Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Password Recovery

    I can't seem to get this script to work at all. Its not giving me any errors or anything, but yet its not displaying the form if the random key matchs and so on. If I could get some help understanding why this might be, it would be such a great help.

    Please do understanding this is not being used on my site, so users wont be using this. This is just samply for learning purpose only.

    Thanks
    Jon W

    PHP Code:

        <?php
          
    if(isset($_GET['user_id']) !='')
            {
            include(
    'db.php');
            
            
    $user_id $_GET['user_id'];
            
            
    $query mysql_query("SELECT user_id, random_key FROM recovery WHERE user_id = '$user_id'") or die('Database error: ' mysql_error());
            
            if(
    mysql_num_rows($query) > 0)
              
              {
              
              
    $row mysql_fetch_assoc($query);
              
              if(
    $_GET['key'] != $row['random_key'])
              {
              
    $error 'This key is invalid';
              }
              else
              {
             
              
    ?>
              
              <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
              <input name="newpass" type="password" />
              <input name="retype" type="password" />
              <input name="submit" type="submit" value="Change Password" />
              </form>
              
              <?php
              
              
    if(isset($_POST['submit']) == true && $_POST['newpass'] == $_POST['retype'])
                {
                
                
    $newpsss mysql_real_escape_string(md5($_POST['newpass']));
                
            
    $allow mysql_query("UPDATE INTO users SET password = '$newpass' WHERE user_id = '$user_id'") or die('Database error: ' mysql_error());
              
              
    mysql_close($con);
               
               }
               else
               {
               
    $error 'Your <b>new Password</b> does not match.';
               }
               }
               }
               }
               
               echo(
    $error);
               
               
    ?>
    Last edited by Jon W; 01-19-2008 at 12:43 PM.

  • #2
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Any idea at all would be great.

  • #3
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by Jon W View Post
    I can't seem to get this script to work at all. Its not giving me any errors or anything, but yet its not displaying the form if the random key matchs and so on.
    PHP Code:
    <?php
      print_r
    ($_GET); // for debug
      
    if(isset($_GET['user_id']) !='') {
        include(
    'db.php');
        
    $user_id $_GET['user_id'];
        
    $query mysql_query("SELECT user_id, random_key FROM recovery WHERE user_id = '$user_id'") or die('Database error: ' mysql_error());
        if(
    mysql_num_rows($query) > 0) {
          
    $row mysql_fetch_assoc($query);
          if(
    $_GET['key'] != $row['random_key']) {
            
    $error 'This key is invalid';
          } else {
    ?>
              <form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
              <input name="newpass" type="password" />
              <input name="retype" type="password" />
              <input name="submit" type="submit" value="Change Password" />
              </form>
    <?php
              
    if(isset($_POST['submit']) == true && $_POST['newpass'] == $_POST['retype']) {
                
    $newpsss mysql_real_escape_string(md5($_POST['newpass']));
                
    $allow mysql_query("UPDATE INTO users SET password = '$newpass' WHERE user_id = '$user_id'") or die('Database error: ' mysql_error());
                 
    mysql_close($con);
              } else  {
                 
    $error 'Your <b>new Password</b> does not match.';
              }
           }
        } 
    // this close the if(mysql_num_rows > 0) and a 'else error' miss
    }
    echo(
    $error);
    ?>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •