs=mysql_num_rows($st); Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/ukhomefu/website.com/test/resetpasswordengine.php on line 146 $row=mysql_fetch_object($st); Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399032 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 Hi, Does anyone have any suggestions please? I thought I had it cracked. Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399152 Share on other sites More sharing options...
MDCode Posted December 13, 2012 Share Posted December 13, 2012 Put apostrophes around $email Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399156 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 Hi, I have done that but it stops all the code from working. It doesn't echo a message or send the email. Is there anything I need to do? <?php $email=$_POST['email']; $email=mysql_real_escape_string('$email'); $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); // You can supress the error message by un commenting the above line if (!stristr($email,"@") OR !stristr($email,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ // validation passed now we will check the tables $query = "SELECT * FROM users WHERE email = email"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font size='2' color=red><b>No Password</b><br> Sorry, your email address is not in the database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>"; exit;} //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, ; //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); $query = sprintf("UPDATE `users` SET `password` = '%s' WHERE email = '$email'", mysql_real_escape_string($newpassword)); // formating the mail posting // headers here $headers4="admin@website.com"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; $headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers; // mail funciton will return true if it is successful if(mail("$em","website.com - Reset Password Request"," Hello $row->firstname, <br> <br> This email is in response to your request for login details at website.com <br><br> Your new password: $emailpassword <br><br> Please <a href='http://website.com/test/login.php' rel='nofollow' > Log In </a> <br><br> Thank You <br> <br> Site Admin","$headers")) {echo "<center><b>Thank You</b><br><br> Your password is posted to your email address. Please check your email account. </center>";} else{// there is a system problem in sending mail echo " <center>There is a problem in sending login details to your address. Please contact Site Admin: . <br><br>";} } ?> Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399161 Share on other sites More sharing options...
mrMarcus Posted December 13, 2012 Share Posted December 13, 2012 (edited) Hi, I have done that but it stops all the code from working. It doesn't echo a message or send the email. Is there anything I need to do? <?php $email=$_POST['email']; $email=mysql_real_escape_string('$email'); $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); // You can supress the error message by un commenting the above line if (!stristr($email,"@") OR !stristr($email,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ // validation passed now we will check the tables $query = "SELECT * FROM users WHERE email = email"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font size='2' color=red><b>No Password</b><br> Sorry, your email address is not in the database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>"; exit;} //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, ; //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); $query = sprintf("UPDATE `users` SET `password` = '%s' WHERE email = '$email'", mysql_real_escape_string($newpassword)); // formating the mail posting // headers here $headers4="admin@website.com"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; $headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers; // mail funciton will return true if it is successful if(mail("$em","website.com - Reset Password Request"," Hello $row->firstname, <br> <br> This email is in response to your request for login details at website.com <br><br> Your new password: $emailpassword <br><br> Please <a href='http://website.com/test/login.php' rel='nofollow' > Log In </a> <br><br> Thank You <br> <br> Site Admin","$headers")) {echo "<center><b>Thank You</b><br><br> Your password is posted to your email address. Please check your email account. </center>";} else{// there is a system problem in sending mail echo " <center>There is a problem in sending login details to your address. Please contact Site Admin: . <br><br>";} } ?> Yes, on line 14 you need to fix your query as was already mentioned. And why the single quotes in your mysql_real_escape_string() function? $email=mysql_real_escape_string('$email'); I think you're trying to build applications that are waaaaay too advanced for you. You clearly haven't grasped the fundamentals of PHP yet. Perhaps you need to take a couple steps back and start learning from the very beginning (again?) Edited December 13, 2012 by mrMarcus Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399177 Share on other sites More sharing options...
Jessica Posted December 13, 2012 Share Posted December 13, 2012 I think you're trying to build applications that are waaaaay too advanced for you. You clearly haven't grasped the fundamentals of PHP yet. Perhaps you need to take a couple steps back and start learning from the very beginning (again?) We've been telling him this for a year. Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399194 Share on other sites More sharing options...
mrMarcus Posted December 13, 2012 Share Posted December 13, 2012 We've been telling him this for a year. I have noticed that he seems to be the Benjamin Button of PHP. His skills are going in reverse. Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399196 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 Do you guys really have to be so rude. Everytime I work on my site it progresses. I have no choice but to go down this route. I wish I could hire someone but I cant afford it. I know what my objective is and Im getting there with it. I think I've made the changes you have suggested but it is still not working. Any suggestions please. Once I can get the new password to insert into the database it should be okay. $email=$_POST[email]; $email=mysql_real_escape_string($email); $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); // You can supress the error message by un commenting the above line if (!stristr($email,"@") OR !stristr($email,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ // validation passed now we will check the tables $query = "SELECT * FROM users WHERE email = '$email'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font size='2' ><b>No Password</b><br> Sorry, your email address is not in the database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>"; exit;} //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, ; //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); $query = sprintf("UPDATE users SET password = '%s' WHERE email = $email", mysql_real_escape_string($newpassword)); // formating the mail posting // headers here $headers4="admin@website.com"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; $headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers; // mail funciton will return true if it is successful if(mail("$em","website.com - Reset Password Request"," Hello $row->firstname, <br> <br> This email is in response to your request for login details at website.com <br><br> <b>Your new password: $emailpassword </b><br><br> <a href='http://website.com/test/login.php' rel='nofollow' >Log In</a> with your new password to access website.com <br><br> Thank You <br> <br> Site Admin","$headers")) {echo "<center><b>Thank You</b><br><br> Your password is posted to your email address. Please check your email account. </center>";} else{// there is a system problem in sending mail echo " <center>There is a problem in sending login details to your address. Please contact Site Admin: . <br><br>";} } Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399253 Share on other sites More sharing options...
MDCode Posted December 13, 2012 Share Posted December 13, 2012 You have still not put $email in apostrophes within your second query Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399258 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 Thanks, Now it fails to recognise that the email address I am entering is correct. It echoes the message that the email address is not in the database. $email=$_POST[email]; $email=mysql_real_escape_string($email); $status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); // You can supress the error message by un commenting the above line if (!stristr($email,"@") OR !stristr($email,".")) { $msg="Your email address is not correct<BR>"; $status= "NOTOK";} echo "<br><br>"; if($status=="OK"){ // validation passed now we will check the tables $query = "SELECT * FROM users WHERE email = '$email'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font size='2' ><b>No Password</b><br> Sorry, your email address is not in the database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>"; exit;} //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, ; //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); $query = sprintf("UPDATE users SET password = '%s' WHERE email = '$email'", mysql_real_escape_string($newpassword)); // formating the mail posting // headers here $headers4="admin@website.com"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; $headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers; // mail funciton will return true if it is successful if(mail("$em","website.com - Reset Password Request"," Hello $row->firstname, <br> <br> This email is in response to your request for login details at website.com <br><br> <b>Your new password: $emailpassword </b><br><br> <a href='http://website.com/test/login.php' rel='nofollow' >Log In</a> with your new password to access website.com <br><br> Thank You <br> <br> Site Admin","$headers")) {echo "<center><b>Thank You</b><br><br> Your password is posted to your email address. Please check your email account. </center>";} else{// there is a system problem in sending mail echo " <center>There is a problem in sending login details to your address. Please contact Site Admin: . <br><br>";} Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399262 Share on other sites More sharing options...
Pikachu2000 Posted December 13, 2012 Share Posted December 13, 2012 And precisely what steps have you taken to debug this issue on your own? Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399263 Share on other sites More sharing options...
mrMarcus Posted December 13, 2012 Share Posted December 13, 2012 Thanks, Now it fails to recognise that the email address I am entering is correct. It echoes the message that the email address is not in the database. Which "message" are you referring to, precisely? I'm assuming the 'Sorry, your email is not in the database...' echo $query; // just below that query And see if you are receiving expected results. Double check your table name (`users`) and your column name (`email`) that they exist. I also noticed that your second query doesn't actually fire. mysql_query() is not called on it at any time: $query = sprintf("UPDATE users SET password = '%s' WHERE email = '$email'", mysql_real_escape_string($newpassword)); So the password will never be updated. Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399266 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 And precisely what steps have you taken to debug this issue on your own? Your right, when I echo the email address it does display the email address I have entered into the form. It doesn't seem to be comparing the email address in the form with the email address in the database. Can anyone advise how I debug this? Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399267 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 I also noticed that your second query doesn't actually fire. mysql_query() is not called on it at any time: Thanks, what does this mean? Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399268 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 Do I need to change $email to something else if the row in my database is 'email'? Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399270 Share on other sites More sharing options...
justlukeyou Posted December 13, 2012 Author Share Posted December 13, 2012 When I do this it echoes the email I have entered into the form and the email address in the form. So I know that the database and row terms are correct. Its just the process of comparing the email from the form agains the email address in the database. echo "$email"; echo "<br><br>"; echo $row['email']; Quote Link to comment https://forums.phpfreaks.com/topic/271928-insert-new-password-into-database/#findComment-1399272 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.