password recovery parsing from database

Vampirev

hey guys, i can get all the data working except i cant parse the user / pass from the database

suggestions?

cheers
Vamps



// looks up database for email address
if ($recover == "entered")
{

$sql = "select * from clientdb where email = '$email'";

$result = (mysql_query($sql))  

or die(mysql_error());
$num_rows = mysql_num_rows($result);

while($row=mysql_fetch_array($result))
{
$user = $row['login'];
}




print("U : ".$user);
print("P : ".$pass);


if ($num_rows <= 0) 
	{  

		Print("Sorry, the email address entered was not found in the database");
	}
Else
	{
	$sendto = $email;
	$subject = "On Stage Shirts Login Information";
	$from = "Support@onstageshirts.com.au";
	$message = "Here is your onstageshirts.com.au Login information<br><br>Username : ".$user."<br><br>Password : ".$pass;

$headers = "From: onstageshirts.com.au <Support@onstageshirts.com.au>\r\n"."Content-Type: text/html";

//mail($sendto, $subject, $message, $headers);
Print("An Email containing your username and password has been sent to ".$email);
	}
}

print("<pre>");
print_r($_REQUEST);
print("</pre>");


?>

<form name="recover" action="recover.php" method="post">
<table>
<tr>
<td>Enter Your Email Address :</td>
<td><input type="text" name="email" value="<?=$email?>"></td>
</tr>
<td colspan="2" align="center">
<input type="submit" value="Recover Password">
<input type="hidden" name="recover" value="entered">
</td>
</table>
</form>

planetsim

What errors are you getting?
After looking quickly I noticed a few things.

Use $_POST on posted data
You seem to be storing the users password as raw text, not a good idea look into something like [man]md5[/man] and then recreate the Users Password on Recovery.

Also where is $pass being defined?

Vampirev

ah was in middle of testing hence pass isnt assigned (will be once i get login working)
will also work on pass encrytption etc as i leanr how to use this language 🙂

not quite sure what u mean by using $_POSt can you please provide an example..

cheers
vamps

Vampirev

actually i think i know what you mean.. im using $_REQUEST INSTEAD.

still not grabbing pass . user from table.. not sure why



// looks up database for email address
if ($recover == "entered")
{

$sql = "select * from clientdb where email = '$email'";

$result = (mysql_query($sql))  

or die(mysql_error());
$num_rows = mysql_num_rows($result);

while($row=mysql_fetch_array($result))
{
$user = $row['login'];
$pass = $row['password'];
}




print("U : ".$_REQUEST['user']);
print("P : ".$_REQUEST['pass']);


if ($num_rows <= 0) 
	{  

		Print("Sorry, the email address entered was not found in the database");
	}
Else
	{
	$sendto = $_REQUEST['email'];
	$subject = "On Stage Shirts Login Information";
	$from = "Support@onstageshirts.com.au";
	$message = "Here is your onstageshirts.com.au Login information<br><br>Username : ".$_REQUEST['user']."<br><br>Password : ".$_REQUEST['pass'];

$headers = "From: onstageshirts.com.au <Support@onstageshirts.com.au>\r\n"."Content-Type: text/html";

//mail($sendto, $subject, $message, $headers);
Print("An Email containing your username and password has been sent to ".$_REQUEST['email']);
	}
}

print("<pre>");
print_r($_REQUEST);
print("</pre>");


?>

<form name="recover" action="recover.php" method="post">
<table>
<tr>
<td>Enter Your Email Address :</td>
<td><input type="text" name="email" value="<?=$email?>"></td>
</tr>
<td colspan="2" align="center">
<input type="submit" value="Recover Password">
<input type="hidden" name="recover" value="entered">
</td>
</table>
</form>

thorpe

variables sent from a form using the 'post' method should be retrieved using;

$name = $_POST['name'];

and not directly using just $name. same goes for $_GET.

besides that... i dont see where you asign values to the $user and $pass variables used in this line.

$message = "Here is your onstageshirts.com.au Login information<br><br>Username : ".$user."<br><br>Password : ".$pass;

thorpe

isn't the whole point of this script the fact that your user has lost there password?

if thats the case, then they never send you there username or password through the form, so accessing them $_REQUEST is no good.

Vampirev

doh, im still new to understanding what the variables do..

what should i be using?

Vampirev

was trying to set user / pass from the database here

while($row=mysql_fetch_array($result))
{
$user = $row['login'];
$pass = $row['password'];
}

obviously thats not working..

how do i parse to main script?

Vampirev

resolved, moved a few things around..

still messy i guess but heres the finished code if anyones interested 🙂



// looks up database for email address
if ($recover == "entered")
{

$sql = "select * from clientdb where email = '$email'";

$result = (mysql_query($sql))  

or die(mysql_error());
$num_rows = mysql_num_rows($result);


if ($num_rows <= 0) 
	{  

		Print("Sorry, the email address entered was not found in the database");
	}
Else
	{

$sql = "select * from Control where email = '$email'";

$result = (mysql_query($sql))  

or die(mysql_error());
$num_rows = mysql_num_rows($result);

while($row=mysql_fetch_array($result))
{
$user = $row['login'];
$pass = $row['rawpass'];

$sendto = $_REQUEST['email'];
$subject = "On Stage Shirts Login Information";
$from = "Support@onstageshirts.com.au";
$message = "Here is your onstageshirts.com.au login information<br><br>Username : ".$user."<br>Password : ".$pass;

$headers = "From: onstageshirts.com.au <Support@onstageshirts.com.au>\r\n"."Content-Type: text/html";

mail($sendto, $subject, $message, $headers);
Print("An Email containing your username and password has been sent to ".$_REQUEST['email']);
}
}
}

print("<pre>");
print_r($_REQUEST);
print("</pre>");


?>

<form name="recover" action="recover.php" method="post">
<table>
<tr>
<td>Enter Your Email Address :</td>
<td><input type="text" name="email" value="<?=$email?>"></td>
</tr>
<td colspan="2" align="center">
<input type="submit" value="Recover Password">
<input type="hidden" name="recover" value="entered">
</td>
</table>
</form>