View Full Version : Forgot Password page

02-01-2012, 10:23 PM
I have very limited knowledge of PHP and have a working forgot password page that has the user input their email address and sends a temporary password. The problem that I am having is that the database is not updated to the new password so the user cannot login.

Can someone help me with the update password section in this code so that it will update the database? I know there are many ways to do this, I just need help with getting this code to work. Thank you. Any help is much appreciated.


die("<script>window.location='index.php';</script>"); //js redirect backup

//if post => process form
if(isset($_POST['email']) && $_POST['email'] != ""){
$sql = sprintf("select email, password from members where email = '%s' ", mysql_real_escape_string($_POST['email'], $mysql->conn));
$result = $mysql->exSql($sql) or die($mysql->debugPrint());
$row = mysql_fetch_assoc($result);

function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
return $pass;
$password = createRandomPassword();
$row['password'] = $password;

//update password
$update_sql = sprintf("UPDATE members SET $password = '%s' WHERE email = '%s' ", $password, mysql_real_escape_string($_POST['email'], $mysql->conn));
$mysql->exSql($sql) or die($mysql->debugPrint());

//Validate that admin email & member's email are valid
if(validEmail($row['email']) && validEmail($settings['email'])){

//send message
$to = $row['email'];
$headers = sprintf("From: %s\r\nReply-To: noreply@%s\r\nX-Mailer: PHP/%s", $settings['email'], str_replace("www.","",str_replace("http://","",$settings['domain'])), phpversion());
$emailXtpl = new XTemplate("emailmessages/forgotpassword.xtpl", SKIN);
$subject = $emailXtpl->text('main.subject');
$message = $emailXtpl->text('main.body');

$xtpl->assign('error','Please contact webmaster [Failed to send message]');
$xtpl->assign('error','Please contact webmaster [Invalid Email(s)]');

$xtpl->assign('error','Email address not found');


02-01-2012, 10:46 PM
Did the script used to work, and now it doesn't?

Or, is the script you're showing an example from somewhere else?

In what context is the script you're showing relate to your entire website?

02-01-2012, 10:51 PM
You are storing the update SQL in $update_sql but then trying to run $sql as a database query. Fix that.