Jump to content

Insert New Password Into Database?

justlukeyou

By justlukeyou
in PHP Coding Help

 Share

Recommended Posts

justlukeyou Advanced Member

justlukeyou

Posted
Posted (edited)

Hi,

 

I have a code which reads the email address from a form and issues a new password via email. However, I just cannot get it insert the new password into the database. I have tried to say UPDATE where 'email' = 'email' which is the same method to match the two emails together how this doesn't seem to work.

 

I have also tried the method below but none seems to work. Can one of you clever guys please advise how I can get the new password to insert into the database? (almost there with it)

 

<?php
$email=$_POST['email'];
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){ // validation passed now we will check the tables
$query = "SELECT * FROM users WHERE email = email";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font size='2' color=red><b>No Password</b><br>
Sorry, your email address is not in the database . You can signup and login to use our site.
<BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}
//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, ;

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

$query = sprintf("UPDATE `users` SET `password` = '%s'
 WHERE email = 'email'",
			 mysql_real_escape_string($newpassword));


// formating the mail posting
// headers here
 $headers4="admin@website.com"; // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// mail funciton will return true if it is successful
if(mail("$em","Website.com - Reset Password Request","
Hello $row->firstname, <br> <br>
This email is in response to your request for login details at Website.com <br><br>
Your new password: $emailpassword <br><br>
Please <a href='http://website.com/test/login.php' rel='nofollow' >
Log In
</a> <br><br>
Thank You <br> <br>
Site Admin","$headers"))
{echo "<center><b>Thank You</b><br><br>
Your password is posted to your email address.
Please check your email account. </center>";}
else{// there is a system problem in sending mail
echo " <center>There is a problem in sending login details to your address.
Please contact Site Admin: . <br><br><input type='button' value='Retry' onclick='history.go(-1)'></center>";}
}
?>

Edited by justlukeyou
Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

Bloody hell. Thanks.

 

Now I changed those 2 points its returned the following two errors.

 

Im saying that $email = email. I though I had it sorted.

 

 

$query = "SELECT * FROM users WHERE email = $email";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);

 

 

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/ukhomefu/website.com/test/resetpasswordengine.php on line 145
$recs=mysql_num_rows($st);

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/ukhomefu/website.com/test/resetpasswordengine.php on line 146
$row=mysql_fetch_object($st);

Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

Hi,

 

I have done that but it stops all the code from working. It doesn't echo a message or send the email. Is there anything I need to do?

 

<?php
$email=$_POST['email'];
$email=mysql_real_escape_string('$email');
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  // validation passed now we will check the tables
$query = "SELECT * FROM users WHERE email = email";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font size='2' color=red><b>No Password</b><br>
Sorry, your email address is not in the database . You can signup and login to use our site.
<BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}
//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, ;

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

  $query = sprintf("UPDATE `users` SET `password` = '%s'
    WHERE email = '$email'",
			    mysql_real_escape_string($newpassword));


// formating the mail posting
// headers here
    $headers4="admin@website.com";  // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// mail funciton will return true if it is successful
if(mail("$em","website.com - Reset Password Request","
Hello $row->firstname, <br> <br>
This email is in response to your request for login details at website.com <br><br>
 Your new password: $emailpassword <br><br>
 Please <a href='http://website.com/test/login.php'  rel='nofollow' >
Log In
</a> <br><br>
Thank You <br> <br>
Site Admin","$headers"))
{echo "<center><b>Thank You</b><br><br>
Your password is posted to your email address.
Please check your email account. </center>";}
else{// there is a system problem in sending mail
echo " <center>There is a problem in sending login details to your address.
Please contact Site Admin: . <br><br>";}
}
?>

Link to comment
Share on other sites
mrMarcus Member

mrMarcus

Posted
Posted (edited)

Hi,

 

I have done that but it stops all the code from working. It doesn't echo a message or send the email. Is there anything I need to do?

 

<?php
$email=$_POST['email'];
$email=mysql_real_escape_string('$email');
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  // validation passed now we will check the tables
$query = "SELECT * FROM users WHERE email = email";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font size='2' color=red><b>No Password</b><br>
Sorry, your email address is not in the database . You can signup and login to use our site.
<BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}
//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, ;

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

  $query = sprintf("UPDATE `users` SET `password` = '%s'
       WHERE email = '$email'",
                   mysql_real_escape_string($newpassword));


// formating the mail posting
// headers here
       $headers4="admin@website.com";  // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// mail funciton will return true if it is successful
if(mail("$em","website.com - Reset Password Request","
Hello $row->firstname, <br> <br>
This email is in response to your request for login details at website.com <br><br>
 Your new password: $emailpassword <br><br>
 Please <a href='http://website.com/test/login.php'  rel='nofollow' >
Log In
</a> <br><br>
Thank You <br> <br>
Site Admin","$headers"))
{echo "<center><b>Thank You</b><br><br>
Your password is posted to your email address.
Please check your email account. </center>";}
else{// there is a system problem in sending mail
echo " <center>There is a problem in sending login details to your address.
Please contact Site Admin: . <br><br>";}
}
?>

 

Yes, on line 14 you need to fix your query as was already mentioned.

 

And why the single quotes in your mysql_real_escape_string() function?

 

$email=mysql_real_escape_string('$email');

 

I think you're trying to build applications that are waaaaay too advanced for you.  You clearly haven't grasped the fundamentals of PHP yet.  Perhaps you need to take a couple steps back and start learning from the very beginning (again?)

Edited by mrMarcus
Link to comment
Share on other sites
Jessica Advanced Member

Jessica

Posted
Posted

I think you're trying to build applications that are waaaaay too advanced for you.  You clearly haven't grasped the fundamentals of PHP yet.  Perhaps you need to take a couple steps back and start learning from the very beginning (again?)

We've been telling him this for a year.

Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

Do you guys really have to be so rude.

 

Everytime I work on my site it progresses. I have no choice but to go down this route. I wish I could hire someone but I cant afford it. I know what my objective is and Im getting there with it.

 

I think I've made the changes you have suggested but it is still not working. Any suggestions please. Once I can get the new password to insert into the database it should be okay.

 

 

$email=$_POST[email];
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  // validation passed now we will check the tables
$query = "SELECT * FROM users WHERE email = '$email'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font size='2' ><b>No Password</b><br>
Sorry, your email address is not in the database . You can signup and login to use our site.
<BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}
//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, ;

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

  $query = sprintf("UPDATE users SET password = '%s'
    WHERE email = $email",
			    mysql_real_escape_string($newpassword));


// formating the mail posting
// headers here
    $headers4="admin@website.com";  // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// mail funciton will return true if it is successful
if(mail("$em","website.com - Reset Password Request","
Hello $row->firstname, <br> <br>
This email is in response to your request for login details at website.com <br><br>
 <b>Your new password: $emailpassword </b><br><br>
<a href='http://website.com/test/login.php'  rel='nofollow' >Log In</a> with your new password to access website.com
<br><br>
Thank You <br> <br>
Site Admin","$headers"))
{echo "<center><b>Thank You</b><br><br>
Your password is posted to your email address.
Please check your email account. </center>";}
else{// there is a system problem in sending mail
echo " <center>There is a problem in sending login details to your address.
Please contact Site Admin: . <br><br>";}
}

Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

Thanks,

 

Now it fails to recognise that the email address I am entering is correct. It echoes the message that the email address is not in the database.

 

$email=$_POST[email];
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  // validation passed now we will check the tables
$query = "SELECT * FROM users WHERE email = '$email'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font size='2' ><b>No Password</b><br>
Sorry, your email address is not in the database . You can signup and login to use our site.
<BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}
//Generate a RANDOM MD5 Hash for a password
$random_password=md5(uniqid(rand()));

//Take the first 8 digits and use them as the password we intend to email the user
$emailpassword=substr($random_password, 0, ;

//Encrypt $emailpassword in MD5 format for the database
$newpassword = md5($emailpassword);

  $query = sprintf("UPDATE users SET password = '%s'
    WHERE email = '$email'",
			    mysql_real_escape_string($newpassword));


// formating the mail posting
// headers here
    $headers4="admin@website.com";  // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
$headers .= "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// mail funciton will return true if it is successful
if(mail("$em","website.com - Reset Password Request","
Hello $row->firstname, <br> <br>
This email is in response to your request for login details at website.com <br><br>
 <b>Your new password: $emailpassword </b><br><br>
<a href='http://website.com/test/login.php'  rel='nofollow' >Log In</a> with your new password to access website.com
<br><br>
Thank You <br> <br>
Site Admin","$headers"))
{echo "<center><b>Thank You</b><br><br>
Your password is posted to your email address.
Please check your email account. </center>";}
else{// there is a system problem in sending mail
echo " <center>There is a problem in sending login details to your address.
Please contact Site Admin: . <br><br>";}

Link to comment
Share on other sites
mrMarcus Member

mrMarcus

Posted
Posted

Thanks,

 

Now it fails to recognise that the email address I am entering is correct. It echoes the message that the email address is not in the database.

 

Which "message" are you referring to, precisely?  I'm assuming the 'Sorry, your email is not in the database...'

 

echo $query; // just below that query

 

And see if you are receiving expected results.  Double check your table name (`users`) and your column name (`email`) that they exist.

 

I also noticed that your second query doesn't actually fire.  mysql_query() is not called on it at any time:

 

$query = sprintf("UPDATE users SET password = '%s' WHERE email = '$email'", mysql_real_escape_string($newpassword));

 

So the password will never be updated.

Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

And precisely what steps have you taken to debug this issue on your own?

 

Your right, when I echo the email address it does display the email address I have entered into the form. It doesn't seem to be comparing the email address in the form with the email address in the database.

 

Can anyone advise how I debug this?

Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

When I do this it echoes the email I have entered into the form and the email address in the form. So I know that the database and row terms are correct. Its just the process of comparing the email from the form agains the email address in the database.

 

echo "$email";
echo "<br><br>";
echo $row['email'];

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.