Forgot Password Script

batman

Hello,

This is what I am in need of. I want to make it to where when they click forgot password, it'll take them to a page where they enter there email address, and to pick how they would like to receive it.  The two options for receiveing the password are by a javascript error, or if they want it mailed to them, it will mail it to the given address. I've some basic errors so they have to give an email address, have to pick how to receive it, and the email address has to match the databases.

Here is my code for the forgot pass page:



<body bgcolor="#FFFFFF">
<form name="form1" method="post" action="lostpw.php">
  <table width="486" align="center" style="border: 1px dotted; padding: 1px" border="0" cellspacing="0" cellpadding="4">
    <tr> 
      <td valign="top" width="96" rowspan="3"> 
        <div align="center"><br>
          <img src="img_logon.gif" width="72" height="72"></div>
      </td>
      <td valign="top" width="374" height="27"><b>Please enter your email address:</b></td>
    </tr>
    <tr> 
      <td valign="top" height="38"> 
        <input name="email_address" type="text" id="email_address">
      </td>
    </tr>
    <tr> 
      <td valign="top" height="60"> <b>Would you like you password mailed?</b><br>
        <input type="radio" name="mail" value="yes">
        Yes, please. 
        <input type="radio" name="mail" value="no">
        No, just tell me!<br>
        <br>
        <input type="submit" name="Submit" value="Recover My Password!">
        <input name="recover" type="hidden" id="recover" value="recover">
      </td>
    </tr>
    <tr> 
      <td height="0"></td>
      <td></td>
    </tr>
  </table>
</form>

Then the code for the verification page:


<?
include 'db.php';

$mail = $_POST ['mail'];
$email = $_POST ['email_address'];


if(!$mail)
{
echo "Please tell us how you would like to receive your password. <br>";
include 'lost_pw.html';
exit();
}	

if(!$email)
{
echo "Please fill out your email in order to receive your password! <br>";
include 'lost_pw.html';
exit();
}	

$sql_check = mysql_query("SELECT * FROM users WHERE email_address='$email_address'");
	$sql_check_num = mysql_num_rows($sql_check);
	if($sql_check_num == 0){
		echo "No records found matching your email address<br />";
		include 'lost_pw.html';
		exit();
	}

$sql = mysql_query("SELECT * FROM users WHERE password='$password' AND email_address='$email_address'");
	$doublecheck = mysql_num_rows($sql);


if($doublecheck > 0 && $email == 'no');
{
print ("<script>");
print ("alert('Your password is $password');");
print ("</script>");
include 'login_form.html';
exit();
}

else if($doublecheck > 0 $$ $email == 'yes');
{
	echo "<strong>Your password has been sent to your e-mail!</strong> You may login below!<br />";
	include 'login_form.html';
}



$subject = "Your Password for MSP Inc.!";
$message = "Hi, here is your password.

Password: $doublecheck

[url]http://www.mysite.com/login_form.html[/url]

Thanks!
The Webmaster

This is an automated response, please do not reply!";

mail($email_address, $subject, $message, "From: MSP Inc.<msp@starband.net>\nX-Mailer: PHP/" . phpversion());

}

?>

I get an error on line 43.

Thanks for any help,
-Blake

planetsim

If you want help. Please specify what is line 43

dopey

I suspect it's this line:

else if($doublecheck > 0 $$ $email == 'yes');

should be:

else if($doublecheck > 0 && $email == 'yes')

batman

Thank you dopey. I am still having problems with the script though. If they select to have the password e-mailed to them, it doesn't, it just still does the alert. Also it seems like it's not receiving the password, because when it gives the error, it just doesn't say anything.

Here's my new script:


<?
include 'db.php';

$mail = $_POST ['mail'];
$nomail = $_POST ['nomail'];
$email = $_POST ['email_address'];


if(!$mail)
{
echo "Please tell us how you would like to receive your password. <br>";
include 'lost_pw.html';
exit();
}	

if(!$email)
{
echo "Please fill out your email in order to receive your password! <br>";
include 'lost_pw.html';
exit();
}	

$sql_check = mysql_query("SELECT * FROM users WHERE email_address='$email_address'");
	$sql_check_num = mysql_num_rows($sql_check);
	if($sql_check_num == 0){
		echo "No records found matching your email address<br />";
		include 'lost_pw.html';
		exit();
	}

$sql = mysql_query("SELECT * FROM users WHERE password='$password' AND email_address='$email_address'");
	$doublecheck = mysql_num_rows($sql);


if((!isset($nomail)) && $doublecheck > 0);
{
print ("<script>");
print ("alert('Your password is $password');");
print ("</script>");
include 'login_form.html';
exit();
}

if((!isset($mail)) && $doublecheck > 0);
{
	echo "<strong>Your password has been sent to your e-mail!</strong> You may login below!<br />";
	include 'login_form.html';


$subject = "Your Password for MSP Inc.!";
$message = "Hi, here is your password.

Password: $doublecheck

[url]http://www.mysite.com/login_form.html[/url]

Thanks!
The Webmaster

This is an automated response, please do not reply!";

mail($email_address, $subject, $message, "From: MSP Inc.<msp@starband.net>\nX-Mailer: PHP/" . phpversion());

}

?>

Can you see anything that I'm doing wrong?

-Blake

dopey

Try Removing the semi-colon at the end of the follwing lines:

if((!isset($nomail)) && $doublecheck > 0);

and

if((!isset($mail)) && $doublecheck > 0);

Cheers

xblue

and make sure to escape quotes within the string that you assign to $message.