Password Confirmation Problem

Ammar

Hi,
I've been making a code which does the following. The user fills out a form (and is added to the database- this works fine). Then on a new screen they again have to enter the e-mail address. What I want the code to do is take that e-mail address, check the database for a match(there should be one if the form was correctly filled out) and then send them a confirmation e-mail that has their password in it (which they also entered in the form. )

<?php
$email = $_POST['email'];
$errors = "";


// connect to the mysql server
$db_host		= "";
$db_username	= "dbname";
$db_password	= "dbpassword";
$db_name		= "dbname";
include("admin__db.php");

$password = mysql_query("SELECT id FROM dbname WHERE password LIKE $result") or exit(mysql_error());
$result = mysql_query("SELECT id FROM dbname WHERE id = '" . $_POST['email'] . "'") or exit(mysql_error());
if (mysql_num_rows($result))
{	
	echo "<span class='style2'>".'Your login information has been sent. PLease check your email in a few minutes'."</span>";
    $to = $email;
    $subject = 'Your Password';
    $message = "Your password is: $password ";
    $from = 'From: TEST <me@test.com>';
    mail($to, $subject, $message, $from) or exit('mail failed');
}
else
{
    echo "<span class='style1'>".'No match found with the e-mail address you entered. Please check and try again.'."</span>";
} 




?>

What the code does now: echoes error message (e-mail not found) regardless of weather it is in the database or not.
Also, I'm not sure if I'm retrieving the password correctly.

chasiv

I imagine your include statement above is making the connection for you?? I notice you have the variables for the connection, but are not making a connection (unless it is done in the include statement).

Also, in your

$password = mysql_query("SELECT id FROM dbname WHERE password LIKE $result") or exit(mysql_error());

you are using the $result variable before you have an a value for it. Don't you want to look up the password by the e-mail address and not the $result variable.

Also, should admin__db.php have 2 underscores as it is appears to have in your code?

Just a few things to check..

I would first recommend you verify your connection by posting your results to a simple query to the page.. To be sure you have a connection. You may also want to echo your query statements to the page as well -- so you know they are what you truly want.

chasiv

Also... FYI, you should use something more like this for LIKE statements:

$password = mysql_query("SELECT id FROM dbname WHERE password LIKE %$result%");

The % sign is the wildcard. Under your current code it will only find an exact match for $result. (assuming $result has a value and it want you wnated to check against.)

Ammar

Thanks for the advice. The connection wasnt the problem, that was what the include was for. But I've just gone back and started form scratch and re-done it and now it works.
-Thanks again for trying to help
ammar.