[RESOLVED] Simple Forgot Password script

Mr_Chew

The script:

<form name="forgot" method="post" action="<?php $_SERVER['PHP_SELF'];?>">
<p><label for="username">Username:</label>
<input name="username" type="text" value="" />
</p>
<input type="submit" name="submit" value="submit"/>
<input type="reset" name="reset" value="reset"/>
</form>
<?php
if(isset($_POST['submit']))
{
mysql_connect("localhost", "**", "**") or die(mysql_error());
mysql_select_db("**") or die(mysql_error());

$username = $_POST['username'];
$sql="SELECT `email` FROM `login` WHERE `username` ='.$username.'";
$query = mysql_query($sql);

if(!$query) 
	{
	die(mysql_error());
	}

if(mysql_affected_rows() != 0)
	{
$row=mysql_fetch_array($query);
$password=$row["password"];
$email=$row["email"];
$subject="your password";
$header="from:you@yourdomain.com";
$content="your password is ".$password;
mail($email, $subject, $row, $header);
print "An email containing the password has been sent to you";
	}
else 
	{
	echo("no such login in the system. please try again.");
	}
}
?>

The problem:

The script is not working. When I enter a working registered username it displays the echo statement no such login no matter what. My config info is correct. I have a table login with the fields username and password and checked for spelling. Any ideas why this isn't working?

Thanks in advance

rulian

your query
$sql="SELECT email FROM login WHERE username ='.$username.'";

shoudl be

$sql="SELECT * FROM login WHERE username ='.$username.'";

the problem is
$sql="SELECT email FROM login WHERE username ='.$username.'";
returns only the email field to the server, so the password is never returned

laserlight

Instead of using a SELECT *, also select the password column:

$sql = "SELECT `email`, `password` FROM `login` WHERE `username` ='.$username.'";

Mr_Chew

I have tried both suggestions and still receive the error no such login in the system. I have no idea what's causing this.... any other ideas? any help is greatly appreciated thank you.

laserlight

I notice that you are using mysql_selected_rows(). Use mysql_num_rows() instead, or simply check that the return value of mysql_fetch_array() is not false.

Mr_Chew

I tried using mysql_num_rows() instead of mysql_affected_rows and got this error message along with the echo statement:

Warning: Wrong parameter count for mysql_num_rows() in /home2/mysite/public_html/forgotpassword.php on line 24
no such login in the system. please try again.

any ideas?

laserlight

I tried using mysql_num_rows() instead of mysql_affected_rows and got this error message along with the echo statement:

Read the PHP Manual on [man]mysql_num_rows/man.

Mr_Chew

i read the php manual but still do not know how to solve this problem. any last remarks someone may have to help? i'm desperate at this point. thanks.

future448

Change:

$sql = "SELECT `email`, `password` FROM `login` WHERE `username` ='.$username.'";

To:

$sql = "SELECT `email`, `password` FROM `login` WHERE `username` = '$username'";

laserlight

i read the php manual but still do not know how to solve this problem.

Which problem? The problem with mysql_affected_rows() is that it returns 0 for a SELECT query. The problem with your use of mysql_num_rows() is that you did not provide a result resource. You still has another problem, as shown by future448.

Mr_Chew

future thanks for your post. the script now works however in the mail function, the password doesn't display in the email message and is left blank here:

$row=mysql_fetch_array($query);
$password=$row["password"];
$email=$row["email"];
$subject="Verbazon.net - Password Request";
$header="From: webmaster@verbazon.net";
$content="Your password is ".$password;
mail($email, $subject, $content, $header);

The person receiving an email only sees: Your password is

future448

Well the obvious question is are you sure that the password field is not empty?

I would also heed Laserlight's advice and use mysql_num_rows($query), you can then check that only one row is returned, or is the username column unique?

Either way, I would probably try entering your query into a sql editor such as phpmyadmin so you actually know for sure whats being returned.

starfish888

I know this is an old post and i am sorry, but I am a PHP newbie and really need help.
I didn't see the end resolution to this problem and i am having the same exact problem now. How was this fixed?

Timia

This is a working version with no problems in it:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<form name="forgot" method="post" action="<?php $SERVER['PHP_SELF'];?>">
<p><label for="username">Username:</label>
<input name="username" type="text" value="" />
</p>
<input type="submit" name="submit" value="submit"/>
<input type="reset" name="reset" value="reset"/>
</form>
<?php
if(isset($POST['submit']))
{
mysql_connect("localhost", "user", "password") or die(mysql_error());
mysql_select_db("databasename") or die(mysql_error());

$username = $_POST['username'];
$sql = "SELECT email, password FROM users WHERE username = '$username'";
$query = mysql_query($sql);

if(!$query)

{
die(mysql_error());
}

if(mysql_affected_rows() != 0)
{
$row=mysql_fetch_array($query);
$password=$row["password"];
$email=$row["email"];
$subject="your company - your password";
$header="From: emailadddress";
$content="Your password is: ".$password;
mail($email, $subject, $content, $header);
print "We sent you an email with your password.";
}
else

{
echo("no such login in the system. please try again.");
}
}
?>

</body>
</html>

ianhaney

Is this post still active as am using the following script and works perfect apart from a couple of little issues

1) Could it be updated to mysqli
2) within the email I receive the password as it it stored in the db which is hashed, is it possible to decrypt it within the email?

Thank you in advance

Ian

Timia;11047869 wrote:
This is a working version with no problems in it:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<form name="forgot" method="post" action="<?php $SERVER['PHP_SELF'];?>">
<p><label for="username">Username:</label>
<input name="username" type="text" value="" />
</p>
<input type="submit" name="submit" value="submit"/>
<input type="reset" name="reset" value="reset"/>
</form>
<?php
if(isset($POST['submit']))
{
mysql_connect("localhost", "user", "password") or die(mysql_error());
mysql_select_db("databasename") or die(mysql_error());

$username = $_POST['username'];
$sql = "SELECT email, password FROM users WHERE username = '$username'";
$query = mysql_query($sql);

if(!$query)

{
die(mysql_error());
}

if(mysql_affected_rows() != 0)
{
$row=mysql_fetch_array($query);
$password=$row["password"];
$email=$row["email"];
$subject="your company - your password";
$header="From: emailadddress";
$content="Your password is: ".$password;
mail($email, $subject, $content, $header);
print "We sent you an email with your password.";
}
else

{
echo("no such login in the system. please try again.");
}
}
?>

</body>
</html>