|
PHP - Forgot Password Page Is Not Working...
I paid someone to develop my site and for some reason the Forgot Password page is not working. Once the user types in their email address and submits, nothing happens. The user should get a message displayed instantly letting them know if the password was sent or if their account was not found.
Any help would be greatly appreciated! Code: [Select] [php] <? include_once "connect.php"; if(isset($_SESSION['RES_LoginID']) && $_SESSION['RES_LoginID']!="") { echo "<script>window.location='myprofile.php';</script>"; exit; } // code to send mail to user (account details) if(isset($_REQUEST["btnLogin"])) { $sel="select name,email,password from users where email='".$_REQUEST['RES_EMAIL']."'"; $urs=mysql_query($sel); if (mysql_affected_rows()>0) // send mail if mail existing in database { $row=mysql_fetch_array($urs); $name=$row['name']; $username=$row['email']; $password=$row['password']; $message="<link href='".WEBSITEURL."site.css' rel='stylesheet' type='text/css' /> <body> <table border=0 cellspacing='5' cellpadding=0 width=600 align='center' class='purple_11'> <tr><td> $SITE_LOGO<br><br> Dear <b>".$name."</b>,<br><br> Your login details a <br> Username : $username<br> Password : $password<br> <br><br> Login at: <a href='".WEBSITEURL."login.php' target='_blank'>$SITE_NAME</a><br><br><br> Thank You,<br> $SITE_NAME </td></tr></table> </body>"; $sub="Forgot Password?"; SendHTMLMail($username,$sub,$message,ADMIN_MAIL); $redirect="<script>window.location='forgot_password.php?msgs=1';</script>"; } else // if mail doesnot match { $redirect="<script>window.location='forgot_password.php?msgs=2';</script>"; } echo $redirect; exit; } // generate message for display $msg=""; if(isset($_REQUEST['msgs'])) { switch($_REQUEST['msgs']) { case 1 : $msg="Your password sent successfully."; break; case 2 : $msg="Email Address does not exists."; break; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]"> <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="<?=$KEYWORD?>" /> <link rel="shortcut icon" href="images/favicon.gif"> <title><?=$SITE_TITLE?></title> <link href="site.css" rel="stylesheet" type="text/css" /> <script language="javascript"> function valid_login() { form=document.frmLogin; if(form.RES_EMAIL.value=="") { alert("Please enter your email.") form.RES_EMAIL.focus(); return false; } else if (!(/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(form.RES_EMAIL.value))) { alert("Please enter a proper email address."); form.RES_EMAIL.focus(); return false; } else { form.submit(); } } </script> </head> <body onload="MM_preloadImages('images/about-us-hover.jpg','images/my-pofile-hover.jpg','images/help-hover.jpg','images/home.jpg')"> <table width="1000" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="1251" align="center" valign="top" class="main_bg"><table width="850" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="153" align="left" valign="top"><? include_once "top.php"; ?></td> </tr> <tr> <td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="18"></td> </tr> <tr> <td><table width="822" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="11" align="left" valign="top"><img src="images/white-crv1.jpg" width="11" height="11" /></td> <td width="100%" height="11" class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td> <td width="11" align="right" valign="top"><img src="images/white-crv2.jpg" width="11" height="11" /></td> </tr> <tr> <td width="11" class="gray-left-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td> <td align="center"><? include("gad_hori.php");?></td> <td width="11"class="gray-rightt-bdr"><span class="gray-top-bdr"><img src="images/blank-img.gif" width="1" height="1" /></span></td> </tr> <tr> <td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv3.jpg" width="11" height="11" /></td> <td height="11" class="gray-bot-bdr"><img src="images/blank-img.gif" width="1" height="1" /></td> <td width="11" height="11" align="left" valign="bottom"><img src="images/white-crv4.jpg" width="11" height="11" /></td> </tr> </table></td> </tr> <tr> <td height="73" align="left" valign="top"></td> </tr> <tr> <td align="left" valign="top"><table width="822" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="587" align="left" valign="top"><table width="587" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="19"><img src="images/gray-left-crv.jpg" width="19" height="247" /></td> <td width="321" align="left" valign="top" class="gry-bg-rpt"> <form name="frmLogin" id="frmLogin" action="" method="post"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="20"></td> </tr> <tr> <td height="27" class="gray-bot-bdr red-txt20" valign="top">Forgot Password?</td> </tr> <tr> <td height="25" align="center" valign="middle" class="red-txt12"><?=$msg;?></td> </tr> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2" height="22" align="left" style="padding-left:15px;"><strong>Please enter your E-mail address to get the password .</strong></td> </tr> <tr height="15"><td> </td></tr> <tr> <td width="33%" align="center"><strong>Email Address :</strong></td> <td width="67%"><input name="RES_EMAIL" type="text" class="input" style="width:176px; height:20px;"/></td> </tr> <tr> <td> </td> <td height="40" align="center"> <input type="submit" name="btnLogin" value="" class="btn_submit" title="Sign In" onclick="return valid_login();" /> </td> </tr> <tr> <td> </td> <td height="25" align="left" valign="bottom">Know your password? <a href="login.php">Login here</a></td> </tr> </table></td> </tr> </table> </form> </td> <td width="247" align="left" valign="top" class="red-box2"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="88"> </td> <td> </td> </tr> <tr> <td width="77"> </td> <td><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="85" align="left" valign="top"><img src="images/dont-acc.jpg" width="135" height="65" hspace="10" /></td> </tr> <tr> <td height="40" align="left" valign="top"><a href="register.php"><img src="images/register-but.jpg" alt="Register Here" width="146" height="30" border="0" /></a></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> <td width="235" align="right" valign="top"><? include("square_ads.php");?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td valign="top"><? include_once "bottom.php"; ?></td> </tr> </table></td> </tr> </table> </body> </html>[/php] Similar TutorialsI am sure this is a simple fix and I am total beginner but thanks to these forums learn alot Here is the code: Code: [Select] http://$host/forgot.php?doReset=Reset&VeriCode=$new_code And when I click the link in email I get the following error The requested URL /forgot.php?doReset=Reset&VeriCode=60dea138b76c71acccfe34d4fab3e004 was not found on this server. If someone needs the full code to help, please PM me. Hello, My user login script saves their passwords into my SQL in a md5 encryption. I am currently working on a 'forgot password' that sends the password to their email. The code that pulls out the password is this: echo $req_user_info['pass']; Now is there a way to decrypt the 'pass' (currently nothing is displayed - not even the encryption code) Please help - Ollie I'm having a little issue with this script. It's returning: "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89" (Line 89 is: $num_rows1 = mysql_num_rows($result1) and "New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance." I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why? I also checked what is returned in the $result1 variable and it's the number 1. Code: [Select] elseif($_GET['forgot']=="password"){ function &generatePassword($length=9, $strength=0) { $vowels = 'aeiuy'; $consonants = 'bcdfghjkmnpqrstwz'; if ($strength & 1) { $consonants .= 'BCDFGJLMNPQRSTVXZ'; } if ($strength & 2) { $vowels .= "AEIUY"; } if ($strength & 4) { $consonants .= '23456789'; } if ($strength & 8) { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; } $new_password =& generatePassword(); $username=$_POST['username']; $sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if($num_rows==1){ $sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1 = mysql_affected_rows($result1); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ $content.='New password could not be generated. If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.'; } } else{ header("Location: ./index.php?forgot&e=1"); } } Howdy, I am new to PHP and I have not worked on the forum for a couple of months. Well, I can't sign in!!! I am a real noob at this. Any help greatly appreciated. The return email is not set up. So, I can't get a reset going. Can I pull the password file and start again? How can I go about doing this? Thanks in advance. here is my change password script (This is being done by the admin)
<?php
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
require 'connect.php';
if(isset($_POST['change'])) {
$newp = trim($_POST['npass']);
$confp = trim($_POST['cpass']);
if(empty(trim($newp))) {
echo "<h3><center>You did not enter a new password!</center></h3>";
exit();
} if(empty(trim($confp))) {
echo "<h3><center>You must confirm the password!</center></h3>";
exit();
} if($confp !== $newp) {
echo "Passwords do not match!, try again.";
} else {
$sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '";
echo " ".$row['username']."\s password has been reset! ";
}
}
?>
<html><title> Change password </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head>
<body>
<div id="form">
<form action='' method='POST'>
<h2><b><center>Change Password</center></b></h2><br>
<tr>
<td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br>
<td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br>
<td><input type="submit" name="change" value="Change!" /></td>
</tr>
</form>
</div><!-- end of form div -->
</body>
</html>
I'm getting
Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30 Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32And it say's \s password has been reset!It's saying that the variable row is undefined, it's defined in my edit user / select user page
<?php
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
session_start();
require 'connect.php';
echo "<title> Edit a user </title>";
$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
echo "<div id='l'><tr><td>{$row['username']}</td> |
<td><a href='editUser.php?id={$row['id']}'>Edit User</a> |</td>
<td><a href='changepassword.php?id={$row['id']}'>Change Password</a> |</td>
<td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br>
</tr></div>\n";
}
?>
Also it doesn't actually UPDATE the password.
Hi, I have a php password reset script that is not updating the database, or there is some other reason the new password reset is giving me a "wrong password" error on trying to use it. Any help Greatly appreciated! Thank you. Code: [Select] <?php define('IN_SCRIPT', true); // Start a session session_start(); ini_set ("display_errors", "1"); error_reporting(E_ALL); $host = " "; $database = " "; $username = " ; $password = " "; $tbl_name = " "; $conn = mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error()); if($conn) { mysql_select_db($database); echo "connected to database!!"; } else { echo "failed to select database"; } //this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info //use error('foobar'); function error($msg) { ?> <html> <head> <script language="JavaScript"> <!-- alert("<?=$msg?>"); history.back(); //--> </script> </head> <body> </body> </html> <? exit; } //This functions checks and makes sure the email address that is being added to database is valid in format. function check_email_address($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } if (isset($_POST['submit'])) { if ($_POST['forgotpassword']=='') { error('Please Fill in Email.'); } if(get_magic_quotes_gpc()) { $forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword'])); } else { $forgotpassword = htmlspecialchars($_POST['forgotpassword']); } //Make sure it's a valid email address, last thing we want is some sort of exploit! if (!check_email_address($_POST['forgotpassword'])) { error('Email Not Valid - Must be in format of name@domain.tld'); } // Lets see if the email exists $sql = "SELECT COUNT(*) FROM users WHERE email = '$forgotpassword'"; $result = mysql_query($sql)or die('Could not find member: ' . mysql_error()); if (!mysql_result($result,0,0)>0) { error('Email Not Found!'); } //Generate a RANDOM MD5 Hash for a password $random_password=md5(uniqid(rand())); //Take the first 8 digits and use them as the password we intend to email the user $emailpassword=substr($random_password, 0, 8); //Encrypt $emailpassword in MD5 format for the database $newpassword = md5($emailpassword); // Make a safe query $query = sprintf("UPDATE `users` SET `password` = '%s' WHERE `email` = '$forgotpassword'", mysql_real_escape_string($newpassword)); mysql_query($query)or die('Could not update members: ' . mysql_error()); //Email out the infromation $site_name = "MYSITECOM"; $site_email = "noreply@MYSITE.COM"; $subject = "Your New Password"; $message = "Your new password is as follows: ---------------------------- Password: $emailpassword ---------------------------- Please make note this information has been encrypted into our database This email was automatically generated."; if(!mail($forgotpassword, $subject, $message, "FROM: $site_name <$site_email>")){ die ("Sending Email Failed, Please Contact Site Admin! ($site_email)"); }else{ error('New Password Sent!.'); } } else { ?> <form name="forgotpasswordform" action="" method="post"> <table border="0" cellspacing="0" cellpadding="3" width="100%"> <caption> <div>Forgot Password</div> </caption> <tr> <td>Email Address:</td> <td><input name="forgotpassword" type="text" value="" id="forgotpassword" /></td> </tr> <tr> <td colspan="2" class="footer"><input type="submit" name="submit" value="Submit" class="mainoption" /></td> </tr> </table> </form> <? } ?> for some reason the password reset part of my site has stopped working and I am very sure that nothing has been altered in the related files since they was created. a visitor clicks 'reset password' link on our site and is taken to the following file which initiates the reset password routine. the visitor would get a link they need to click for the password to be altered and emailed to them. this first file does update the database with a `changeofpasswordcode`and this is emailed as it should be. Code: [Select] <?PHP include('includes/connection.php'); include('includes/functions.php'); date_default_timezone_set('Europe/London'); if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset Password') { $email = mysql_real_escape_string($_POST['email']); $checkConfirmed = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verifyCode != '' LIMIT 1"); $checkEmail = mysql_query("SELECT account_id FROM customers WHERE email='$email' LIMIT 1"); $checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1"); $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1"); if(!$email) { $thisError = 'Please enter your e-mail address.'; } else if(! mysql_num_rows($checkEmail)) { $thisError = 'That email address is not registered with us.'; } else if(mysql_num_rows($checkConfirmed)) { $thisError = 'Your email address has not been verified, please check your email and following instructions within.'; } else if(mysql_num_rows($checkVerify)) { $thisError = 'Your account has not been approved by an Admin.'; } else if(mysql_num_rows($checkBanned)) { $thisError = 'Your account has been suspended by an Admin.'; } else { // } } include('includes/header.php'); ?> <body> <div class="headerBar"> <? include('includes/navigation.php');?> </div> <? headerText(); ?> <div class="content"> <div class="widthLimiter contentStyle"> <div class="formWrapper" style="width: 500px;"> <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?> <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?> <span class="subHeader">Initiate Password Reset</span> <? // password reset $useremail = isset($_POST['email']) != '' ? trim($_POST['email']) : '' ; if ($useremail != "") { // get email and password and email them $sql = "SELECT * FROM `customers` WHERE (`email` = '" . mysql_real_escape_string($useremail) . "') LIMIT 1"; $res = mysql_query($sql); $email = @mysql_result($res, 0 ,'email'); $customerName = @mysql_result($res, 0 ,'fullname'); if(@mysql_num_rows($res) && @mysql_result($res, 0 ,'verified') == "Yes" && @mysql_result($res, 0 ,'suspended') == "No") { if(@mysql_result($res, 0 ,'changeofpasswordcode') != "") { $randomcode = @mysql_result($res, 0 ,'changeofpasswordcode'); } else { $randomcode = CreatePasswordResetCode(); } $_SESSION['customerName'] = $customerName; $_SESSION['customerEmail'] = $email; $_SESSION['randomcode'] = $randomcode; createEmailSend('passwordReset', 'Request to reset your password', 'customer'); $format = 'Y-m-d H:i:s'; $date = date( $format ); // set value in DB that email WAS sent $sql = "UPDATE `customers` SET `changeofpasswordcode` = '" . $randomcode . "', `newpasswordrequestedon` = '" . $date . "' WHERE `email` = '" . mysql_real_escape_string($email) . "' LIMIT 1"; $res = mysql_query($sql); ?><br /><br /><div>You will shortly receive an email which contains a reset password link,<br>please check your email and click this link to reset your password.<br /><br />A new password will then be emailed to you.</div><? } else { // not valid username entered. ?><br /><br /><div>If you are having trouble accessing your account please let us know<br />via <a href="mailto:admin@tm2cars.co.uk">email</a> and we shall look into this for you A.S.A.P.</div><? } } else { ?><br /><br /><div style=""><form method="post" action="">Please enter your Email Address for your account in the<br>field below and click 'Reset' to initiate a password reset.<br /><br /><input name="email" type="text" size="25"><input type="submit" name="reset" value=" Reset Password"></form></div> <? } ?> </div> </div> </div> <? include('includes/footer.php');?> </body> </html> once they get their email they click the link which taken them to the next page which would perform the change of password and have it emailed to them. the link has the correct `changeofpasswordcode` which is in the database but when the link is clicked the page says that the code is not valid as it is not in the DB. and then it removes the `changeofpasswordcode` it should only remove the `changeofpasswordcode` once the new password is setup and emailed, so that the link can not be used again. what i do not understand is why the second file does this, can anyone see what i might be doing wrong ? or what could be causing this ? Code: [Select] <?PHP include('includes/connection.php'); include('includes/functions.php'); date_default_timezone_set('Europe/London'); if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset') { $email = mysql_real_escape_string($_POST['email']); $checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1"); $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1"); if(!$email) { $thisError = 'Please enter your e-mail address.'; } else if(!$password) { $thisError = 'Please enter your password.'; } else if(mysql_num_rows($checkVerify)) { $thisError = 'Your account has not been approved by an Admin.'; } else if(mysql_num_rows($checkBanned)) { $thisError = 'Your account has been suspended by an Admin.'; } else { $password = md5($password); $checkAccount = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND password='$password' LIMIT 1"); if(mysql_num_rows($checkAccount)) { $_SESSION['FM_user'] = $email; header('Location: members.php'); exit; } else { $thisError = 'Your e-mail address and/or password is incorrect.'; } } } include('includes/header.php'); ?> <body> <div class="headerBar"> <? include('includes/navigation.php');?> </div> <? headerText(); ?> <div class="content"> <div class="widthLimiter contentStyle"> <div class="formWrapper"> <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?> <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?> <span class="subHeader">Initiate Password Reset</span> <? // include("sendmail2010.php"); $securitycode = stripstring($_GET[pwr]); if ($securitycode != "") { $sql = "SELECT * FROM `customers` WHERE `changeofpasswordcode` = '".mysql_real_escape_string($securitycode)."' LIMIT 1"; $res = mysql_query($sql); if (@mysql_num_rows($res) && $securitycode != "") { $customerName = @mysql_result($res, 0 ,'fullname'); $email = @mysql_result($res, 0 ,'email'); $yourpasswordtologin = CreateNewPassword(); $format = 'Y-m-d H:i:s'; $date = date( $format ); $sql = "UPDATE `customers` SET `password` = '" . md5(mysql_real_escape_string($yourpasswordtologin)) . "', `changeofpasswordcode` = '', `newpasswordrequestedon` = '' WHERE `changeofpasswordcode` = '" . mysql_real_escape_string($securitycode) . "' LIMIT 1"; $res = mysql_query($sql); $_SESSION['customerName'] = $customerName; $_SESSION['customerEmail'] = $email; $_SESSION['generatePass'] = $yourpasswordtologin; createEmailSend('newPassword', 'Your new password', 'customer'); ?><div style="margin: 30px;">Thank you for completing your password reset process.<br><br>An email with a randomly generated password has been sent to your email address, please check your email account for this email as you will need this password to access your <?=$_SESSION['siteName'];?> account.<br><br><strong><em>Please check your 'spam folder' in case our emails are showing up there.</em></strong><br><br>You may now <a href="<?=$_SESSION['webAddress'];?>">sign in</a> to your account.</div><? } else { ?><div style="margin: 20px;">Sorry the link you clicked is and old password reset link or is not valid, please delete the email.<br><br>If you were trying to reset your password, please click the<br>'Member Login' link on our site and then click the 'Reset Password' link.</div><? } } ?> </div> </div> </div> <? include('includes/footer.php');?> </body> </html> I've somehow lost the password for my account, but when I use the forget password link, it says that it sent a reset link, yet I never get it.
Additionally, when I registered this temporary account to report the problem, I didn't receive a confirmation email for that either.
Forgot Your Password Not working at the customer end, how to solve this error? Reset Password Email not sending to the customer mail account. Edited June 13, 2019 by aveevaHi there all, I want to pull news feeds, from a web site and display them .... I have forgot what commands to use to do this. please help. Any example, i am most grateful. I have a problem w/ a widely used password protect php code. I use a business directory program that allows custom input fields. I'm using this code to password protect a business listing page in my directory code. I created custom fields for the username & password so a listing can enter their own user/pass but when I test it it won't work when I'm calling/echoing the fields. When I hardcode it w/ a user/pass it works. Any ideas on how I should recode this?: Quote <?php // Define your username and password $username = "<?php echo $custom_74; ?>"; $password = "<?php echo $custom_16; ?>"; if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { ?> <h1>Login</h1> <form name="form" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <p><label for="txtUsername">Username:</label> <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> <p><label for="txtpassword">Password:</label> <br /><input type="password" title="Enter your password" name="txtPassword" /></p> <p><input type="submit" name="Submit" value="Login" /></p> </form> <?php } else { ?> I close the code correctly. <?php echo $custom_74; ?> & <?php echo $custom_16; ?> are just incidently my custom field echo codes. I have over 150 custom fields working fine for user/listee options. The password protect code won't accept echos it seems as coded above. Thanks, Gene This is my registering script: <?php include('connectvars.php'); $user_email = strip_tags(trim($_POST['email'])); $firstname = strip_tags(trim($_POST['firstname'])); $lastname = strip_tags(trim($_POST['lastname'])); $nickname = strip_tags(trim($_POST['nickname'])); $password = strip_tags($_POST['password']); $repassword = strip_tags($_POST['repassword']); $dob = $_POST['dob']; $find_us_question = strip_tags(trim($_POST['find_us_question'])); if (isset($_POST['submit_signup'])) { if ((empty($user_email)) || (empty($firstname)) || (empty($lastname)) || (empty($nickname)) || (empty($password)) || (empty($dob))) { echo "Please fill out all the fields!"; } else { // check char length of input data if (($nickname > 30) || ($firstname > 30) || ($lastname > 30) || ($user_email > 50)) { echo "Your nickname, first- and/or lastname seem to be too long, please make sure you have them below the maximum allowed length of 30 characters!"; } else { // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { // encrypt password $password = sha1($password); $repassword = sha1($repassword); if ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $query = sprintf("INSERT INTO user (firstname, lastname, nickname, password, email, dob, doj) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', now())", mysqli_real_escape_string($dbc, $firstname), mysqli_real_escape_string($dbc, $lastname), mysqli_real_escape_string($dbc, $nickname), mysqli_real_escape_string($dbc, $password), mysqli_real_escape_string($dbc, $user_email), $dob); mysqli_query($dbc, $query); mysqli_close($dbc); echo "You have been successfully registered!"; } } } } } ?> A bunch of nested if statements, the read-ability gets worse after a while, I'm new to programming so I don't know if there's a better more read-able solution. Anyway, every time I try to sign up it's printing out the echo message: "Your password must be between 6 and 25 characters!" Which derives from: // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { EVEN if I stay between 6 and 25 characters it's still printing out this error message, let's say I have a password of 8 characters, and I've entered everything else correctly, it's still giving me all the time this error message, and I can not figure out why. Incorrect login attempt 1 \/ Incorrect login attempt 2 \/ Incorrect login attempt 3 -->> ?forgot your login details? What's the most effecient way of achieving this? Is it to: 1. create a session for the user who hasn't logged in 2. the user login fails once, session['fail']=1 3. the user login fails twice, session['fail']=2 4. the user login fails for a third time pushing the session['fail'] count to three: this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system" However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site?? As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can ]) Hi, I have a CMS, I am creating a forgotten password page, the page will require a user to enter an email address and the code will find it in the database and send them an email, in my database, i have multiple users accounts assigned to one email address. I want it so that if the user enters an email address and it was more than one accuont assigned to it, to error a message saying please contact your admin, but atm, it is not doing this. Any suggestions? I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection): $id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'"; $realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena]; $func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];
//Login if(!empty($username)) { // Check the email with database Hi guys I have a script which i've been playing around with thanks to Spiderwell: http://www.phpfreaks.com/forums/index.php?action=profile;u=35078 I have sort of merged it with another 'member managment' script which is working great. Now i can't seem to correctly create a login page to pass the hashed password using (sha1). Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password. Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :| Your help would be much appreciated. Login Page PHP: Code: [Select] <form name="login" method="post" action="check_login.php3"> <p><strong>Secured Area User Log-in</strong></p> <p>Username: <input name="bioname" type="text" id="bioname"></p> <p>Password: <input name="biopass" type="password" id="biopass"></p> <p> </p> <p><input type="submit" name="Submit" value="Login"></p> </form> Check Login Processor (which is the file i that needs the sha1 added somewhere i think) Code: [Select] <?php require_once('config.php3'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // $loginusername = false; $loginpassword = false; $err = false; // default error message is empty // The username and password sent from login.php //the isset() basically means if its there get it, otherwise dont bother if (isset($_POST['bioname'])) $loginusername=$_POST['bioname']; if (isset($_POST['biopass']))$loginpassword=$_POST['biopass']; // if either isnt filled in, tell the user, a very basic bit of validation if (!$loginusername || !$loginpassword) $err = "please complete the form"; if (!$err) //if no error continue { //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); //you could add other things like check for text only blah blah $sql="SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1) { session_start(); $_SESSION['user'] = $loginusername; // store session data //please see I have used a session variable that is generic not specific, otherwise you will have to make this page different for every user //that would be a pain in the ass, you don't need to have user1 or user2, its the value stored that relevant, not what the variable name is header("Location: {$loginusername}/index.php3"); } else { $err = "Wrong Username or Password"; } }// end login if statement if ($err) // show error message if there is one { echo $err; echo "<br>Please go back in your browser and try again"; } ?> The secure page: Code: [Select] <?php session_start(); $mypath = $_SERVER["REQUEST_URI"]; //echo $mypath; // for debugging //now we have the path lets see if the username is in that path, i.e. test2 is inside /something/test2/index.php //use the built in strpos() function, which returns position of the last occurance of the string you are looking for inside another string. //http://php.net/manual/en/function.strrpos.php if(strpos($mypath,"/".$_SESSION['user']."/"))//on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/ { echo "congratulations you are the right person in the right place"; } else { session_destroy(); //kill the session, naughty person trying to come here header("Location: ../login.php3"); die();// stop page executing any further } ?> <html> <body> </body> </html> Thanks and i look forward to your replies. Here is my code if(isset($_POST['pass_btn'])) { $numchars = 8; $chars = explode(',','2,3,4,5,6,7,8,9,a,b,c,d,e,f,g,h,i,j,k,m,n,p,q,r,s,t,u,v,w,x,y,z,2,3,4,5,6,7,8,9,A,B,C,D,E,F,G,H,J,K,L,M,N,P,Q,R,S,T,U,V,W,X,Y,Z,2,3,4,5,6,7,8,9'); $password=''; for($i=0; $i<$numchars;$i++) { $password.=$chars[rand(0,count($chars)-1)]; } } This is set up so when a person pressing the pass_btn, a password is provided. This works just fine. However, it refreshes the page and clears all other data that user may have entered. Suggestions? Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array.
The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway.
I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible.
When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice.
<?php
$page_title = 'Logged in'; //Dynamic title
include('C:/wamp/www/PHP/includes/header.html');
?>
<?php
session_start();
//A array for the sites users with passwords
$users = array(
'Dexter'=>'meow1',
'Garfield'=>'meow2',
'Miro'=>'meow3'
);
//A handle to save the varible users to file on a new line from the last entry
$handle = fopen("newusers.txt, \n\r")
$txt = $users;
fclose($handle);
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
if($users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
}else {
echo "Something went wrong, Please try again";
}
}
?>
<?php
echo "<h3>Login</h3>";
echo "<br />";
?>
<!--A legend form to login-->
<fieldset><legend>Fill in your username and password</legend>
<form name="login" action="777log.php" method="post">
Username: <br />
<input type="text" name="username" value="" /><br />
Password: <br />
<input type="password" name="password" value="" /><br />
<br />
<input type="submit" name="submit" value="Login" />
</fieldset>
</form>
<?php //Footer include file
include('C:/wamp/www/PHP/includes/footer.html');
?>
The logged in page
<?php //Header
$page_title = 'Reading a file';
include('C:/wamp/www/PHP/includes/header.html');
?>
<?php
session_start();
//Use an array forthe sites users
$users = array(
'Dexter'=>'meow1',
'Garfield'=>'meow2',
'Miro'=>'meow3'
);
//
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
echo "You are now loged out";
//The user is loged out and returned to the login page
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
//Something goes wrong here when login without any boxes filled
if($users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
}else {
echo "Something went wrong, Please try again";
$redirect = "Location: 777.php";
}
}
?>
<?php if($_SESSION['username']): ?>
<p><h2>Welcome <?=$_SESSION['username']?></h2></p>
<p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?>
<p>Today Ben&Jerrys Chunky Monkey is my favorite!</p>
<?php //Footer
include('C:/wamp/www/PHP/includes/footer.html');
?>
Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe |
|||||||