Jump to content

Forgotten Password Form


Plazman65

Recommended Posts

Hi all, I am trying to create a forgotten password form from a tutorial and I was wondering if someone could clarify a couple of things for me.
I have the form on one page, and have its action set to this page,
it keep returning the results as-
"Sorry Your address is not there in our database . You can signup and login to use our site. "
I think that its because its not pulling the email address, I want to change the

$query="SELECT email,username,password FROM login WHERE email = $email";

to

$query="SELECT email,username,password FROM login WHERE email = $_POST[email";


am I on the right track? Because that's not working. and for the record Im new and Im trying!
Thanks Michelle


<?php require_once('../Connections/jobs.php'); ?>
<?php
if (
($_POST[email] == ""))
{

header ("Location: forgot_password.php");
exit;
}

$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}


echo "<br><br>";
if($status=="OK"){ // validation passed now we will check the tables
$query="SELECT email,username,password FROM login WHERE email = $email";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}

// formating the mail posting
// headers here
$headers4="admin@uspolicejobs.com"; // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// for html mail un-comment the above line

// mail funciton will return true if it is successful
if(mail("$em","Your Request for login details","This is in response to your request for login details at US POLICE JOBS \n \nLogin ID: $row->userid \n Password: $row->password \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";}

else{// there is a system problem in sending mail
echo " <center><font face='Verdana' size='2' color=red >There is some system problem in sending login details to your address. Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}

}
else {// Validation failed so show the error message
echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
?>
Link to comment
Share on other sites

Thanks for the response
thats what I thought, so I changed,
$query="SELECT email,username,password FROM login WHERE email = $email";

to

$query="SELECT email,username,password FROM login WHERE email = $_POST['email']";

and Im getting nothing but a blank page do you see anyother changes that should be made? Thanks for your help, Michelle
Link to comment
Share on other sites

Personally i awoid using post determination inside querys, i set them once for easy use.
I think your problem might be that you missed ' '

[code]
$email = $_POST['email'];

$query= mysql_query(" SELECT email,username FROM login WHERE email = '$email' ");
[/code]


If not, try and echo your $post and see if its present and make sure it matches up with a row in your database
Also, is there a particular reason to fetch the password from the table?
Link to comment
Share on other sites

I want to make sure I understand things right-
if I set-

$email=$_POST['email']

wont that conflict with-

$email=mysql_real_escape_string($email);

thats was why I was thinking of doing the

$query="SELECT email,username,password FROM login WHERE email = $_POST['email']";

Also I did a echo and and it does match up to a record in the database. Sorry for the newbie questions I want to make sure I'm learning from this to so I'm not back on here tomorrow begging for help!


That makes sense so if I set
[!--quoteo(post=360072:date=Mar 30 2006, 09:32 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 09:32 AM) [snapback]360072[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Personally i awoid using post determination inside querys, i set them once for easy use.
I think your problem might be that you missed ' '

[code]
$email = $_POST['email'];

$query= mysql_query(" SELECT email,username FROM login WHERE email = '$email' ");
[/code]
If not, try and echo your $post and see if its present and make sure it matches up with a row in your database
Also, is there a particular reason to fetch the password from the table?
[/quote]
Link to comment
Share on other sites

I do have a tendancy to make things more complicated then they are!

its still getting hung up on the query, I dont see anything else wrong there. Any other ideas?

Thanks for your help, Michelle


[!--quoteo(post=360079:date=Mar 30 2006, 10:04 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 10:04 AM) [snapback]360079[/snapback][/div][div class=\'quotemain\'][!--quotec--]
No, you can simply do this:

$email = mysql_real_escape_string($_POST['email']);
[/quote]
Link to comment
Share on other sites

Ok I feel like Im getting somewhere:

the @yahoo must come from the email address I entered:

u have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1


[!--quoteo(post=360086:date=Mar 30 2006, 10:31 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 10:31 AM) [snapback]360086[/snapback][/div][div class=\'quotemain\'][!--quotec--]
try this to see if it retrieves any query problems first
[code]
$st=mysql_query($query) or die(mysql_error());
[/code]
[/quote]
Link to comment
Share on other sites

Oh Im so glad you havent given up,
here goes:
thanks for all your help, Michelle
<?php require_once('../Connections/jobs.php'); ?>
<?php
if (
($_POST[email] == ""))
{

header ("Location: forgot_password.php");
exit;
}
$email = mysql_real_escape_string($_POST['email']);
$status = "OK";
$msg="";
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
// You can supress the error message by un commenting the above line
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){ // validation passed now we will check the tables
$query="SELECT email,username,password FROM login WHERE email = $email";
$st=mysql_query($query) or die(mysql_error());
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable
if ($recs == 0) { // No records returned, so no email address in our table
// let us show the error message
echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>";
exit;}

// formating the mail posting
// headers here
$headers4="admin@uspolicejobs.com"; // Change this address within quotes to your address
$headers.="Reply-to: $headers4\n";
$headers .= "From: $headers4\n";
$headers .= "Errors-to: $headers4\n";
//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;
// for html mail un-comment the above line

// mail funciton will return true if it is successful
if(mail("$em","Your Request for login details","This is in response to your request for login details at US POLICE JOBS \n \nLogin ID: $row->username \n Password: $row->password \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";}

else{// there is a system problem in sending mail
echo " <center><font face='Verdana' size='2' color=red >There is some system problem in sending login details to your address. Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}

}
else {// Validation failed so show the error message
echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
?>

[!--quoteo(post=360260:date=Mar 30 2006, 08:33 PM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 30 2006, 08:33 PM) [snapback]360260[/snapback][/div][div class=\'quotemain\'][!--quotec--]
ok, what is your current script ?
[/quote]
Link to comment
Share on other sites

Ok, you still don't use [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] around $email in your query ( '$email' )
I made this for you to test:
[code]
<?php

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{
require_once('../Connections/jobs.php');

$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$row = mysql_fetch_array($st);
$email = $row['email'];
$user = $row['username'];
$pass = $row['password'];

echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>
[/code]
Link to comment
Share on other sites

woohoo it worked!
So what is this doing looking for @ symbols and such?
$posted_email = htmlspecialchars($_POST['email']);

Im assuming this is checking for a valid email address right?

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))

this right here, I havent seen that before
if ($recs <> 1), is this prefered over the <1?

Out of curiosity after playing with it, if I enter a email address the first time it says the matched up statement but if I hit back and then enter it again it says no database found. What would cause that?

And i should be able to incorporate the mail stuff there at the bottom it will work, woohoo thank you so much, Michelle


[!--quoteo(post=360350:date=Mar 31 2006, 05:35 AM:name=alpine)--][div class=\'quotetop\']QUOTE(alpine @ Mar 31 2006, 05:35 AM) [snapback]360350[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Ok, you still don't use [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] around $email in your query ( '$email' )
I made this for you to test:
[code]
<?php

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{
require_once('../Connections/jobs.php');

$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$row = mysql_fetch_array($st);
$email = $row['email'];
$user = $row['username'];
$pass = $row['password'];

echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>
[/code]
[/quote]
Link to comment
Share on other sites

Glad it worked,
try pulling out the --> require_once('../Connections/jobs.php'); from where i put it and place it on the page top. This should fix your database message.

The htmlchars just makes sure no illegal characters is being put inside the query to manipulate the query itself.
But i assume it was the missing [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] that was the latest actual problem you experienced.

The regex is checking emails, i prefer this in a function so i can use it on several pages/scrips when i need to.

The <> means different than - you only want to find 1 unique match, everything else is incorrect. And i assume you prevent duplicat email entrys upon users registration ?!
Link to comment
Share on other sites

[!--quoteo(post=360406:date=Mar 31 2006, 08:36 AM:name=plazman65)--][div class=\'quotetop\']QUOTE(plazman65 @ Mar 31 2006, 08:36 AM) [snapback]360406[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Yes I do, Thank you so much for all your help! Michelle
[/quote]
gosh this mail thing is a pain, umm I moved the connections to the top and the page stopped altogether. :(
you can see what I mean at
[a href=\"http://www.uspolicejobs.com/membershipservices/forgot_password.php\" target=\"_blank\"]http://www.uspolicejobs.com/membershipserv...ot_password.php[/a]
email address d_m2000@yahoo.com
I dont know if the link will help, Im also having a problem with a email script that has a attachment. Is it possible that the error is coming from something else?
Thanks, Michelle
Link to comment
Share on other sites

Ok I took the afternoon off and got a good nights sleep. Im getting the email's now wooohooo, Im excited about that! Im having two problems
, one is that if i go right to the password form and enter the email address, that works but lets say I misenter it and hit back, then re-enter it I get no database selected again. I havent changed anything in the connections page and all the others are working smoothly.I did move connection to the top.

Also Im having a heck of a time getting a subject to show up. Ive tried every version that I can think of but it always shows up in the email itself.
Here's the code that I have, I havent changed the messages yet. Im doing one thing at a time so I know what works and not.
I really appreciate all the help. Thanks, Michelle

<?php require_once('../Connections/jobs.php'); ?>
<?php

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{


$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
$row = mysql_fetch_array($st);
$email = $row['email'];
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$user = $row['username'];
$pass = $row['password'];
$email=$row['email'];
//
$to = "$email";
$emailFrom = "admin@uspolicejobs.com";
$emailSubject = "Forgotten pw form";
$msg ="E-MAIL SENT FROM US POLICE JOBS\n";
$msg.="Username:\t$user\n";
$msg.="Password\t$pass\n";

mail($to,$emailfrom,$emailsubject,$msg);
echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>
Link to comment
Share on other sites

I changed from require_once to just required as this will require the db file each time the page is reloaded.

Also added som headers to your email script and altered a bit on your email parameters, also making it steer clear of most spam filters - ripped this out of my own email function so i havent tested THIS -but it should work. You should also consider making a email function that contains all header info etc. so you wouldn't need to write it all each time you write a email script. Also makes things a lot easier if you ever need to modify.

Try this out:
[code]
<?php

require('../Connections/jobs.php');

if(isset($_POST['email']))
{
if (!empty($_POST['email']))
{
$posted_email = htmlspecialchars($_POST['email']);

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email))
{


$st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error());
$recs = mysql_num_rows($st);
$row = mysql_fetch_array($st);
$email = $row['email'];
if ($recs <> 1)
{
echo "No unique match found on <b>$email</b> in the database";
}
else
{
// ok - do the email stuff and anything else needed here
$user = $row['username'];
$pass = $row['password'];
$email=$row['email'];
//

$to = "$email";
$emailFrom = "admin@uspolicejobs.com";
$emailSubject = "Forgotten pw form";

$eol="\r\n";
$headers .= "From: $emailFrom <$emailFrom>".$eol;
$headers .= "Reply-To: $emailFrom <$emailFrom>".$eol;
$headers .= "Return-Path: $emailFrom <$emailFrom>".$eol;
$headers .= "X-Mailer: PHP v".phpversion().$eol;
$headers .= "Date: ".date("r").$eol;
$headers .= "Message-ID: <".date("YmdHis")."uspolicejobs@".$_SERVER['SERVER_NAME'].">".$eol;
$mime_boundary=md5(time());
$headers .= 'MIME-Version: 1.0'.$eol;
$headers .= "Content-Type: multipart/related; boundary=\"".$mime_boundary."\"".$eol;
$msg = "";
$msg .= "--".$mime_boundary.$eol;
$msg .= "Content-Type: text/plain; charset=iso-8859-1".$eol;
$msg .= "Content-Transfer-Encoding: 8bit".$eol;

$msg2 ="E-MAIL SENT FROM US POLICE JOBS".$eol;
$msg2.="Username:\t$user".$eol;
$msg2.="Password\t$pass".$eol;

$msg .= $eol.$eol.$msg2.$eol.$eol;
$msg = wordwrap($msg, 70);


if(ini_get('safe_mode'))
{
mail($to, $emailSubject, $msg, $headers);
}
else
{
mail($to, $emailSubject, $msg, $headers, "-f" . $emailFrom);
}


echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!";
}
}
else
{
echo "Your email address is not correct";
}
}
echo "Please fill in your email adress";
}
else
{
// no post detected, show form ??
echo "No posted form detected";
}
?>
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.