For some reason I can only get this to half work: I am trying to create an URL with cantain the user email and temp. password so that it autofills in the form. The email autofills without problem, the password won't . I have tried isolating it (.com/changepw.php?member_password=xxxxxxxxx) but that doesn't work either.
Any ideas?
Here is my form code
<form onsubmit="return checkPw(this)" name="changepw" method="post" action="changepwprocess.php">
<table class="innertable" width="416" border="0">
<tr>
<td width="197" height="34" class="right">Enter Email: </td>
<td width="209">
<input type="text" name="member_email" value="<?php if(!empty($_GET['member_email'])) echo $_GET['member_email']; ?>" id="email" />
</td>
</tr>
<tr>
<td width="197" height="34" class="right">Enter Current Password: </td>
<td width="209"><input type="text" value=" " name="member_password" id="oldpw" /></td>
</tr>
<tr>
<td height="38" class="right">Enter New Password:</td>
<td><input type="password" name="newpw1" id="newpw1" /></td>
</tr>
<tr>
<td height="31" class="right">Confirm New Password:
</td>
<td><input type="password" name="newpw2" id="newpw2" /></td>
</tr>
<tr>
<td class="center">
<input type="submit" name="submit" id="submit" value="Submit" />
</td>
<td class="center">
<input type="reset" name="reset" id="reset" value="Reset" />
</td>
</tr>
</table>
</form>
Here is my code for creating the URL and email
<?php
require_once('connect.php');
// Ensure fields are filled out.
if (isset($_POST['submit'])) {
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
or die('Error connecting to MySQL server');
$member_email = mysqli_real_escape_string($dbc, trim($_POST['member_email']));
$output_form = 'no';
if (empty($member_email)) {
/* We know $member_name is blank*/
echo '<h2><font color="red">Oops! You forgot to input your email!</font></h2><br />';
$output_form = 'yes';
}
} else {
$output_form = 'yes';
}
if (!empty($member_email)) {
$query = "SELECT member_email FROM whitealbumreg.members WHERE member_email = '$_POST[member_email]'";
$result = mysqli_query($dbc, $query);
$num_rows = mysqli_num_rows($result);
if ($num_rows == 1) {
function randompassword($len)
{
$pass = '';
$lchar = 0;
$char = 0;
for($i = 0; $i < $len; $i++)
{
while($char == $lchar)
{
$char = rand(48, 109);
if($char > 57) $char += 7;
if($char > 90) $char += 6;
}
$pass .= chr($char);
$lchar = $char;
}
return $pass;
}
$active_code=randompassword(12);
$query2 = "UPDATE members SET member_password=SHA1('$active_code') WHERE member_email = '$_POST[member_email]' LIMIT 1";
mysqli_query($dbc, $query2)
or die('Error querying database.');
//define the receiver of the email
$to = $member_email;
//define the subject of the email
$subject = 'From The White Album Registry';
//define the message to be sent. Each line should be separated with \n
$message = "Your new password is $active_code\n" . "Please cut and paste it into the appropriate field after clicking the link below.\n" . "http://www.whitealbumregistry.com/changepw.php?member_email=" . urlencode($member_email) . "&member_password=" . urlencode($active_code);
//define the headers we want passed. Note that they are separated with \r\n
$headers = "From: admin@whitealbumregistry\r\nReply-To: noreply@whitealbumregistry.com";
//send the email
$sent = mail( $to, $subject, $message, $headers );
if ($sent) {
echo ('<br /><h2 style = "border: 1px solid #ACDE89; margin: 0 auto; padding: 10px; font-size: 18px; width: 500px;">You should receive an email shortly with your new password. Simply click the link and follow the instructions. Thank you for your continued interest in the White Album Registry. If you have any other questions or problems, please use the "Contact Us" link on the website.</h2><br />');
}
$output_form = 'yes';
} else {
if ($num_rows < 1){
echo ('<h3><font color="red">It looks like your email address isn\'t in our database. Please try another email address.</font></h3>');
$output_form = 'yes';
}
}
}
?>
