phpnewby
02-01-2012, 09:23 PM
I have very limited knowledge of PHP and have a working forgot password page that has the user input their email address and sends a temporary password. The problem that I am having is that the database is not updated to the new password so the user cannot login.
Can someone help me with the update password section in this code so that it will update the database? I know there are many ways to do this, I just need help with getting this code to work. Thank you. Any help is much appreciated.
<?php
if(ereg("memberforgotpassword.php",$_SERVER['PHP_SELF'])){
@header("Location:index.php");
die("<script>window.location='index.php';</script>"); //js redirect backup
}
//if post => process form
if(isset($_POST['email']) && $_POST['email'] != ""){
$sql = sprintf("select email, password from members where email = '%s' ", mysql_real_escape_string($_POST['email'], $mysql->conn));
$result = $mysql->exSql($sql) or die($mysql->debugPrint());
if(mysql_num_rows($result)>0){
$row = mysql_fetch_assoc($result);
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$password = createRandomPassword();
$row['password'] = $password;
//update password
$update_sql = sprintf("UPDATE members SET $password = '%s' WHERE email = '%s' ", $password, mysql_real_escape_string($_POST['email'], $mysql->conn));
$mysql->exSql($sql) or die($mysql->debugPrint());
//Validate that admin email & member's email are valid
if(validEmail($row['email']) && validEmail($settings['email'])){
//send message
$to = $row['email'];
$headers = sprintf("From: %s\r\nReply-To: noreply@%s\r\nX-Mailer: PHP/%s", $settings['email'], str_replace("www.","",str_replace("http://","",$settings['domain'])), phpversion());
$emailXtpl = new XTemplate("emailmessages/forgotpassword.xtpl", SKIN);
$emailXtpl->assign('row',$row);
$emailXtpl->assign('settings',$settings);
$emailXtpl->parse('main.subject');
$emailXtpl->parse('main.body');
$subject = $emailXtpl->text('main.subject');
$message = $emailXtpl->text('main.body');
if(@mail($to,$subject,$message,$headers)){
$xtpl->parse('main.passwordsent');
}else{
$xtpl->assign('error','Please contact webmaster [Failed to send message]');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->assign('error','Please contact webmaster [Invalid Email(s)]');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->assign('error','Email address not found');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->parse('main.forgotpassword');
}
?>
Can someone help me with the update password section in this code so that it will update the database? I know there are many ways to do this, I just need help with getting this code to work. Thank you. Any help is much appreciated.
<?php
if(ereg("memberforgotpassword.php",$_SERVER['PHP_SELF'])){
@header("Location:index.php");
die("<script>window.location='index.php';</script>"); //js redirect backup
}
//if post => process form
if(isset($_POST['email']) && $_POST['email'] != ""){
$sql = sprintf("select email, password from members where email = '%s' ", mysql_real_escape_string($_POST['email'], $mysql->conn));
$result = $mysql->exSql($sql) or die($mysql->debugPrint());
if(mysql_num_rows($result)>0){
$row = mysql_fetch_assoc($result);
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$password = createRandomPassword();
$row['password'] = $password;
//update password
$update_sql = sprintf("UPDATE members SET $password = '%s' WHERE email = '%s' ", $password, mysql_real_escape_string($_POST['email'], $mysql->conn));
$mysql->exSql($sql) or die($mysql->debugPrint());
//Validate that admin email & member's email are valid
if(validEmail($row['email']) && validEmail($settings['email'])){
//send message
$to = $row['email'];
$headers = sprintf("From: %s\r\nReply-To: noreply@%s\r\nX-Mailer: PHP/%s", $settings['email'], str_replace("www.","",str_replace("http://","",$settings['domain'])), phpversion());
$emailXtpl = new XTemplate("emailmessages/forgotpassword.xtpl", SKIN);
$emailXtpl->assign('row',$row);
$emailXtpl->assign('settings',$settings);
$emailXtpl->parse('main.subject');
$emailXtpl->parse('main.body');
$subject = $emailXtpl->text('main.subject');
$message = $emailXtpl->text('main.body');
if(@mail($to,$subject,$message,$headers)){
$xtpl->parse('main.passwordsent');
}else{
$xtpl->assign('error','Please contact webmaster [Failed to send message]');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->assign('error','Please contact webmaster [Invalid Email(s)]');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->assign('error','Email address not found');
$xtpl->parse('main.forgotpassword.error');
$xtpl->parse('main.forgotpassword');
}
}else{
$xtpl->parse('main.forgotpassword');
}
?>