Start New Discussion within our Web Development Community


I have a working account generator, which passes the password to mysql with MD5.

I am currently working on a forgot password script, which generates a new password and stores as md5, then emails the user, however, the new password is not recognised.

This is the forgot script. Can anybody see where the issue lies?

If required i can post the login execution script

session_start();  // Start Session
include 'connect.php';
// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables  
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {
<h2>Recover a forgotten password!</h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <p class="style3"><label for="email_address">Email:</label>
    <input type="text" title="Please enter your email address" name="email_address" size="30"/></p>
    <p class="style3"><label title="Reset Password">&nbsp</label>
    <input type="submit" value="Submit" class="submit-button"/></p>
elseif (empty($email_address)) {
    echo $empty_fields_message;
else {
$status = "OK";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
$msg="Your email address is not correct<BR>"; 
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  $query="SELECT * FROM members WHERE email = '$email_address'";
$em=$row->email_address;// email is stored to a variable
 if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR><BR><a href=''>Register</a> </center>"; exit;}
function makeRandomPassword() { 
          $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
          return $pass; 
    $random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'"); 
    $subject = "Your password at"; 
    $message = "Hi, we have reset your password. 
    New Password: $random_password 
    Once logged in you can change your password 
    Site admin 
    This is an automated response, please do not reply!"; 
    mail($email_address, $subject, $message, "From: Webmaster<>\n 
        X-Mailer: PHP/" . phpversion()); 
    echo "Your password has been sent! Please check your email!<br />"; 
    echo "<br><br>Click <a href=''>here</a> to login";
 else {echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}

I take it you've tried the usual steps of displaying mysql_error(), using echo to display the results so that you can see the plain new password as well as the md5 password and then comparing that with what is in the database?

$random_password = makeRandomPassword(); 
    $db_password = md5($random_password); 
      echo md5($db_password);
    $sql = mysql_query("UPDATE members SET password='$db_password'  
                WHERE email='$email_address'");
echo $db_password

You will see both Password and please match with database i hope you will get solution .

Please conform that your login working or not with MD5 please...

This article has been dead for over six months. Start a new discussion instead.