Jump to content

Forgot Password


Hampe

Recommended Posts

Hi guys!

 

I have a Forgot Password script that works, but not with the new codelines..

 

My create script:

<b>NOTERA:</b> Fälten märkta med <span style="color:red">*</span> måste fyllas i <br /><br />
			<form action="mail.php" method="POST" id="mailSetupForm" name="mailform">
			<table style="font-size:14px;color:#535353;">
			<tr><td><b>Ditt namn:</b></td><td><input type="text" name="name" size="10"> </td></tr>
			<tr><td><b>E-Mail: <span style="color:red">*</span></b></td><td><input type="text" name="user" id="user" size="10"><b> @ <select name="domain" id="domain">
			<option id="1" value="domain.se">domain.se</option></select></b>
			</td></tr>
			<tr><td><b>Din privata E-Mail: <span style="color:red">*</span></b></td><td><input type="text" name="email2" id="email2" size="10"> <i>För återställning av lösenord</i></td></tr>
			<tr><td><b>Lösenord: <span style="color:red">*</span></b></td><td><input type="password" name="pass1" size="10"> <i>Välj ett säkert lösenord. Använd gärna både tecken och bokstäver</i></td></tr>
			<tr><td><b>Lösenord igen: <span style="color:red">*</span></b></td><td><input type="password" name="pass2" size="10"> <i>(Bekräftelse)</i></td></tr>
			<tr><td><b>Kod:</b></td><td><input type="text" name="kod" size="10" value="<?php echo $a ?>" readonly="readonly"> <i>Spara koden! Används när du requestar nytt lösenord</i></td></tr>

			<tr><td> <div align="left"><input type="submit" name="submit" id="button" value="Skapa"></div></td></tr></table> </fieldset>
			</form>

The Forgot Pass form looks like this:

<form action="">
Email:
<input type="text" name="email" />
<input type="submit" value="Ändra lösenord" />
</form>

Forgot Pass Script:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<?php

if(!isset($_GET['email'])){
	                  echo'<form action="">
	                      Email:
	                         <input type="text" name="email" />
	                         <input type="submit" value="Ändra lösenord" />
	                         </form>'; exit();
				       }
$email=$_GET['email'];
include("settings.php");
connect();
//$q="SELECT accountaddress from hm_accounts where accountaddress='".$email."'";
$q="SELECT * from hm_accounts where accountaddress='".$email."' and email2='".$email2."'";
$r=mysql_query($q);
$n=mysql_num_rows($r);
if($n==0){echo "Emailadressen finns inte <br /> <button onclick='javascript:history.go(-1)'>Gå tillbaka</button>";die();}
$token=getRandomString(20);
$q="INSERT into tokens (token,email) values ('".$token."','".$email."')";
mysql_query($q);
function getRandomString($length) 
	   {
    $validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZabcdefghijklmnopqrstuvwxyz123456789";
    $validCharNumber = strlen($validCharacters);
    $result = "";

    for ($i = 0; $i < $length; $i++) {
        $index = mt_rand(0, $validCharNumber - 1);
        $result .= $validCharacters[$index];
    }
	return $result;}
 function mailresetlink($to,$token){
$subject = "Glömt lösenord - Website";
$uri = 'http://'. $_SERVER['HTTP_HOST'] ;
$message = '
<html>
<head>
<title>Glömt lösenord - Website</title>
</head>
<body>
<p>Klicka på länken för att ändra ditt lösenord, <a href="'.$uri.'/test/reset.php?token='.$token.'">LÄNK</a></p>

</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: NiceMail<noreply@domain.se>' . "\r\n";
$headers .= 'Cc: Admin@example.com' . "\r\n";

if(mail($email2,$subject,$message,$headers)){
	echo "Mailet med länken för att ändra ditt lösenord är skickat till <b>".$email2."</b>"; 
}}

if(isset($_GET['email']))mailresetlink($email,$token);

?>

Now, then a user want to request a new password, they type in the "new" emailaddress. From that table it should get their private email (email2) and send the mail there, but it wont...

 

Do you guys have any idea?

 

PS: If the info is bad, just name it and I will try to tell you the problem better..

 

// Hampe

Edited by Hampe
Link to comment
Share on other sites

If the "if mail" is:

if(mail($to,$subject,$message,$headers))

I can send a mail. But if I use "$to", the mail will be sent to the "created" email address. The mail should be sent to the "private" email address to recover the "created". (I hope you understand)

 

And yes, I am able to use the mail function, IF I use:

$q="SELECT accountaddress from hm_accounts where accountaddress='".$email."'";

Instead of:

$q="SELECT * from hm_accounts where accountaddress='".$email."' and email2='".$email2."'";

And

if(mail($to,$subject,$message,$headers))

Instead of:

if(mail($email2,$subject,$message,$headers))
Edited by Hampe
Link to comment
Share on other sites

Then....where did you define $email2 variable in the script above?

Before to call if(mail($email2,$subject,$message,$headers) can you echo it?

echo $email2; exit; 

if(mail($email2,$subject,$message,$headers)
Edited by jazzman1
Link to comment
Share on other sites

It is the script to create the mailaccount. I just showed you the form setup so you could see the input names.. mail.php doesn´t have anything to do with the Forgot Password function

Edited by Hampe
Link to comment
Share on other sites

Well, still not working..

 

Here is the code, with the changes:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<?php
//fil namn: forgotpassword.php
//Titel: Glömt lösenord
if(!isset($_GET['email'])){
	                  echo'<form action="">
	                      Email:
	                         <input type="text" name="email" />
	                         <input type="submit" value="Ändra lösenord" />
	                         </form>'; exit();
				       }
$email=$_GET['email'];
include("settings.php");
connect();
//$q="SELECT accountaddress from hm_accounts where accountaddress='".$email."'";
$q="SELECT * from hm_accounts where accountaddress='".$email."' and email2='".$email2."'";
$r=mysql_query($q);
$n=mysql_num_rows($r);
if($n==0){echo "Emailadressen finns inte <br /> <button onclick='javascript:history.go(-1)'>Gå tillbaka</button>";die();}
$token=getRandomString(20);
$q="INSERT into tokens (token,email) values ('".$token."','".$email."')";
mysql_query($q);
function getRandomString($length) 
	   {
    $validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZabcdefghijklmnopqrstuvwxyz123456789";
    $validCharNumber = strlen($validCharacters);
    $result = "";

    for ($i = 0; $i < $length; $i++) {
        $index = mt_rand(0, $validCharNumber - 1);
        $result .= $validCharacters[$index];
    }
	return $result;}
 function mailresetlink($to,$token){
$subject = "Glömt lösenord - NiceMail";
$uri = 'http://'. $_SERVER['HTTP_HOST'] ;
$message = '
<html>
<head>
<title>Glömt lösenord - NiceMail</title>
</head>
<body>
<p>Klicka på länken för att ändra ditt lösenord, <a href="'.$uri.'/test/reset.php?token='.$token.'">LÄNK</a></p>

</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: NiceMail<noreply@domain.se>' . "\r\n";
$headers .= 'Cc: Admin@example.com' . "\r\n";

if(mail($email2,$subject,$message,$headers)){
	echo "Mailet med länken för att ändra ditt lösenord är skickat till <b>".$email2."</b>"; 
}}

if(isset($_GET['email']))mailresetlink($email,$token);

?>
Link to comment
Share on other sites

one of the points of using functions is that after you write and test them, you can put them aside in a library file (that gets included into your main code.) this removes the clutter from the main code and all you have in front of you in your main code is the logic you are trying to create for the main code.

 

to call a function with a different input value, all you need to do is supply that different value when you call the function. the code inside the function remains unchanged.

 

your goal is to accept the $_GET['email'] value as an input to your program, retrieve the corresponding email2 value from your database table, and send an email using that email2 value. given that your original query was -

$q="SELECT accountaddress from hm_accounts where accountaddress='".$email."'";

the only things you need to change are -

 

1) SELECT the emal2 column in the original query.

 

2) fetch the row the query returned, get the email2 value out of the fetched row, and use that email2 value in the correct places in the rest of the code.

Link to comment
Share on other sites

It didn´t go so well... I´m out of ideas, and my English failed for a bit..

 

mac_gyver: Thank you! I´m sure you did tell me exactly how to do, but as I said... My English failed for a bit. So, any tips or helping hands would be very good!

 

// Hampe

Edited by Hampe
Link to comment
Share on other sites

these are your two function definitions (i corrected the mailresetlink() function to use the original $to parameter.) put these into a file that you include into your main code -

<?php
function getRandomString($length)
{
    $validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZabcdefghijklmnopqrstuvwxyz123456789";
    $validCharNumber = strlen($validCharacters);
    $result = "";

    for ($i = 0; $i < $length; $i++) {
        $index = mt_rand(0, $validCharNumber - 1);
        $result .= $validCharacters[$index];
    }
return $result;
}

function mailresetlink($to,$token){
    $subject = "Glömt lösenord - Website";
    $uri = 'http://'. $_SERVER['HTTP_HOST'] ;
    $message = '
<html>
<head>
<title>Glömt lösenord - Website</title>
</head>
<body>
<p>Klicka på länken för att ändra ditt lösenord, <a href="'.$uri.'/test/reset.php?token='.$token.'">LÄNK</a></p>
</body>
</html>
';

    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
    $headers .= 'From: NiceMail<noreply@domain.se>' . "\r\n";
    $headers .= 'Cc: Admin@example.com' . "\r\n";

    if(mail($to,$subject,$message,$headers)){
        echo "Mailet med länken för att ändra ditt lösenord är skickat till <b>".$to."</b>";
    }
}

your main code, with the query and code to fetch the email2 column value -

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php

if(!isset($_GET['email'])){
    // no get variable - display the form
    echo'<form action="">
        Email:
        <input type="text" name="email" />
        <input type="submit" value="Ändra lösenord" />
        </form>';
    exit();
}

// the form has been submitted
$email=$_GET['email'];
include("settings.php");
connect();
$q=sprintf("SELECT email2 from hm_accounts where accountaddress='%s'",
        mysql_real_escape_string($email)
    );
$r=mysql_query($q);
$n=mysql_num_rows($r);
if($n==0)
{
    echo "Emailadressen finns inte <br /> <button onclick='javascript:history.go(-1)'>Gå tillbaka</button>";
    die();
}
list($email2) = mysql_fetch_array($r);
$token=getRandomString(20);
$q="INSERT into tokens (token,email) values ('$token','$email2')";
mysql_query($q);
mailresetlink($email2,$token);
Link to comment
Share on other sites

This is the code right know:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php

if(!isset($_GET['email'])){
    // no get variable - display the form
    echo'<form action="">
        Email:
        <input type="text" name="email" />
        <input type="submit" value="Ändra lösenord" />
        </form>';
    exit();
}

// the form has been submitted
$email=$_GET['email'];
include("settings.php");
connect();
$q=sprintf("SELECT email2 from hm_accounts where accountaddress='%s'",
        mysql_real_escape_string($email)
    );
$r=mysql_query($q);
$n=mysql_num_rows($r);
if($n==0)
{
    echo "Emailadressen finns inte <br /> <button onclick='javascript:history.go(-1)'>Gå tillbaka</button>";
    die();
}
list($email2) = mysql_fetch_array($r);
$token=getRandomString(20);
$q="INSERT into tokens (token,email) values ('$token','$email2')";
mysql_query($q);
mailresetlink($email2,$token);

function getRandomString($length)
{
    $validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZabcdefghijklmnopqrstuvwxyz123456789";
    $validCharNumber = strlen($validCharacters);
    $result = "";

    for ($i = 0; $i < $length; $i++) {
        $index = mt_rand(0, $validCharNumber - 1);
        $result .= $validCharacters[$index];
    }
return $result;
}

function mailresetlink($to,$token){
    $subject = "Glömt lösenord - Website";
    $uri = 'http://'. $_SERVER['HTTP_HOST'] ;
    $message = '
<html>
<head>
<title>Glömt lösenord - Website</title>
</head>
<body>
<p>Klicka på länken för att ändra ditt lösenord, <a href="'.$uri.'/test/reset.php?token='.$token.'">LÄNK</a></p>
</body>
</html>
';

    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
    $headers .= 'From: NiceMail<noreply@domain.se>' . "\r\n";
    $headers .= 'Cc: Admin@example.com' . "\r\n";

    if(mail($to,$subject,$message,$headers)){
        echo "Mailet med länken för att ändra ditt lösenord är skickat till <b>".$to."</b>";
    }
}

?>

It finds the emailaddress, and insert a token, which is good. But I dont get any mail with the link. And even if I take the token from the database and type it in browser and change my password, I can´t login..

Something just dont want to work in some way..

 

I think of something.. Shouldn´t this line:

$q="INSERT into tokens (token,email) values ('$token','$email2')";

be:

$q="INSERT into tokens (token,email) values ('$token','$email')";

?

Because $email2 contains the mailaddress where the mail will be sent, and $email is the mailaddress that will be changed. Or am I wrong?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.