forgot password script problem

steveDD

Hi Struggling with this forgotten password script.

I want the user to enter their email address (called "email" in D😎 & then a new password is generated and sent out to them.

the table in the DB is called sign_up and the password field is exactly as it is "password.

What I have is the following;

<?php
session_start();  // Start Session
session_register("session");

session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);

// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables  

$email = $_POST['email'];
if (!isset($_POST['email'])) {
?>

<h2>Recover a forgotten password!</h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">    

	<p class="style3"><label for="email_address">Email:</label>    

    <input type="text" title="Please enter your email address" name="email" size="30"/></p>    <p class="style3"><label title="Reset Password">&nbsp</label>    

    <input type="submit" value="Submit" class="submit-button"/></p></form>

<?php
}
elseif (empty($email)) {    

echo $empty_fields_message;
}
else {
$email=mysql_real_escape_string($email);
$status = "OK";
$msg="";

//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email,"@") OR !stristr($email,".")) {
$msg="Your email address is not correct<BR>"; 
$status= "NOTOK";}
echo "<br><br>";
if($status=="OK"){  $query="SELECT email,name FROM sign_up WHERE users.email = '$email'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable 
if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='http://www.mysite.uk/register'>Register</a> </center>"; exit;}
function makeRandomPassword() { 
	$salt = "abchefghjkmnpqrstuvwxyz0123456789";           

	srand((double)microtime()*1000000);            

	$i = 0;           

	while ($i <= 7) { 
	$num = rand() % 33;                 

	$tmp = substr($salt, $num, 1);                 

	$pass = $pass . $tmp;                 

	$i++;
	 }           

	 return $pass;     

	 }     

	 $random_password = makeRandomPassword();     

	 $db_password = md5($random_password);


 $sql = mysql_query("UPDATE sign_up SET password='$db_password' WHERE email='$email'");          
 $subject = "Your password at www.mysite.com";     
 $message = "Hi, we have reset your password. 

  New Password: $random_password          

  http://www.mysite.com/login    
  Once logged in you can change your password          
  Thanks!     

  Site admin          
  This is an automated response, please do not reply!";

  mail($email, $subject, $message, "From: mysite.com Webmaster<info@mysite.co.uk>\n         X-Mailer: PHP/" . phpversion());     
  echo "Your password has been sent! Please check your email!<br />";     
  echo "<br><br>Click <a href='http://www.mysite.com/login'>here</a> to login"; 
  }  
  else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
  }

?>

steveDD

Does anyone have any ideas?

7xb_co_uk

what errors are you getting? 😕

whats not happening what should be, whats happening that shouldn't be?

Jon

steveDD

It is now working and changing the password but problem is I don't receive the email!!

I can't understand why, the email address I am using is set up on my mail system. I have emailed my host and they state;

"This issue is occuring because there is a missing fifth parameter in your mail script. This has always been a requirement of mail scripts on our shared hosting platform but recent updates to our Linux servers (from PHP4 to PHP5) has meant that this is now always required."

Any ideas what I can do to this code to solve the problem?

<?php 
session_start(); 
include("data/data.php"); 
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error()); 
mysql_select_db($user, $conn); 

// This is displayed if all the fields are not filled in 
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back"; 
// Convert to simple variables   

$email = $_POST['email']; 
if (!isset($_POST['email'])) { 
?> 

<h2>Recover a forgotten password!</h2> 
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">     

    <p class="style3"><label for="email">Email:</label>     

    <input type="text" title="Please enter your email address" name="email" size="30"/></p>    <p class="style3"><label title="Reset Password">&nbsp</label>     

    <input type="submit" value="Submit" class="submit-button"/></p></form> 

<?php 
} 
elseif (empty($email)) {     

echo $empty_fields_message; 
} 
else { 
$email=mysql_real_escape_string($email); 
$status = "OK"; 
$msg=""; 

//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); 
if (!stristr($email,"@") OR !stristr($email,".")) { 
$msg="Your email address is not correct<BR>";  

$status= "NOTOK";} 
echo "<br><br>"; 
if($status=="OK"){  $query="SELECT name, email FROM sign_up WHERE users.email = '$email'"; 
$st=mysql_query($query); 
$recs=mysql_num_rows($st); 
$row=mysql_fetch_object($st); 
$em=$row->email;// email is stored to a variable  

if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href='http://www.jackgodfrey.org.uk/register'>Register</a> </center>"; exit;} 
function makeRandomPassword() {  

    $salt = "abchefghjkmnpqrstuvwxyz0123456789";            

    srand((double)microtime()*1000000);             

    $i = 0;            

    while ($i <= 7) {  

    $num = rand() &#37; 33;                  

    $tmp = substr($salt, $num, 1);                  

    $pass = $pass . $tmp;                  

    $i++; 
     }            

     return $pass;      

     }      

     $random_password = makeRandomPassword();      

     $db_password = md5($random_password); 


 $sql = mysql_query("UPDATE sign_up SET password='$db_password' WHERE email='$email'");           
 $subject = "Your password at www.yoursite.com";      
 $message = "Hi, we have reset your password.  

  New Password: $random_password           

  http://www.yoursite.com/login     
  Once logged in you can change your password           
  Thanks!      

  Site admin           
  This is an automated response, please do not reply!"; 

  mail($email, $subject, $message, "From: yoursite.com Webmaster<info@.co.uk>\n         X-Mailer: PHP/" . phpversion());      
  echo "Your password has been sent! Please check your email!<br />";      
  echo "<br><br>Click <a href='http://www.yoursite.com/login'>here</a> to login";  
  }   
  else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";} 
  } 

?>

blackhorse

http://ca.php.net/manual/en/function.mail.php, check the last parameter of mail function

mail($email, $subject, $message, "From: yoursite.com Webmaster<info@co.uk>\n X-Mailer: PHP/" . phpversion(), "-f info@co.uk");

This will tell the sender is info@co.uk

steveDD

I have tried changing the mail bit of the script to this but still doesn't send even though this does work with another script.

 mail($_GET[email],
"Password Request! Your password!",
"Dear $_GET[name]\n\nYour  password is attached below. You are advised to change you password as soon as you log back in.\n
New Password: $random_password \n
Log onto  to find out more.
\n\nThe  Team
\n\nThis is an automated message. Please do not reply to this email.",
"From: confirm@mysite.co.uk",
"-fconfirm@ymsite.co.uk");

  echo "Your password has been sent! Please check your email!<br />";     
  echo "<br><br>Click <a href=login.php'>here</a> to login"; 
  }  
  else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
  }

?>

Any further ideaS?

blackhorse

mail($GET[email],
"Password Request! Your password!",
"Dear $GET[name]\n\nYour password is attached below. You are advised to change you password as soon as you log back in.\n
New Password: $random_password \n
Log onto to find out more.
\n\nThe Team
\n\nThis is an automated message. Please do not reply to this email.",
"From: confirm@mysite.co.uk\r\n",
"-fconfirm@ymsite.co.uk");

try add \r\n in the header part.

steveDD

Nope tried this with no luck,

My table I want the new pssword to go into is called online offers, the email address is called 'email' in the DB and the password field is called 'password'. I am sure this part has to be working cause when I submit the script I can't login.

Steve

big_nerd

steveDD,

Have you thought of using a mailer class such as PHPMailer or Swift Mailer?

I use PHPMailer in many applications and have had no problems personally, and its quite easy to use.

PHPMailer also allows you to send HTML and Text based emails as well.

blackhorse

$GET['email'] ? or $POST['email']? Your used GET or POST differently in your 2 scripts samples.

You should try a simple email script or ask your ISP to give you a sample email script that works on your server to make sure that the mail() is actually working as your ISP said.

steveDD

Yeah I know the email script is working because I have the exact one running on another page. You mention the $GET['email'] ? or $POST['email']?

should there only be one?

blackhorse

It depends on your form is set up use "get" or "post" method. in your old scripts you were using post, and in your later scripts you were using get. It should be just one. Try $_POST['email'] first.