Jump to content


Photo

Forgotten Password Form


  • Please log in to reply
18 replies to this topic

#1 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 30 March 2006 - 04:17 PM

Hi all, I am trying to create a forgotten password form from a tutorial and I was wondering if someone could clarify a couple of things for me.
I have the form on one page, and have its action set to this page,
it keep returning the results as-
"Sorry Your address is not there in our database . You can signup and login to use our site. "
I think that its because its not pulling the email address, I want to change the

$query="SELECT email,username,password FROM login WHERE email = $email";

to

$query="SELECT email,username,password FROM login WHERE email = $_POST[email";


am I on the right track? Because that's not working. and for the record Im new and Im trying!
Thanks Michelle


<?php require_once('../Connections/jobs.php'); ?>
<?php
if (
($_POST[email] == ""))
{

header ("Location: forgot_password.php");
exit;
}

$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}


echo "<br><br>";
if($status=="OK"){ // validation passed now we will check the tables
$query="SELECT email,username,password FROM login WHERE email = $email";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}

// formating the mail posting
// headers here
$headers4="admin@uspolicejobs.com"; // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// for html mail un-comment the above line

// mail funciton will return true if it is successful
if(mail("$em","Your Request for login details","This is in response to your request for login details at US POLICE JOBS \n \nLogin ID: $row->userid \n Password: $row->password \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";}

else{// there is a system problem in sending mail
echo " <center><font face='Verdana' size='2' color=red >There is some system problem in sending login details to your address. Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}

}
else {// Validation failed so show the error message
echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
?>

#2 Eddyon

Eddyon
  • Members
  • PipPipPip
  • Advanced Member
  • 30 posts
  • LocationEngland

Posted 30 March 2006 - 05:00 PM

Its $_POST['email'] :)

#3 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 30 March 2006 - 05:17 PM

Thanks for the response
thats what I thought, so I changed,
$query="SELECT email,username,password FROM login WHERE email = $email";

to

$query="SELECT email,username,password FROM login WHERE email = $_POST['email']";

and Im getting nothing but a blank page do you see anyother changes that should be made? Thanks for your help, Michelle

#4 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 30 March 2006 - 05:32 PM

Personally i awoid using post determination inside querys, i set them once for easy use.
I think your problem might be that you missed ' '

$email = $_POST['email'];

$query= mysql_query(" SELECT email,username FROM login WHERE email = '$email' ");


If not, try and echo your $post and see if its present and make sure it matches up with a row in your database
Also, is there a particular reason to fetch the password from the table?

#5 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 30 March 2006 - 05:58 PM

I want to make sure I understand things right-
if I set-

$email=$_POST['email']

wont that conflict with-

$email=mysql_real_escape_string($email);

thats was why I was thinking of doing the

$query="SELECT email,username,password FROM login WHERE email = $_POST['email']";

Also I did a echo and and it does match up to a record in the database. Sorry for the newbie questions I want to make sure I'm learning from this to so I'm not back on here tomorrow begging for help!


That makes sense so if I set
[!--quoteo(post=360072:date=Mar 30 2006, 09:32 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 09:32 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Personally i awoid using post determination inside querys, i set them once for easy use.
I think your problem might be that you missed ' '

$email = $_POST['email'];

$query= mysql_query(" SELECT email,username FROM login WHERE email = '$email' ");
If not, try and echo your $post and see if its present and make sure it matches up with a row in your database
Also, is there a particular reason to fetch the password from the table?
[/quote]


#6 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 30 March 2006 - 06:04 PM

No, you can simply do this:

$email = mysql_real_escape_string($_POST['email']);

#7 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 30 March 2006 - 06:21 PM

I do have a tendancy to make things more complicated then they are!

its still getting hung up on the query, I dont see anything else wrong there. Any other ideas?

Thanks for your help, Michelle


[!--quoteo(post=360079:date=Mar 30 2006, 10:04 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 10:04 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
No, you can simply do this:

$email = mysql_real_escape_string($_POST['email']);
[/quote]


#8 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 30 March 2006 - 06:31 PM

try this to see if it retrieves any query problems first
$st=mysql_query($query) or die(mysql_error());


#9 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 30 March 2006 - 07:06 PM

Ok I feel like Im getting somewhere:

the @yahoo must come from the email address I entered:

u have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1


[!--quoteo(post=360086:date=Mar 30 2006, 10:31 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 10:31 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
try this to see if it retrieves any query problems first
$st=mysql_query($query) or die(mysql_error());
[/quote]


#10 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 31 March 2006 - 04:33 AM

ok, what is your current script ?

#11 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 31 March 2006 - 05:29 AM

Oh Im so glad you havent given up,
here goes:
thanks for all your help, Michelle
<?php require_once('../Connections/jobs.php'); ?>
<?php
if (
($_POST[email] == ""))
{

header ("Location: forgot_password.php");
exit;
}
$email = mysql_real_escape_string($_POST['email']);
$status = "OK";
$msg="";
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){ // validation passed now we will check the tables
$query="SELECT email,username,password FROM login WHERE email = $email";
$st=mysql_query($query) or die(mysql_error());
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}

// formating the mail posting
// headers here
$headers4="admin@uspolicejobs.com"; // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// for html mail un-comment the above line

// mail funciton will return true if it is successful
if(mail("$em","Your Request for login details","This is in response to your request for login details at US POLICE JOBS \n \nLogin ID: $row->username \n Password: $row->password \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";}

else{// there is a system problem in sending mail
echo " <center><font face='Verdana' size='2' color=red >There is some system problem in sending login details to your address. Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}

}
else {// Validation failed so show the error message
echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
?>

[!--quoteo(post=360260:date=Mar 30 2006, 08:33 PM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 08:33 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
ok, what is your current script ?
[/quote]


#12 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 31 March 2006 - 01:35 PM

Ok, you still don't use [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] around $email in your query ( '$email' )
I made this for you to test:
<?php

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{
require_once('../Connections/jobs.php');

$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$row = mysql_fetch_array($st);
$email = $row['email'];
$user = $row['username'];
$pass = $row['password'];

echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>


#13 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 31 March 2006 - 04:04 PM

woohoo it worked!
So what is this doing looking for @ symbols and such?
$posted_email = htmlspecialchars($_POST['email']);

Im assuming this is checking for a valid email address right?

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))

this right here, I havent seen that before
if ($recs <> 1), is this prefered over the <1?

Out of curiosity after playing with it, if I enter a email address the first time it says the matched up statement but if I hit back and then enter it again it says no database found. What would cause that?

And i should be able to incorporate the mail stuff there at the bottom it will work, woohoo thank you so much, Michelle


[!--quoteo(post=360350:date=Mar 31 2006, 05:35 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 31 2006, 05:35 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Ok, you still don't use [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] around $email in your query ( '$email' )
I made this for you to test:
<?php

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{
require_once('../Connections/jobs.php');

$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$row = mysql_fetch_array($st);
$email = $row['email'];
$user = $row['username'];
$pass = $row['password'];

echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>
[/quote]

#14 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 31 March 2006 - 04:30 PM

Glad it worked,
try pulling out the --> require_once('../Connections/jobs.php'); from where i put it and place it on the page top. This should fix your database message.

The htmlchars just makes sure no illegal characters is being put inside the query to manipulate the query itself.
But i assume it was the missing [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] that was the latest actual problem you experienced.

The regex is checking emails, i prefer this in a function so i can use it on several pages/scrips when i need to.

The <> means different than - you only want to find 1 unique match, everything else is incorrect. And i assume you prevent duplicat email entrys upon users registration ?!

#15 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 31 March 2006 - 04:36 PM


Yes I do, Thank you so much for all your help! Michelle

#16 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 31 March 2006 - 04:50 PM

[!--quoteo(post=360406:date=Mar 31 2006, 08:36 AM:name=plazman65)--][div class=\'quotetop\']QUOTE(plazman65 @ Mar 31 2006, 08:36 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Yes I do, Thank you so much for all your help! Michelle
[/quote]
gosh this mail thing is a pain, umm I moved the connections to the top and the page stopped altogether. :(
you can see what I mean at
[a href=\"http://www.uspolicejobs.com/membershipservices/forgot_password.php\" target=\"_blank\"]http://www.uspolicejobs.com/membershipserv...ot_password.php[/a]
email address d_m2000@yahoo.com
I dont know if the link will help, Im also having a problem with a email script that has a attachment. Is it possible that the error is coming from something else?
Thanks, Michelle

#17 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 31 March 2006 - 05:12 PM

please post your current script again.... (or parts conserned)
Have you changed anything in your db connect script ?

#18 Plazman65

Plazman65
  • Members
  • PipPipPip
  • Advanced Member
  • 46 posts

Posted 01 April 2006 - 05:27 PM

Ok I took the afternoon off and got a good nights sleep. Im getting the email's now wooohooo, Im excited about that! Im having two problems
, one is that if i go right to the password form and enter the email address, that works but lets say I misenter it and hit back, then re-enter it I get no database selected again. I havent changed anything in the connections page and all the others are working smoothly.I did move connection to the top.

Also Im having a heck of a time getting a subject to show up. Ive tried every version that I can think of but it always shows up in the email itself.
Here's the code that I have, I havent changed the messages yet. Im doing one thing at a time so I know what works and not.
I really appreciate all the help. Thanks, Michelle

<?php require_once('../Connections/jobs.php'); ?>
<?php

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{


$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
$row = mysql_fetch_array($st);
$email = $row['email'];
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$user = $row['username'];
$pass = $row['password'];
$email=$row['email'];
//
$to = "$email";
$emailFrom = "admin@uspolicejobs.com";
$emailSubject = "Forgotten pw form";
$msg ="E-MAIL SENT FROM US POLICE JOBS\n";
$msg.="Username:\t$user\n";
$msg.="Password\t$pass\n";

mail($to,$emailfrom,$emailsubject,$msg);
echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>


#19 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 01 April 2006 - 06:56 PM

I changed from require_once to just required as this will require the db file each time the page is reloaded.

Also added som headers to your email script and altered a bit on your email parameters, also making it steer clear of most spam filters - ripped this out of my own email function so i havent tested THIS -but it should work. You should also consider making a email function that contains all header info etc. so you wouldn't need to write it all each time you write a email script. Also makes things a lot easier if you ever need to modify.

Try this out:
<?php

require('../Connections/jobs.php');

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{


$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
$row = mysql_fetch_array($st);
$email = $row['email'];
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$user = $row['username'];
$pass = $row['password'];
$email=$row['email'];
//

$to = "$email";
$emailFrom = "admin@uspolicejobs.com";
$emailSubject = "Forgotten pw form";

$eol="\r\n";
$headers .= "From: $emailFrom <$emailFrom>".$eol;
$headers .= "Reply-To: $emailFrom <$emailFrom>".$eol;
$headers .= "Return-Path: $emailFrom <$emailFrom>".$eol;
$headers .= "X-Mailer: PHP v".phpversion().$eol;
$headers .= "Date: ".date("r").$eol;
$headers .= "Message-ID: <".date("YmdHis")."uspolicejobs@".$_SERVER['SERVER_NAME'].">".$eol;
$mime_boundary=md5(time());
$headers .= 'MIME-Version: 1.0'.$eol;
$headers .= "Content-Type: multipart/related; boundary=\"".$mime_boundary."\"".$eol;
$msg = "";
$msg .= "--".$mime_boundary.$eol;
$msg .= "Content-Type: text/plain; charset=iso-8859-1".$eol;
$msg .= "Content-Transfer-Encoding: 8bit".$eol;

$msg2 ="E-MAIL SENT FROM US POLICE JOBS".$eol;
$msg2.="Username:\t$user".$eol;
$msg2.="Password\t$pass".$eol;

$msg .= $eol.$eol.$msg2.$eol.$eol;
$msg = wordwrap($msg, 70);


if(ini_get('safe_mode'))
{
mail($to, $emailSubject, $msg, $headers);
}
else
{
mail($to, $emailSubject, $msg, $headers, "-f" . $emailFrom);
}


echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users