your query
$sql="SELECT email FROM login WHERE username ='.$username.'";

shoudl be

$sql="SELECT * FROM login WHERE username ='.$username.'";

the problem is
$sql="SELECT email FROM login WHERE username ='.$username.'";
returns only the email field to the server, so the password is never returned

Instead of using a SELECT *, also select the password column:

$sql = "SELECT `email`, `password` FROM `login` WHERE `username` ='.$username.'";

I have tried both suggestions and still receive the error no such login in the system. I have no idea what's causing this.... any other ideas? any help is greatly appreciated thank you.

I notice that you are using mysql_selected_rows(). Use mysql_num_rows() instead, or simply check that the return value of mysql_fetch_array() is not false.

I tried using mysql_num_rows() instead of mysql_affected_rows and got this error message along with the echo statement:

Warning: Wrong parameter count for mysql_num_rows() in /home2/mysite/public_html/forgotpassword.php on line 24
no such login in the system. please try again.

any ideas?

I tried using mysql_num_rows() instead of mysql_affected_rows and got this error message along with the echo statement:

Read the PHP Manual on [man]mysql_num_rows/man.

i read the php manual but still do not know how to solve this problem. any last remarks someone may have to help? i'm desperate at this point. thanks.

Change:

$sql = "SELECT `email`, `password` FROM `login` WHERE `username` ='.$username.'";

To:

$sql = "SELECT `email`, `password` FROM `login` WHERE `username` = '$username'";

i read the php manual but still do not know how to solve this problem.

Which problem? The problem with mysql_affected_rows() is that it returns 0 for a SELECT query. The problem with your use of mysql_num_rows() is that you did not provide a result resource. You still has another problem, as shown by future448.

future thanks for your post. the script now works however in the mail function, the password doesn't display in the email message and is left blank here:

$row=mysql_fetch_array($query);
$password=$row["password"];
$email=$row["email"];
$subject="Verbazon.net - Password Request";
$header="From: webmaster@verbazon.net";
$content="Your password is ".$password;
mail($email, $subject, $content, $header);

The person receiving an email only sees: Your password is

Well the obvious question is are you sure that the password field is not empty?

I would also heed Laserlight's advice and use mysql_num_rows($query), you can then check that only one row is returned, or is the username column unique?

Either way, I would probably try entering your query into a sql editor such as phpmyadmin so you actually know for sure whats being returned.

I know this is an old post and i am sorry, but I am a PHP newbie and really need help.
I didn't see the end resolution to this problem and i am having the same exact problem now. How was this fixed?

This is a working version with no problems in it:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<form name="forgot" method="post" action="<?php $SERVER['PHP_SELF'];?>">
<p><label for="username">Username:</label>
<input name="username" type="text" value="" />
</p>
<input type="submit" name="submit" value="submit"/>
<input type="reset" name="reset" value="reset"/>
</form>
<?php
if(isset($POST['submit']))
{
mysql_connect("localhost", "user", "password") or die(mysql_error());
mysql_select_db("databasename") or die(mysql_error());

$username = $_POST['username'];
$sql = "SELECT email, password FROM users WHERE username = '$username'";
$query = mysql_query($sql);

if(!$query)

{
die(mysql_error());
}

if(mysql_affected_rows() != 0)
{
$row=mysql_fetch_array($query);
$password=$row["password"];
$email=$row["email"];
$subject="your company - your password";
$header="From: emailadddress";
$content="Your password is: ".$password;
mail($email, $subject, $content, $header);
print "We sent you an email with your password.";
}
else

{
echo("no such login in the system. please try again.");
}
}
?>

</body>
</html>

Hi

Is this post still active as am using the following script and works perfect apart from a couple of little issues

1) Could it be updated to mysqli
2) within the email I receive the password as it it stored in the db which is hashed, is it possible to decrypt it within the email?

Thank you in advance

Ian

Timia;11047869 wrote:

This is a working version with no problems in it:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<form name="forgot" method="post" action="<?php $SERVER['PHP_SELF'];?>">
<p><label for="username">Username:</label>
<input name="username" type="text" value="" />
</p>
<input type="submit" name="submit" value="submit"/>
<input type="reset" name="reset" value="reset"/>
</form>
<?php
if(isset($POST['submit']))
{
mysql_connect("localhost", "user", "password") or die(mysql_error());
mysql_select_db("databasename") or die(mysql_error());

$username = $_POST['username'];
$sql = "SELECT email, password FROM users WHERE username = '$username'";
$query = mysql_query($sql);

if(!$query)

{
die(mysql_error());
}

if(mysql_affected_rows() != 0)
{
$row=mysql_fetch_array($query);
$password=$row["password"];
$email=$row["email"];
$subject="your company - your password";
$header="From: emailadddress";
$content="Your password is: ".$password;
mail($email, $subject, $content, $header);
print "We sent you an email with your password.";
}
else

{
echo("no such login in the system. please try again.");
}
}
?>

</body>
</html>