Need a little help

edsdesigns

my code seems to be working for the most part except when I ask it to compare the email field in the database to the email that was provided in the form it does not return to me that the email does not exists in my database. can someone please take a look at what I am doing wrong

<?php

include 'includes/database.php';
include 'includes/header.php';

if (!$REQUEST['action']) {
echo "<table border='0' align='center'>";
echo " <tr>";
echo " <td>If you have forgotten your Password/Username you can choose one of <br>";
echo " two ways to recover your Password/Username and your Password/Username <br>";
echo " will be emailed to you</td>";
echo " </tr>";
echo "</table>";
echo "<br>";
echo "<table border='0' align='center'>";
echo " <tr>";
echo " <td align='center'>";
echo " <form method='post' action='forgot.php'>";
echo " <input type='hidden' name='action' value='1'>";
echo " <table border='0'>";
echo " <tr>";
echo " <td><b>By Username :</b></td>";
echo " </tr>";
echo " <tr>";
echo " <td><input type='text' name='username'></td>";
echo " </tr>";
echo " <tr>";
echo " <td align='center'><input type='submit' value='Submit'></td>";
echo " </tr>";
echo " </table>";
echo " </form>";
echo " </td>";
echo " <td width='10'> </td>";
echo " <td valign='middle'><strong>OR</td>";
echo " <td width='10'> </td>";
echo " <td align='center'>";
echo " <form method='post' action='forgot.php'>";
echo " <input type='hidden' name='action' value='2'>";
echo " <table border='0'>";
echo " <tr>";
echo " <td><b>By Email Address :</b></td>";
echo " </tr>";
echo " <tr>";
echo " <td><input type='text' name='email' size='50'></td>";
echo " </tr>";
echo " <tr>";
echo " <td align='center'><input type='submit' value='Submit'></td>";
echo " </tr>";
echo " </table>";
echo " </form>";
echo " </td>";
echo " </tr>";
echo "</table>";
} elseif ($REQUEST['action'] == 1) {
$query_username = "SELECT last,title,email,pass FROM members WHERE last = '".$POST['username']."'";
$result_username = mysql_query($query_username) or die("Your Username does not match any username in our records");
while ($line = mysql_fetch_array($result_username)) {
$last = $line['last'];
$title = $line['title'];
$email = $line['email'];
$pass = $line['pass'];
}
if ($POST['username'] == $last) {
$email_to = $email;
$subject = "Password/Username Request";
$body = "$title ".ucwords($POST['username']).", your username and password are provided below";
$body .= "\n\nUsername = ".$POST['username']."";
$body .= "\nPassword = $pass";
$body .= "\n\nPlease keep this in a safe place";
$header = "From: JamsDiscJockeyEnt\n";
mail($email_to, $subject, $body, $header);
echo "Your Username and Password have been emailed to the email address you provided us";
} else {
echo "The information you submited does not match our records";
}
This is where my problem is
} elseif ($REQUEST['action'] == 2) {
$query_username = "SELECT * FROM members WHERE email = '".$POST['email']."'";
$result_username = mysql_query($query_username) or die("Your Email does not match any Emails in our records");
while ($line = mysql_fetch_array($result_username)) {
$last = $line['last'];
$title = $line['title'];
$email = $line['email'];
$pass = $line['pass'];
}
if ($email == $_POST['email']) {
$email_to = $email;
$subject = "Password/Username Request";
$body = "$title ".ucwords($last).", your username and password are provided below";
$body .= "\n\nUsername = $last";
$body .= "\nPassword = $pass";
$body .= "\n\nPlease keep this in a safe place";
$header = "From: JamsDiscJockeyEnt\n";
mail($email_to, $subject, $body, $header);
echo "Your Username and Password have been emailed to the email address you provided us";
} else {
echo "The information you submited does not match our records";
}
}

include 'includes/footer.php';

dougal85

I cant see anything wrong, but its very hard to read your code.

edit the post and do us a favour by putting [ p h p ] at the start of your code and [ / p h p] at the end.

I assume there is no errors or failed queries?

NogDog

In this code:

$result_username = mysql_query($query_username) or die("Your Email does not match any Emails in our records");

...You are testing the result of mysql_query() for failure to determine if an email is valid, but it will only evaluate as false if MySQL is unable to process the query for some reason. What you need to do is something like:

$result_username = mysql_query($query_username) or die("Query failed. ".mysql_error());
if(mysql_num_rows($result_username) == 0) {
  die("Your Email does not match any Emails in our records");
}

edsdesigns

I thank you for your help NogDog it worked great