Forgotten password page [PHP/CSS]

[Php_learner123]

Hi, I have a CMS, I am creating a forgotten password page, the page will require a user to enter an email address and the code will find it in the database and send them an email, in my database, i have multiple users accounts assigned to one email address. I want it so that if the user enters an email address and it was more than one accuont assigned to it, to error a message saying please contact your admin, but atm, it is not doing this. Any suggestions?

forgotten password page code:

 

I have pasted the forgotten page code here:

 

<?php
$cms_page["allow_unauth"] = true;
require_once "cms_base.php";


$errors = new userErrors();
if (isset ($_POST['submit'])) {

$user_email = $_POST['user_email'];
if($user_email){
if ($errors->totalErrors() == 0) {
$user = new cmsUser($user_email);
$found = $user->lookupByEmail($user_email);
$numfound = $
if ($found) {
$user->sendPasswordResetEmail();
$str_Message = '<div class="success_message">User found, an email has been dispatched to you.</div>';
} elseif ($found) {
$errors->defineError("too_many_users", "please contact your admin", array());
}else{ 
$errors->defineError("user_not_found", "The specified user could not be found.  Please try again.", array());
}
}
}else{
$errors->defineError("missing_email","please enter an email address",array());
}
}
$cms_page["title"] = "Lucid Portal Reset Password";
$crumbData = array(array("url"=>"forgottenpassword.php", "name"=>"Reset Password"));
?>
<?php require "includes/cms_template_top.php"; ?>
<div class="boxFullWidth">
<div class="boxContent centered" style="width:700px;">
<div style="margin-left:110px;">
<h1>Enter your email address to reset your password</h1>
</div>
<div style="clear:both;"></div>
<?php echo $errors->outputList(); ?>
<?php if (isset($str_Message)) echo $str_Message; ?>
<form action="forgottenpassword.php" method="POST">
<div class="formFieldLabel" style="width:100px;">Email: </div>
<div class="formField">
<input type="text" name="user_email" size="25" class="textbox200" /></div>
<div style="clear:both;"></div>
<div style="margin:3px 0 3px 110px;">
<input type="submit" name='submit'  value="Reset Password" class="cmsButton" /></div>
<div style="clear:both;"></div>
</form>
</div>
</div>

<?php require "includes/cms_template_bottom.php";?>

i have posted the snippet of a code from which i take the db information from:

 

function code: 
function lookupByEmail($userID) {
global $db;
$this->id = $userID;
$qry = " SELECT user_id,
user_first_name,
user_last_name,
user_username,
user_email,
user_suspended
FROM cms_users
WHERE user_email = " . $db->SQLString($this->id) . "
AND user_deleted = 0;";
$rs = $db->query($qry);
if ($rs && $rs->num_rows == 1) {
$this->setUserData($rs->fetch_assoc());
return true;
}
if ($rs && $rs->num_rows > 1) {
return;
}
return false;
}

 

[fife]

 you seem to be posting in the $user_email instead of the $userID. you should change the $this->id to email to make it easier to read.  Under the 

 

1. if ($rs && $rs->num_rows > 1) {
2. return;
3. }

 

just return an error message  

 

return "Some error message";

Edited December 16, 2014 by fife