//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Ah I figured that out this morning lol. I executed that prepared statement, looked in my table and every row had updated. I changed it to pretty much what you typed there and have got it working perfectly.
The reason nothing was updating was because I hadn't executed the prepared statement...I thought it was a normal query expecting it to execute on it's own....That's what I get for staying up till ungodly hours..
I'm currently just writing the email, I just need to write that page and go from there.
if(empty($_POST['username'])){
$errors[] = "You must fill in the username field.";
}
if(empty($errors)){
//code checks whether the username matches one in the database, if it does, we create a unique key and update that users reset field.
$con = new mysqli("sql110.0fees.net","fees0_11240271","h4ck3r","fees0_11240271_demo_central");
$stmt = $con->prepare("SELECT * FROM members WHERE username=?");
if($row == 1){//if $row == 1, we matched a correct username from the database....so we create a unique id to insert into users row.
$unique_id = uniqid();
$stmt = $con->prepare("UPDATE members SET reset=? WHERE username=?");
$stmt->bind_param("ss",$unique_id,$user);
$stmt->execute();
$stmt->store_result();
$a_row = $stmt->affected_rows;
if($a_row == 1){
//if this executes, database was updated with reset code. write email...
$to = $email;
$subject = "Demo-Central Reset Password."."\r\n";
$message = "Hello ".$user."<br />\r\n";
$message .= "You have received this email because you have forgotten your password."."<br />\r\n";
$message .= "We have attached a link within the email which needs to be clicked in order to process"."<br />\r\n";
$message .= "your password reset. On this page you will be asked to enter your new password. Once you have done this"."<br />\r\n";
$message .= "you will then be able to login with your existing username and new password."."<br /><br />\r\n";
$message .= "<a href='htttp://www.labtec.0fees.net/DemorecSite/enter_new_pass.php?id={$id}&unique={$unique_id}'>Reset your password!</a><br /><br />";
$message .= "Kind regards,"."<br />\r\n";
$message .= "Demo-Central Administrator."."<br />\r\n";
if(mail($to,$subject,$message, implode("\r\n",$headers))){
echo "You will be emailed shortly with further instructions on resetting your password.<br />";
echo "Please follow the <a href='index.php'>link</a> to the homepage.";
exit(0);
}
else{
echo "There was an error sending your reset email.<br />";
echo "Please contact the site administrator at flipmodeskwaud@hotmail.co.uk to report the problem.<br />";
echo "Follow the link to the <a href='index.php'>homepage</a>.";
exit(0);
}
}
else{
//print error
}
}
else{
print("That username does not exist.<br />");
print("<a href='reset_password.php'>Please try again.</a>");
exit(0);
}
I can't see anything obvious with the email code.. IF you got two emails and made no changes to the script and they stopped coming through then its quite likely to be a spam filter thats decided to kick in somewhere.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Ah my bad, they all seemed to come through at once. I've retrieved the url values with $_GET and now I just need to write the reset pass form and check it all with the php. I'll keep you updated.
P.S - at the bottom of every email there is this line:
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
So I have created the page where they enter their new pass. I have successfully retrieved the values from the URL.
When they enter their new password, do I select the record by the id, check that the key from the url matches the key in that row, if it does then update the password field with the new password, if not then print an error?
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Ok so I ceated the page which the user clicks to reset thier password. I have this php block at the very top of my script:
PHP Code:
<?php
global $id;
global $uniq;
$id = $_GET['id'];
$uniq = $_GET['unique'];
echo $id."<br />";
echo $uniq;
?>
This echo's out the correct values. I have stored them in global variables because I want to be able to use them within the action script of the new password form. When I try to echo out the variables inside the action form, no values are showing. Which is leading to my error of 0 rows being affected...
I used globals in the past and they worked ok. I also used them in the same way so not sure what could be wrong...
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
I'm not using a function, I have my page which the user clicks from their email. When they get there, the values which were passed are saved. I echo them out just for test purposes. This works fine.
But there is another form on that page where they enter their new password. The action file for that form is do_new_pass.php. This is where I am going to use them $_GET values and select the db using the id, and then check the 'reset' $_GET value against the DB 'reset' value and go from there...
Do you know of a way in which I can use those $_GET values in my action file?
I thought there was something different, I checked it out and in one of my other pages the global keyword is used with a function.
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Here is the email which is sent to the user when they request to reset:
PHP Code:
//if this executes, database was updated with reset code. write email...
$to = $email;
$subject = "Demo-Central Reset Password."."\r\n";
$message = "Hello ".$user."<br />\r\n";
$message .= "You have received this email because you have forgotten your password."."<br />\r\n";
$message .= "We have attached a link within the email which needs to be clicked in order to process"."<br />\r\n";
$message .= "your password reset. On this page you will be asked to enter your new password. Once you have done this"."<br />\r\n";
$message .= "you will then be able to login with your existing username and new password."."<br /><br />\r\n";
$message .= "<a href='htttp://www.labtec.0fees.net/DemorecSite/enter_new_pass.php?id={$id}&unique={$unique_id}'>Reset your password!</a><br /><br />";
$message .= "Kind regards,"."<br />\r\n";
$message .= "Demo-Central Administrator."."<br />\r\n";
if(mail($to,$subject,$message, implode("\r\n",$headers))){
echo "You will be emailed shortly with further instructions on resetting your password.<br />";
echo "Please follow the <a href='index.php'>link</a> to the homepage.";
exit(0);
}
else{
echo "There was an error sending your reset email.<br />";
echo "Please contact the site administrator at flipmodeskwaud@hotmail.co.uk to report the problem.<br />";
echo "Follow the link to the <a href='index.php'>homepage</a>.";
exit(0);
}
As you can see there is a link which hold two values, here is the source code for that page, enter_new_pass.php:
PHP Code:
<?php
global $id;
global $uniq;
$id = $_GET['id'];
$uniq = $_GET['unique'];
echo $id."<br />";
echo $uniq;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
As you can see I retrieve the values and at this point, they echo out fine. The form on this page goes into a file called do_new_pass.php, which is here:
PHP Code:
<?php
echo $id."<br />";
echo $uniq;
$con = new mysqli("localhost","root","","demo_central");
$stmt = $con->prepare("SELECT * FROM members WHERE id=? AND reset=?");
$stmt->bind_param("is",$id,$uniq);
$stmt->bind_result($id,$user,$pass,$email,$join_date,$hash,$reset);
$stmt->execute();
$stmt->store_result();
$stmt->fetch();
echo $user;
?>
The statement isn't returning a value. No num_rows or affected_rows values apart from 0.
It is clearly something to do with those global variables because they do not echo out in this action script. Is there a way I can get them there?
Global values are for use in a script that may require access to a value out of its scope but within that instance of the script:
PHP Code:
$Value = 'foobar';
function test() { print $Value; //Error - undefined variable type message }
function test2() { global $Value; print $Value; //Successful }
test();//Error test2();//Success
What you want to be using is SESSIONS. Sessions are remembered between scripts. To start or resume a session you use session_start. To store anything in the session or access a session value you use the $_SESSION array.
enter_new_pass.php:
PHP Code:
session_start(); //You MUST use this in every script that accesses a users session
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Ah I did remember sessions and knew they held values between pages but didn't want to use them.
Here is my code:
PHP Code:
<?php
session_start();
$id = $_SESSION['id'];
$uniq = $_SESSION['uniq'];
$con = new mysqli("localhost","root","","demo_central");
$stmt = $con->prepare("SELECT * FROM members WHERE id=? AND reset=?");
$stmt->bind_param("is",$id,$uniq);
$stmt->bind_result($id,$user,$pass,$email,$join_date,$hash,$reset);
$stmt->execute();
$stmt->store_result();
$a_rows = $stmt->affected_rows;
if($a_rows == 1){
$stmt->fetch();//fetch all of the users data from their row...
$stmt = $con->prepare("UPDATE members SET password=? WHERE reset=?");
$stmt->bind_param("ss",$hashed,$uniq);
$stmt->execute();
$stmt->store_result();
$a_rows = $stmt->affected_rows;
if($a_rows == 1){
$null = NULL;
$con = mysqli_query("UPDATE members SET reset='{$null}' WHERE reset='{$reset}'");
print("You have successfully changed your password.");
print("Please return to the <a href='login.php'>login</a> page.");
exit(0);
}
else{
print("There was an error changing your password.");
exit(0);
}
}
else{
print("Error with the query. No match found for resetting.<br />");
print("Please contact the site administrator at flipmodeskwaud@hotmail.co.uk to report the problem.<br />");
print("Please click the link to return to the <a href='reset_password.php'>homepage</a>.");
exit(0);
}
?>
I am wondering, how do I set the reset column value back to NULL? As you can see I tried creating a variable and using that but it just 'empties' the reset column. It's not NULL as such, but it has no value.
Do you know how I can get that row's reset column back to the initial NULL value?
Before you post, read our: 
