Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Feb 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Forgot Password page

    I have very limited knowledge of PHP and have a working forgot password page that has the user input their email address and sends a temporary password. The problem that I am having is that the database is not updated to the new password so the user cannot login.

    Can someone help me with the update password section in this code so that it will update the database? I know there are many ways to do this, I just need help with getting this code to work. Thank you. Any help is much appreciated.

    Code:
    <?php
    	
    	if(ereg("memberforgotpassword.php",$_SERVER['PHP_SELF'])){
    		@header("Location:index.php");
    		die("<script>window.location='index.php';</script>"); //js redirect backup
    	}
    	
    	//if post => process form
    	if(isset($_POST['email']) && $_POST['email'] != ""){
    		$sql = sprintf("select email, password from members where email = '%s' ", mysql_real_escape_string($_POST['email'], $mysql->conn));
    		$result = $mysql->exSql($sql) or die($mysql->debugPrint());	
    		if(mysql_num_rows($result)>0){
    			$row = mysql_fetch_assoc($result);
    			
    			function createRandomPassword() {
    			    $chars = "abcdefghijkmnopqrstuvwxyz023456789";
    			    srand((double)microtime()*1000000);
    			    $i = 0;
    			    $pass = '' ;
    			    while ($i <= 7) {
    			        $num = rand() % 33;
    			        $tmp = substr($chars, $num, 1);
    			        $pass = $pass . $tmp;
    			        $i++;
    			    }
    			    return $pass;
    			}
    			$password = createRandomPassword();
    			$row['password'] = $password;
    			
    			//update password
    			$update_sql = sprintf("UPDATE members SET $password = '%s' WHERE email = '%s' ", $password, mysql_real_escape_string($_POST['email'], $mysql->conn));
    			$mysql->exSql($sql) or die($mysql->debugPrint());	
    		
    			
    			//Validate that admin email & member's email are valid
    			if(validEmail($row['email']) && validEmail($settings['email'])){
    				
    				
    				//send message
    				$to = $row['email'];				
    				$headers = sprintf("From: %s\r\nReply-To: noreply@%s\r\nX-Mailer: PHP/%s", $settings['email'], str_replace("www.","",str_replace("http://","",$settings['domain'])), phpversion());				
    				$emailXtpl =  new XTemplate("emailmessages/forgotpassword.xtpl", SKIN);
    				$emailXtpl->assign('row',$row);
    				$emailXtpl->assign('settings',$settings);
    				$emailXtpl->parse('main.subject');
    				$emailXtpl->parse('main.body');
    				$subject = $emailXtpl->text('main.subject');
    				$message = $emailXtpl->text('main.body');
    				
    				if(@mail($to,$subject,$message,$headers)){
    					$xtpl->parse('main.passwordsent');			
    				}else{
    					$xtpl->assign('error','Please contact webmaster [Failed to send message]');
    					$xtpl->parse('main.forgotpassword.error');
    					$xtpl->parse('main.forgotpassword');					
    				}		
    			}else{
    				$xtpl->assign('error','Please contact webmaster [Invalid Email(s)]');
    				$xtpl->parse('main.forgotpassword.error');
    				$xtpl->parse('main.forgotpassword');			
    			}
    
    		}else{
    			$xtpl->assign('error','Email address not found');
    			$xtpl->parse('main.forgotpassword.error');
    			$xtpl->parse('main.forgotpassword');
    		}
    	}else{
    		$xtpl->parse('main.forgotpassword');
    	}
    
    ?>

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,502
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    Did the script used to work, and now it doesn't?

    Or, is the script you're showing an example from somewhere else?

    In what context is the script you're showing relate to your entire website?

  • #3
    Regular Coder
    Join Date
    May 2007
    Posts
    101
    Thanks
    16
    Thanked 12 Times in 12 Posts
    You are storing the update SQL in $update_sql but then trying to run $sql as a database query. Fix that.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •