php script not functioning properly

steveDD

I have a script when the users lose their password they enter there email address and then a new one is generated and sent to them by email. I have the code below and at the minute I enter the email address and nothing happens.

The variable info is
page forgotpass.php
field in db called "password"
email field is called "email"
"password" field is number 17"

However I don't think it is getting this far because I enter a email address and it just disappears I do not get any error messages.

I have tried to debug (using echo hello) and all worked fine until I put it after this line return $password;

I have left the echo in to show. Even if I put in "ffvfdhdav" it doesn't bring the error message saying email not found just dissappears again obv not getting this far, any ideas?

<?php  

session_start();  

include("data/data.php");  

$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());  

mysql_select_db($user, $conn);  

function generatePassword ($length)  

{  

  // start with a blank password  

  $password = "";  

  // define possible characters  

  $possible = "0123456789bcdfghjkmnpqrstvwxyzBCDFGHJKMNPQRSTVWXYZ";   

  // set up a counter  

  $i = 0;  

  // add random characters to $password until $length is reached  

  while ($i < $length) {   

    // pick a random character from the possible ones  

    $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);     

    // we don't want this character if it's already in the password  

    if (!strstr($password, $char)) {   

      $password .= $char;  

      $i++;  

    }  

  }  

  // done!  

  return $password;  

  //echo "hello";  

}  

//only run this code if submit button pressed  

if ($_POST['action']=="Reset Password") {  

    //check that email address does exist in database before attempting to reset  

        $sql = "SELECT * FROM `sign_up` where email='".mysql_real_escape_string($_POST['emailaddress'])."'";  

        $result = mysql_query($sql);  

        //check there was a return if not show error  

        if ($result==FALSE) {  

            $err="Email address not found in database please enter the email address used on account creation";  

        } else { //if there was a return begin reset process.  

            generatePassword(8);//call password generation function number is password length to be generated  

            $updatesql = "UPDATE `sign_up` SET password='".md5($password)."' where email='".mysql_real_escape_string($_POST['emailaddress'])."'";  

            $result2 = mysql_query($updatesql);  

            if (!$result2) {  

                die('Invalid query: ' . mysql_error());  

            }  

            $msg = '';  

            $msg .= 'Password information for mysite.co.uk<br>';  

            $msg .= '<br>';  

            $msg .= 'Your new password is: '.$password.'<br>';  

                $emailaddress = $_POST['emailaddress'];//destination email address  

                $email = 'info@mysite.co.uk'; //Sets the senders mail address - you may want to change this  

                $mailheader = "From: $email\r\nContent-type: text/html\r\n";   

                mail($emailaddress, 'Your new password for gdg', $msg, $mailheader);//this sends the mail the bit in '' appears as the subject to the email and the body is $msg  

            $confirm = "Your Password has been updated in the database and emailed to the address registered with our system.";  

        }  

}  

?>  

<table width="300" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#DAE8FF">  

  <tr>  

    <form action="forgotpass.php" method="post" name="form1" id="form1">  

      <td height="172">  

          <table width="100%" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFFFFF">  

            <tr>  

              <td colspan="3" bordercolor="#DAE8FF" bgcolor="#DAE8FF"><div align="center"><strong>Forgotten Password</strong></div></td>  

            </tr>  

            <?php if (strlen($err)>0) {?>  

            <tr>  

              <td colspan="3" bordercolor="#DAE8FF" bgcolor="#DAE8FF"><div align="center"><strong><font color="red"><?php echo $err;?></font></strong></div></td>  

            </tr>  

            <?php } ?>  

            <tr>  

              <td colspan="3" bordercolor="#DAE8FF" bgcolor="#DAE8FF">If you have forgotten your password simply fill in this form with the email address registered against your account.  We will generate a new password and email it to you.</td>  

            </tr>  

            <tr>  

              <td width="78" bordercolor="#DAE8FF" bgcolor="#DAE8FF">Email Address</td>  

              <td width="6" bordercolor="#DAE8FF" bgcolor="#DAE8FF">:</td>  

              <td width="294" bordercolor="#DAE8FF" bgcolor="#DAE8FF"><input name="emailaddress" type="text" id="emailaddress" /></td>  

            </tr>  

            <tr>  

              <td bordercolor="#DAE8FF" bgcolor="#DAE8FF">&nbsp;</td>  

              <td bordercolor="#DAE8FF" bgcolor="#DAE8FF">&nbsp;</td>  

              <td bordercolor="#DAE8FF" bgcolor="#DAE8FF"><input type="submit" name="action" id="action" value="Reset Password" /></td>  

            </tr>  

          </table>  

      </td>  

    </form>  

  </tr>  

</table></p>

NogDog

You need to assign the return value from your function to something, e.g. a variable:

$password = generatePassword(8);

(That may not be the only problem, but it's the first thing I noticed.)

PS: Any command after a "return" in a function definition will not be executed, thus no output from the echo "hello"; if you put it after the return.

steveDD

I have the following error messages;

line 35 Undefined index: action
line 70 Undefined variable: err in

what does the (8) refer to in your example above is this the location of the password in the DB?

Steve

cahva

steveDD;10884081 wrote:
I have the following error messages;

line 35 Undefined index: action
line 70 Undefined variable: err in

Undefined index:
This means $POST['action']. It will give you notice if form is not submitted and $POST['action'] is not set. The correct way to check post variables that you dont know if they still exist:

if (isset($_POST['action'])) {
    if ($_POST['action'] == 'Reset Password') {
        // Do your thang
    }
}

steveDD;10884081 wrote:
what does the (8) refer to in your example above is this the location of the password in the DB?

Well you use it yourself so you should know 🙂
The function is:

function generatePassword ($length)

So 8 is the length of the password that will be returned. It has nothing to do with DB. Its just a function to give you random password.

steveDD

Line 72 Notice: Undefined variable: err

 <?php if (strlen($err)>0) {?> [code=php]

Still doing nothing when I submit but could this be the reason?

jib0

You have to instantiate the $err variable before using it.

$err = '';
if ($_POST['action']=="Reset Password") {
...

Because when there is no error $err doesn't exists and so you can't use it in

if (strlen($err) > 0)

Another posibility is to replace the previous line by

if (isset($err))

Also notice that it's not very secured to store your passwords without "salting" them. It's better to do

md5($salt.$password)

instead of

md5($password)

steveDD

right I have replaced the line as you suggest above. Now it doesn't show any errors adn the email address just disappears. Even if I enter a invalid address no message is displayed.