18 Replies Latest reply on Mar 26, 2015 10:57 AM by osgood_

    Problems with Password reset

    Max Resnikoff Level 1

      Hi,

       

      I was wondering if anyone can see anything wrong with this code, as it does not seem to be working.

      Once the email is entered, a password should be generated, and should be sent to the users email address (if it exists in the database). Or return an error message if there is no record.

       

      <form method="POST" name="loginform" id="loginform" class="form_area">

              <div class="loginwindow_title">Forgot Password? </div>

              <div class="loginwindow_subtitle">Enter your email below and you will be sent your password</div>

           

              <div class="loginwindow_form">

                    <div class="form_field">

                  <span id="email_validation">

                <label for="email"></label>

                <input type="text" name="email" id="email" class="email_field" placeholder="Email Address">

                <span class="textfieldRequiredMsg">Please enter your account email</span></span>

              </div>

              </div>

              <button name="submit" type="submit" class="login_button">Send my password</button>

      </form>

       

       

       

       

      <?php

       

       

      $email = $_POST['email'];

      $submit = $_POST['submit'];

       

      //Connect to DB

      $connect = require_once('Connections/drama_database.php');

       

      if ($submit) {

          //CHeck if email exists

          $email_check = mysql_query("SELECT * FROM users WHERE email='$email'");

          $count = mysql_num_rows($email_check);

       

          if ($count != 0) {

              //Generate new password

              $random = rand(72891, 92729);

              $new_password = $random;

           

              //Create copy of new password

              $email_password = $new_password;

           

              //Encrypt new password

              $new_password = md5($new_password);

           

              //Update the database

              mysql_query("update users set password='$new_password' WHERE email='$email'");

           

              //Send the password to the user

              $email = ($_POST['username']);

       

              //

              //

              //

              //

              //EMAIL START//

              $msguser = '<html><body>';

           

                  //title start//

              $msguser .= '<h1 align="center"><strong>Password Reset</strong></h1>';

                  //title end//

              $msguser .= '<br>';

              $msguser .= 'This is a confirmation email regarding your new password for your account on WEBSITE LINK GOES HERE.';

              $msguser .= '<br><br>';

              $msguser .= "<b>Below is your new password:</b>";

              $msguser .= '<br>';

              $msguser .= "<b>echo ('$email_password')</b>";

              $msguser .= "<b>Please log in using the above password. Once logged in, please click on your profile tab and update your password. (Theprofile button can be found under your username in the top right-hand corner of the page)</b>";

              $msguser .= "<b>Please go to: WEBSITE LINK GOES HERE to log in</b>";

              //EMAIL END//

              //

              //

              //

              //

              //

               

              $headers = "From: Egham Drama Database <SUPPORT EMAIL GOES HERE>\r\n";

              $headers .= "Reply-To: SUPPORT EMAIL GOES HERE\r\n";

              $headers .= "MIME-Version: 1.0\r\n";

              $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

               

                  mail($email, 'Drama Database | Password Reset', $msguser, $headers);

              }

              else

              {

                  echo "This email does not exist"; 

              }

           

      }

           

       

      ?>

       

       

      Thank you !

        • 1. Re: Problems with Password reset
          osgood_ Level 8

          It couldn't be as simple as you have no action="" set in your form tag could it? - or is the php included in the same page as the reset form although I doubt it is as the php would initiate immedaiteky the page loads given you have nothing stopping it.?

           

           

          Also shouldn't the below be $email = $_POST['email'];

           

          //Send the password to the user

                  $email = ($_POST['username']);

           

           

          Plus any reason why youre requesting the value of the submit button?

           

          $submit = $_POST['submit'];

           

          EDITED:

          On closer code inspection I can see why youre requesting the value of the submit button - to stop the php initiating on page load if its not set. So the reset form and the php code are combined on one page.

           

          I think the below is incorrect though as I don't see where youre getting the 'username' from?

           

          $email = ($_POST['username']);

           

          and youre using the $email variable in the mail function so it would not want to be a username unless thats an email address?

           

          mail($email, 'Drama Database | Password Reset', $msguser, $headers);

          • 2. Re: Problems with Password reset
            Max Resnikoff Level 1

            Thanks for your reply.

             

            I have changed the username to: email (my mistake).

             

            The code is on the same page so no action is required.

             

            But still no luck.

             

            Surely that shouldn't have been the problem as the password should have changed in the database anyways, regardless as to sending an email right?

            • 3. Re: Problems with Password reset
              osgood_ Level 8

              Delete this:

               

              $submit = $_POST['submit'];

               

              Change this:

               

              if ($submit) {

               

              to this:

               

              if(isset($_POST['submit'])) {

               

               

              You should then see some action in the database and the mailing of the new password to the appropriate email address.

              • 4. Re: Problems with Password reset
                Max Resnikoff Level 1

                still no luck!

                 

                This is my edited code and when i enter the email (which is in the database), it returns an error message:

                 

                Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home4/mresnik/public_html/forgotpassword.php on line 79

                This email does not exist

                 

                 

                <?php

                 

                $email = $_POST['email'];

                 

                //Connect to DB

                require('Connections/drama_database.php');

                 

                if(isset($_POST['submit'])) {

                    //Check if email exists

                    $email_check = mysql_query("SELECT * FROM users WHERE email='$email'");

                    $count = mysql_num_rows($email_check);

                 

                    if ($count !=0) {

                        //Generate new password

                        $random = rand(72891, 92729);

                        $new_password = $random;

                     

                        //Create copy of new password

                        $email_password = $new_password;

                     

                        //Update the database

                        mysql_query("update users set password='$new_password' WHERE email='$email'");

                     

                        //Send the password to the user

                        $email = ($_POST['email']);

                 

                        //

                        //

                        //

                        //

                        //EMAIL START//

                        $msguser = '<html><body>';

                     

                            //title start//

                        $msguser .= '<h1 align="center"><strong>Password Reset</strong></h1>';

                            //title end//

                        $msguser .= '<br>';

                        $msguser .= 'This is a confirmation email regarding your new password for your account on www.X.com.';

                        $msguser .= '<br><br>';

                        $msguser .= "<b>Below is your new password:</b>";

                        $msguser .= '<br>';

                        $msguser .= "<b>echo ('$email_password')</b>";

                        $msguser .= "<b>Please log in using the above password. Once logged in, please click on your profile tab and update your password. (Theprofile button can be found under your username in the top right-hand corner of the page)</b>";

                        $msguser .= "<b>Please go to: http://www.X.com/index.php to log in</b>";

                        //EMAIL END//

                        //

                        //

                        //

                        //

                        //

                         

                        $headers = "From: Egham Drama Database <support@X.com>\r\n";

                        $headers .= "Reply-To: support@X.com\r\n";

                        $headers .= "MIME-Version: 1.0\r\n";

                        $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

                         

                            mail($email, 'X | Password Reset', $msguser, $headers);

                        }

                        else

                        {

                            echo "This email does not exist"; 

                        }

                     

                }

                     

                 

                ?>

                 

                EDIT:

                I have commented out:

                 

                if ($count != 0) {

                 

                and the closing tag:

                 

                }

                 

                And it seems to send the email as so:

                 

                Password Reset


                This is a confirmation email regarding your new password for your account on www.X.com.

                Below is your new password:
                echo ('92013')Please log in using the above password. Once logged in, please click on your profile tab and update your password. (Theprofile button can be found under your username in the top right-hand corner of the page)Please go to: http://www.X.com/index.php to log in

                 

                No change is made in the database though

                • 5. Re: Problems with Password reset
                  osgood_ Level 8

                  Not sure what's happening to this F**KED up forum software BUT I did see a reply of yours and answered it only for the crap sofware to deny my post and then yours disappeared. Is this Adobe forum software for real..... it's the biggest pile of shite I've ever come across and certainly f*cking useless for those of us that are trying to help out your users......we deserve more than this shite

                   

                  Anyway rant over here's  your next set of solutions:

                   

                   

                  Change:

                  if ($count !=0) {

                   

                  to:

                  if ($count >= 1) {

                   

                   

                  and make sure youre getting a result by echoing out the value of $count by inserting echo $count; as shown below, then you can remove it once all is running according to plan.

                   

                  echo $count;

                  if ($count >= 1) {

                   

                   

                  Your code is all working fine for me on my server either way using:

                   

                  if ($count !=0) {

                   

                  or this:

                   

                  if ($count >= 1) {

                  • 6. Re: Problems with Password reset
                    Max Resnikoff Level 1

                    Still nothing! Ugh

                     

                    Im not even getting the: echo $count;

                    Could the problem lie within the connection to the database?

                     

                    Here is the code on my connection file:

                    <?php

                    # FileName="Connection_php_mysql.htm"

                    # Type="MYSQL"

                    # HTTP="true"

                    $hostname_drama_database = "X.com";

                    $database_drama_database = "X_X";

                    $username_drama_database = "X";

                    $password_drama_database = "X";

                    $drama_database = mysql_pconnect($hostname_drama_database, $username_drama_database, $password_drama_database) or trigger_error(mysql_error(),E_USER_ERROR);

                    ?>

                     

                    Here is the edited code:

                     

                    <?php

                     

                    $email = $_POST['email'];

                     

                     

                    //Connect to DB

                    require('Connections/drama_database.php');

                     

                     

                    if(isset($_POST['submit'])) {

                      //Check if email exists

                      $email_check = mysql_query("SELECT * FROM users WHERE email='".$email."'");

                      $count = mysql_num_rows($email_check);

                      echo $count;

                     

                      if ($count>=1) {

                      //Generate new password

                      $random = rand(72891, 92729);

                      $new_password = $random;

                     

                      //Create copy of new password

                      $email_password = $new_password;

                     

                      //Update the database

                      mysql_query("update users set password='$new_password' WHERE email='".$email."'");

                     

                      //Send the password to the user

                      $email = ($_POST['email']);

                     

                     

                      //

                      //

                      //

                      //

                      //EMAIL START//

                      $msguser = '<html><body>';

                     

                      //title start//

                      $msguser .= '<h1 align="center"><strong>Password Reset</strong></h1>';

                      //title end//

                      $msguser .= '<br>';

                      $msguser .= 'This is a confirmation email regarding your new password for your account on www.X.com.';

                      $msguser .= '<br><br>';

                      $msguser .= "<b>Below is your new password:</b>";

                      $msguser .= '<br>';

                      $msguser .= "<b>echo ('$email_password')</b>";

                      $msguser .= "<b>Please log in using the above password. Once logged in, please click on your profile tab and update your password. (Theprofile button can be found under your username in the top right-hand corner of the page)</b>";

                      $msguser .= "<b>Please go to: http://www.X.com/index.php to log in</b>";

                      //EMAIL END//

                      //

                      //

                      //

                      //

                      //

                     

                      $headers = "From: Egham Drama Database <support@X.com>\r\n";

                      $headers .= "Reply-To: support@X.com\r\n";

                      $headers .= "MIME-Version: 1.0\r\n";

                      $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

                     

                      mail($email, 'X | Password Reset', $msguser, $headers);

                      }

                      else

                      {

                      echo "This email does not exist";

                      }

                     

                    }

                     

                     

                    ?>

                    • 7. Re: Problems with Password reset
                      osgood_ Level 8

                      If the 'This email does not exit' message is appearing then nothing will change in the database as no email has been found BUT then you should also not be getting any emails sent IF no emails are found


                      Try the change I suggested above - it may just be something to do with the server set up.


                      • 8. Re: Problems with Password reset
                        Max Resnikoff Level 1

                        Not sure which solution your are talking about. I have edited the code as you have said (so far)

                         

                        The connection file has worked on all 150+ pages on the server so no reason for any errors in that.

                         

                        I am still getting this error message though:

                         

                        Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home4/mresnik/public_html/forgotpassword.php on line 79

                        This email does not exist

                        • 9. Re: Problems with Password reset
                          osgood_ Level 8

                          Max Resnikoff wrote:

                           


                          Could the problem lie within the connection to the database?

                           

                           

                          For sure, here's the connection string I used at the top of the page. (obviuosly replace the XXXX with your own connection details ie username, password, and databasename plus if the server is something other tahn 'localhost; change that as well.

                           

                          # Connect

                          mysql_connect('localhost', 'XXXXX', 'XXXXXX') or die('Could not connect: ' . mysql_error());

                           

                          # Choose a database

                          mysql_select_db('XXXXXXXXX') or die('Could not select database');

                          • 10. Re: Problems with Password reset
                            osgood_ Level 8

                            Youre using some crap connection string automatically generated by DW - rubbish. It won't work once you start wondering outside of DW environment and producing you own mysql queries, which you are doing to reset the password - you have to also rewrite the connection string.

                            • 11. Re: Problems with Password reset
                              Max Resnikoff Level 1

                              Great!

                              Works fine now!

                               

                              But is there a way to connect to the database by using the connection file?

                               

                              Not too sure why it has to be put in manually rather than as a 'require' method. Do you mind explaining?

                               

                              Thank you

                              • 12. Re: Problems with Password reset
                                osgood_ Level 8

                                Max Resnikoff wrote:

                                 

                                Great!

                                Works fine now!

                                 

                                But is there a way to connect to the database by using the connection file?

                                 

                                Not too sure why it has to be put in manually rather than as a 'require' method. Do you mind explaining?

                                 

                                Thank you

                                 

                                Not without rewriting the mysql query string and including a lot of rubbish mark-up which DW produces - why do you think Adobe dropped the server behaviours? They are 10 years out of date and to be honest you should not be using them anymore - you should be using the new improved mysqli or PDO extensions to connect and query a database.

                                • 13. Re: Problems with Password reset
                                  Max Resnikoff Level 1

                                  The only reason i used the Dreamweaver server behaviours is because for the connection, i never really left the confinements of Dreamweaver's capabilities.

                                   

                                  Thank you so much for your help!

                                   

                                  One last question, how would I be able to echo the 'This email does not exist' text in a different location such as under the email field?

                                  would i just create a variable which replaces the echo? and then echo that variable created out wherever i want?

                                  • 14. Re: Problems with Password reset
                                    osgood_ Level 8

                                    Max Resnikoff wrote:

                                     

                                    The only reason i used the Dreamweaver server behaviours is because for the connection, i never really left the confinements of Dreamweaver's capabilities.

                                     

                                     

                                    DW uses mysql (outdated) to connect and query BUT it used/uses its own unique way of connecting and quering a database producing quadruple the amount of code you would normally use than if you wrote it manually. In all honesty it is the most hideous rubbish code I have ever seen but that's par for Adobe they always major in producing rubbish and passing it off as fit to use until one day it comes back an hits them in the head - roll on a couple of years and fluid grids will die as that too is hideous rubbish in my opinion.

                                     

                                    Max Resnikoff wrote:

                                     

                                    One last question, how would I be able to echo the 'This email does not exist' text in a different location such as under the email field?

                                     

                                    Change:

                                     

                                    else

                                    {

                                    echo "This email does not exist";

                                    }


                                    to:


                                    else {

                                    $noEmailExists = "<p>This email does not exist</p>";

                                    }

                                     

                                     

                                    Then you have a transportable variable that you can echo out anywhere on the page like below the email field:

                                     

                                    <input type="text" name="email" id="email" class="email_field" placeholder="Email Address">

                                     

                                    <?php

                                    if(isset($noEmailExists)) {

                                        echo $noEmailExists;

                                        }

                                    ?>

                                    • 15. Re: Problems with Password reset
                                      Max Resnikoff Level 1

                                      For some reason it wont work :/

                                       

                                      <form method="POST" name="loginform" id="loginform" class="form_area">

                                        <div class="loginwindow_title">Forgot Password? </div>

                                              <div class="loginwindow_subtitle">Enter your email below and you will be sent your password</div>

                                       

                                              <div class="loginwindow_form">

                                          <div class="form_field">

                                                  <span id="email_validation">

                                                <label for="email"></label>

                                                <input type="text" name="email" id="email" class="email_field" placeholder="Email Address">

                                                <span class="textfieldRequiredMsg">Please enter your account email</span></span>

                                                <?php

                                              if(isset($noEmailExists)) {

                                        echo $noEmailExists;

                                        }

                                        ?>

                                              </div>

                                        </div>

                                             

                                        <button name="submit" type="submit" class="login_button">Send my password</button>

                                      </form>

                                       

                                      it will echo in its original position as i echoed it in the else statement (for now), but not in the form above

                                      • 16. Re: Problems with Password reset
                                        osgood_ Level 8

                                        Max Resnikoff wrote:

                                         

                                        For some reason it wont work :/

                                         

                                        <form method="POST" name="loginform" id="loginform" class="form_area">

                                          <div class="loginwindow_title">Forgot Password? </div>

                                                <div class="loginwindow_subtitle">Enter your email below and you will be sent your password</div>

                                         

                                                <div class="loginwindow_form">

                                            <div class="form_field">

                                                    <span id="email_validation">

                                                  <label for="email"></label>

                                                  <input type="text" name="email" id="email" class="email_field" placeholder="Email Address">

                                                  <span class="textfieldRequiredMsg">Please enter your account email</span></span>

                                                  <?php

                                                if(isset($noEmailExists)) {

                                          echo $noEmailExists;

                                          }

                                          ?>

                                                </div>

                                          </div>

                                              

                                          <button name="submit" type="submit" class="login_button">Send my password</button>

                                        </form>

                                         

                                        it will echo in its original position as i echoed it in the else statement (for now), but not in the form above

                                         

                                        Have you changed the 'else' statement to:

                                         

                                        else {

                                        $noEmailExists = "<p>This email does not exist</p>";

                                        }

                                        • 17. Re: Problems with Password reset
                                          Max Resnikoff Level 1

                                          Yes i have :/

                                          • 18. Re: Problems with Password reset
                                            osgood_ Level 8

                                            Make sure your form code comes AFTER the php that gets the information from the form, queries the database/updates it and sends the email - Im guessing that's the problem here, the coding is in the wrong order.