Membership Problems

[Irksome]

Hi,

 

I am currently in the process of building a new website, and part of that involves a membership system.

 

I have created the membership system, it all works and logs in fine. The only thing I am having trouble with is passwords.

 

The first problem is that on my update profile page, I have made fields for name, password, email and a a textbox to enter information about yourself. The problem is that I have configured it so that if you enter an email that is already in the database, it doesen't let you update your profile. But by default, your email is entered into the field, and when you click OK it just updates the database with whatever you have put in the fields. So what code would I type so that it doesen't say that your email is already in use?

 

My second problem is the password field. When you type in a new password, it does not update the database with the new password. I think this is something to do with md5 encryption, but I don't know the exact code to put for that.

 

My last problem is that I have made a lost password form where you type in your email address and it mails your password to you. I have no idea how to do this though.

 

Any help on this would be greatly appreciated 

[mem0ri]

Sounds like you need to add some form validation to your registration form...

 

...when someone submits their e-mail address, check it against the e-mail addresses already stored and if there's no duplicate, o.k. it.  You should be able to do this work through PHP mostly with a simple MySQL:

SELECT email FROM users WHERE email = '$newemail'

Or something of the sort.

 

Secondly, an MD5 encryption requires that you have at least a 32 character VARCHAR on your database for storing it...as all MD5 encrypted strings are 32 characters long.

 

Finally...if you have a lost password form...the person submits their e-mail address to your form...you search the database for their e-mail address (see example simple SELECT above)...and then use the PHP mail() function to send them a new password.  You won't be able to pull out their old password if you're using MD5...so you'll have to use an UPDATE SQL statement to update the password and send a new one.