...

View Full Version : Forgot Password page



phpnewby
02-01-2012, 10:23 PM
I have very limited knowledge of PHP and have a working forgot password page that has the user input their email address and sends a temporary password. The problem that I am having is that the database is not updated to the new password so the user cannot login.

Can someone help me with the update password section in this code so that it will update the database? I know there are many ways to do this, I just need help with getting this code to work. Thank you. Any help is much appreciated.


<?php

if(ereg("memberforgotpassword.php",$_SERVER['PHP_SELF'])){
@header("Location:index.php");
die("<script>window.location='index.php';</script>"); //js redirect backup
}

//if post => process form
if(isset($_POST['email']) && $_POST['email'] != ""){
$sql = sprintf("select email, password from members where email = '%s' ", mysql_real_escape_string($_POST['email'], $mysql->conn));
$result = $mysql->exSql($sql) or die($mysql->debugPrint());
if(mysql_num_rows($result)>0){
$row = mysql_fetch_assoc($result);

function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$password = createRandomPassword();
$row['password'] = $password;

//update password
$update_sql = sprintf("UPDATE members SET $password = '%s' WHERE email = '%s' ", $password, mysql_real_escape_string($_POST['email'], $mysql->conn));
$mysql->exSql($sql) or die($mysql->debugPrint());


//Validate that admin email & member's email are valid
if(validEmail($row['email']) && validEmail($settings['email'])){


//send message
$to = $row['email'];
$headers = sprintf("From: %s\r\nReply-To: noreply@%s\r\nX-Mailer: PHP/%s", $settings['email'], str_replace("www.","",str_replace("http://","",$settings['domain'])), phpversion());
$emailXtpl = new XTemplate("emailmessages/forgotpassword.xtpl", SKIN);
$emailXtpl->assign('row',$row);
$emailXtpl->assign('settings',$settings);
$emailXtpl->parse('main.subject');
$emailXtpl->parse('main.body');
$subject = $emailXtpl->text('main.subject');
$message = $emailXtpl->text('main.body');

if(@mail($to,$subject,$message,$headers)){
$xtpl->parse('main.passwordsent');
}else{
$xtpl->assign('error','Please contact webmaster [Failed to send message]');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->assign('error','Please contact webmaster [Invalid Email(s)]');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}

}else{
$xtpl->assign('error','Email address not found');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->parse('main.forgotpassword');
}

?>

mlseim
02-01-2012, 10:46 PM
Did the script used to work, and now it doesn't?

Or, is the script you're showing an example from somewhere else?

In what context is the script you're showing relate to your entire website?

>ssp-cdr<
02-01-2012, 10:51 PM
You are storing the update SQL in $update_sql but then trying to run $sql as a database query. Fix that.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum