ianhaney Posted January 27, 2013 Share Posted January 27, 2013 In my login.php file I got a forgot password text field as well so the user can put their email address in and have a email sent containing their password But am getting the following error and have no idea why Login Failed. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' WHERE 'username' ='.'' at line 1 Any ideas Thank you in advance Ian Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/ Share on other sites More sharing options...
White_Lily Posted January 27, 2013 Share Posted January 27, 2013 Can you post the code associated with the forgotten password. Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/#findComment-1408505 Share on other sites More sharing options...
ianhaney Posted January 27, 2013 Author Share Posted January 27, 2013 Hi white lily you ok Yeah sure it is below <div id="forgotpw"> Forgot Password - use form below to reset the password <br> <form name="forgot" method="post" action="<?php $_SERVER['PHP_SELF'];?>"> <p><label for="email">Email:</label> <input name="email" type="text" value="<?=$email; ?>" size="25"/> </p> <input type="submit" name="submit" value="submit"/> <input type="reset" name="reset" value="reset"/> </form> </div> AND THIS AS WELL I THINK $row=mysql_fetch_array($query); $password=$row["password"]; $email=$row["email"]; $subject="your password"; $header="from:noreply@cptevents4.co.uk"; $content="your password is $password"; mail($email, $subject, $row, $header); print "An email containing the password has been sent to you"; } else { echo("no such login in the system. please try again."); } Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/#findComment-1408506 Share on other sites More sharing options...
White_Lily Posted January 27, 2013 Share Posted January 27, 2013 (edited) at the end of all your queries within your code, put: or die(mysql_error()); Also try this: print_r($queryVariable); EDIT: make sure the values of this output are what you expect, if not then there is a problem with your query. PS: Something that MIGHT also create this error "illegal characters" for MySQL, so you could try escaping all inputs with: mysql_real_escape_string(); Edited January 27, 2013 by White_Lily Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/#findComment-1408507 Share on other sites More sharing options...
Christian F. Posted January 27, 2013 Share Posted January 27, 2013 I strongly recommend that you read this article about secure login systems, you should never store passwords in clear text in your database. If you want a reason why: Just search the net for "password leak", and then reflect on how many sites you're using the same e-mail/username and password combination on. Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/#findComment-1408513 Share on other sites More sharing options...
ianhaney Posted January 27, 2013 Author Share Posted January 27, 2013 (edited) I thought it was all secured by hash and salt etc as when I look in the database, they passwords are all mixed up with letters and numbers Edited January 27, 2013 by ianhaney Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/#findComment-1408517 Share on other sites More sharing options...
Christian F. Posted January 27, 2013 Share Posted January 27, 2013 This bit of code tells a different story: $row=mysql_fetch_array($query); $password=$row["password"]; If you properly hashed and salted a password, it would be impossible to get back the original password. Hashing is a one-way operation, after all. Meaning that you'd have to generate a completely new and random password for the users, if they forgot their original password. (Or send them a password reset link, which they could use to set a new password.) Though, if the password appears to be hashed in the DB, it may very well just have been encrypted using MySQL ENCRYPT() function. Which pretty much exactly the same as storing it in clear text. Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/#findComment-1408520 Share on other sites More sharing options...
ianhaney Posted January 27, 2013 Author Share Posted January 27, 2013 I might see if there is a better login and registration system then with salting and hashing properly with a forget password feature as well Quote Link to comment https://forums.phpfreaks.com/topic/273692-forgot-password-help/#findComment-1408521 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.