...

View Full Version : Password Recovery



Jon W
01-19-2008, 12:40 PM
I can't seem to get this script to work at all. Its not giving me any errors or anything, but yet its not displaying the form if the random key matchs and so on. If I could get some help understanding why this might be, it would be such a great help.

Please do understanding this is not being used on my site, so users wont be using this. This is just samply for learning purpose only.

Thanks
Jon W




<?php
if(isset($_GET['user_id']) !='')
{
include('db.php');

$user_id = $_GET['user_id'];

$query = mysql_query("SELECT user_id, random_key FROM recovery WHERE user_id = '$user_id'") or die('Database error: ' . mysql_error());

if(mysql_num_rows($query) > 0)

{

$row = mysql_fetch_assoc($query);

if($_GET['key'] != $row['random_key'])
{
$error = 'This key is invalid';
}
else
{

?>

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<input name="newpass" type="password" />
<input name="retype" type="password" />
<input name="submit" type="submit" value="Change Password" />
</form>

<?php

if(isset($_POST['submit']) == true && $_POST['newpass'] == $_POST['retype'])
{

$newpsss = mysql_real_escape_string(md5($_POST['newpass']));

$allow = mysql_query("UPDATE INTO users SET password = '$newpass' WHERE user_id = '$user_id'") or die('Database error: ' . mysql_error());

mysql_close($con);

}
else
{
$error = 'Your <b>new Password</b> does not match.';
}
}
}
}

echo($error);


?>

Jon W
01-19-2008, 03:09 PM
Any idea at all would be great. :)

oesxyl
01-19-2008, 03:23 PM
I can't seem to get this script to work at all. Its not giving me any errors or anything, but yet its not displaying the form if the random key matchs and so on.




<?php
print_r($_GET); // for debug
if(isset($_GET['user_id']) !='') {
include('db.php');
$user_id = $_GET['user_id'];
$query = mysql_query("SELECT user_id, random_key FROM recovery WHERE user_id = '$user_id'") or die('Database error: ' . mysql_error());
if(mysql_num_rows($query) > 0) {
$row = mysql_fetch_assoc($query);
if($_GET['key'] != $row['random_key']) {
$error = 'This key is invalid';
} else {
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<input name="newpass" type="password" />
<input name="retype" type="password" />
<input name="submit" type="submit" value="Change Password" />
</form>
<?php
if(isset($_POST['submit']) == true && $_POST['newpass'] == $_POST['retype']) {
$newpsss = mysql_real_escape_string(md5($_POST['newpass']));
$allow = mysql_query("UPDATE INTO users SET password = '$newpass' WHERE user_id = '$user_id'") or die('Database error: ' . mysql_error());
mysql_close($con);
} else {
$error = 'Your <b>new Password</b> does not match.';
}
}
} // this close the if(mysql_num_rows > 0) and a 'else error' miss
}
echo($error);
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum