0

Hello.

I created a little recover page. Users write the email and a random password is sent to them. The random password is successfully send in their emails but when they login with the new password it doesn't login. I think the new password does not updates in my database. How do I fix this issue?

Heres the code:

if(isset($_POST['submit']) && $inLoggad == false){

    //storing the posted info in variables // anvandare or anvandarnamn means 'users' in swedish.

    $email = mysql_real_escape_string($_POST['email']);

    $exist = mysql_fetch_array( mysql_query("SELECT * FROM anvandare WHERE email='$email' LIMIT 1") );

    if($exist['email'] == $email){

        //creating a new generated password for the user, if the user has forgotten
        $newPwd = genPassword();
        $newHashPwd = md5($newPwd);

        //send the new generated password via email of the user
        $message = "Hello " . $exist['anvandarnamn'] . ". Your new password is: " . $newPwd;
        $mailheader = "From: mySite";   
        $mailheader .= "Reply-To: noreply@noreply.com";   
        $mailheader .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
        mail($exist['email'],  "mySite - Your new password has arrived!", $message, $mailheader) or die($fail = true); 

        //Updating the new password in the dB
        if($fail != true){
            mysql_query("UPDATE anvandare SET password='$newHashPwd' WHERE email='$email' ");
        }
    }else {
        $showErrors = true;
    }


}
elseif($inLoggad == true) {
    print '<script>window.location = "index.php"</script>';
}

?>

Thank you.

3
Contributors
6
Replies
28
Views
4 Years
Discussion Span
Last Post by paulkd
0

Debug it...

Try just running this statement:

mysql_query("UPDATE anvandare SET password='$newHashPwd' WHERE email='$email' ");

If that passes something before is stopping it from working. Just gotta figure out step by step what it is.

0

Here's my simplified method. Note: I would personally do more validation of the post['email'].

No need to LIMIT 1 - email should be unique.
No need to confirm email before, simply update.

$query = sprintf("
    update anvandare
    set password = '%s'
    where email = '%s'
    ",
    mysql_real_escape_string($newHashPwd),
    mysql_real_escape_string($post['email'])
);

$rs = mysql_query($query);
$rowsUpdated = mysql_affected_rows();

if ($rowsUpdated==1) {
    //send your email
} else {
    //log the failure and/or check if email is valid
    //be aware if the newHashPwd value is the same as existing password rowsUpdated will equal 0
}
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.