Jump to content

Update new password in database ?


coop

Recommended Posts

Hi all,

 

I'm having real problems with this code that creates a new password for a customers account and then emails it to them (if they have forotten there password when loggin in 0).

 

The code tests if the email is in the database which seem to work fine, then generates a random 7 character password which works, and then emails this to the email which also works. The problem is it's not being updated in the database. This has been driving me med all day so any help would be much appreicated.

 

The code uses a database class that acts the same as the mysqli class.

 

[pre]


<?php
require_once('database.php');
require('phpmailer/class.phpmailer.php');
if (!get_magic_quotes_gpc()) {
  foreach($_POST as $key=>$value) {
    $temp = addslashes($value);
    $_POST[$key] = $temp;
    }
  }

$db = new Database('localhost','root','root','Test');
$sql = 'SELECT * FROM Customers WHERE userMail = "'.$_POST['user_Mail'].'"';
$result = $db->query($sql);
$numRows = $result->num_rows;
if($numRows < 1){
$noEmail = 'That email is not in the database.';
echo 'notHere=y&message='.urlencode($noEmail);
}else{
$row = $result->fetch_assoc();
$username = $row["userName"];
//echo $username;
$rand_string = '';
   for($a=0;$a<7;$a++){
      do{
        $newrand = chr(rand(0,256));
      } while(!eregi("^[a-z0-9]$",$newrand));
      $rand_string .= $newrand;
   }
   $pwd_to_insert = md5($rand_string);
   $sqlUpdate = 'UPDATE Customers SET userPassword = "$pwd_to_insert" 
							 WHERE userName = "$username" AND userMail = "'.$_POST['user_Mail'].'"';						
	$mail = new PHPMailer();
	$mail->IsSMTP(); 
	$mail->Host = "smtp.mysite.com"; 
	$mail->Mailer = "smtp";
	$mail->From = "[email protected]";
	$mail->AddAddress("[email protected]");
	$mail->Subject = "Login password";
	$mail->Body = "\n\n\n\nYou requeted that a new password be sent to ".$_POST['user_Mail']."\n\n"."User Name : ".$username."\n\nYour new password is : ".$rand_string."\n\n\n\nIf you have further problems please contact the mysite support staff.";
	$mail->WordWrap = 50;
	if(!$mail->Send()){
		$noEmail = 'Email not sent';
		echo 'Mailer Error: ' . $mail->ErrorInfo;
	}else{
		$emailSent = 'Email sent';
		echo 'email=y&message'.urlencode($emailSent);
	}	
}
?>

[/pre]

Link to comment
https://forums.phpfreaks.com/topic/68073-update-new-password-in-database/
Share on other sites

Hi coop,

 

You'll have to break out of the quotes in your sqlUpdate string to substitute the values for username and password, like so:

 

$sqlUpdate = 'UPDATE Customers SET userPassword = "' . $pwd_to_insert . '" WHERE userName = "' . $username . '" AND userMail = "'.$_POST['user_Mail'].'"';	

 

By using single quotes for your literal string, the variables are not expanded unlike double-quoted strings.

 

Cheers,

Darren.

Thanks Darren,

 

Could you explain why this works - I'm newish to php and some things aren't making sense.

I know the difference with single and double quotes - if it's double quotes the value of the variable is parsed, but here you have " ' ' " - single quotes within double quotes.

 

Thanks for you time.

 

c.

Not really. He has double quotes inside the string. It's how to make a string inside a string basically, for SQL.

I would do it this way:

$sqlUpdate = "UPDATE Customers SET userPassword = '$pwd_to_insert' WHERE userName = '$username' AND userMail = '".$_POST['user_Mail']."'";	

 

It's the same thing.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.