Reset Password.

[timmy0320]

Alright, I've been sitting here for a while now trying to get this to work. I've tried everything that *I* could think of to get this to work. When my users register they create a security question. So when they go to reset their password. I have it going to a page to enter their email address. After they enter their email address (with proper validation of email and grabbing their security question), it sends to the next page by checking if the form has been submitted it then displays in text as an example below

 

Email: name@host.com

Security Question: What is your last name?

Answer: <text input>

 

Once they submit this part of the form it goes through a process.php file. I have a referrer variable set in that and if the information is incorrect it will send them back to entering their email, i tried saving the email as a session after the first form is submitted. I tried quite a few things. I can understand the concept if someone can explain how this should be done step by step and then if I need any help coding I can come back. I've been breezing through my pages but this one seems to give me a hell of a time! If I got one part to work, the other wouldn't. lol

Thanks

[aebstract]

I don't really get your question, you're having trouble comparing the answer to the answer they original had for the security question?

[vicodin]

Ill try my best.

Page1: EMail input form.

Page2: validate the email address against your db, if it matches then get the security question if not then relocate back to the email input form.

Page3: Show user security question and have an input form for the answer.

Page4:Get users answer and check it against the database and if its ok then use the mail function and send them their password if its not correct send them back to the email input form.

 

Thats it.

[timmy0320]

Ok, all my pages process through process.php (register,login, etc.) so I'm creating a reset password page.

 

So you load user.php?do=resetpw This is what you will get:

 

Enter email address registered to account: <text>

 

Let's say you submit name@host.com then it verifies the email (formatting, if its in the database, etc.). The next page pulls your security question out of the database:

 

Email: name@host.com

Security Question: What is your last name?

Answer: <text input>

 

When you submit your answer it goes through a process.php which has a referrer (via $_SERVER['REQUEST_URI']). Well.... it came from user.php?do=resetpw, so if theres an error in submitting the answer, it sends it back (which will bring it back to page one of entering the email address). I tried creating an additional variable pass which the URL would then have been user.php?do=resetpw&id=randomstring. I tried saving the string to sessions so the process.php would send it back to the right spot and everything I just can't seem to get it to work EXACTLY right. After I did all that and tried to check if the form was submitted against the $_GET ,etc. ,etc. it was allowing blank emails after that and it wasn't working. It was either checking the emails or the answers. I couldn't get both of them to work at the same time. If you need some more explanation let me know. I would post the code but I tried so many different things I just decided to start from scratch (still got my functions though because they all work)

[timmy0320]

I got it somewhat figured out, then I started arranging my code to make it look a little better than what it was. I'll post the code then explain what it's doing.

 

 // reset form processed.
if(isset($_SESSION['resetsuccess'])) {
   // reset password successful.
   if($_SESSION['resetsuccess']){
      echo RESET_SUCCESS;
   } else {
      echo RESET_ERROR;
   }
   session_destroy();
}


$form =    ** HTML FORM TO ENTER PASSWORD **
              ** POST AS RESETPASS TO PROCESS.PHP **
              ** POSTS SESSION EMAIL AND QUESTION IN TEXT **
              ** HAS A TEXT BOX TO ENTER ANSWER **



if (isset($_POST['resetpw']) && $session->checkEmail($_POST['email'])) {
      $_SESSION['email']     = $_POST['email'];
      $fetchit                    = $database->getUserInfo(mysql_real_escape_string($_SESSION['email']));
      $q                           = $fetchit['security_q'];
      $_SESSION['q']          = $q;

      echo $form;
      echo "Test1";
} elseif ($_GET['id'] == $_SESSION['id']) {
      echo $form;
      echo "Test2";


// user has not submitted email address yet
} else {
$_SESSION['id']        = md5(uniqid(dechex(rand())));
?>
**** HTML TO ENTER EMAIL ADDRESS *****
**** POSTS AS RESETPW ******
    <?php
}
    ?>

 

Now what it's doing is it's displaying is TEST2 form, my guess is because the ID and SESSION ID are blank and not set.  I even put isset() in front of the SESSION['id'] and the GET['id'] but it still displays that page. Anyone got any suggestions as to how to get passed this before I re-do it again. I feel as if I've finally almost got it though. I was thinking of moving the first part of the reset password process (at the bottom of the code) to the middle making it an ELSE if the form hasn't been submitted. but then it would generate a new SESSION['id'] everytime and since it goes through process.php on the answer submission and if the answer is wrong it sends it back via the $_SESSION['id'] and the form RESETPW would no longer be TRUE so it would start back at point A entering your email address.

[timmy0320]

Just thought I'd let you guys know I figured it out.

 

I changed:

} elseif ($_GET['id'] == $_SESSION['id']) {

 

To this:

} elseif (isset($_SESSION['id']) && $_SESSION['id'] == isset($_GET['id'])) {

 

 

Appreciate the help anyways.