0

Here is the code of index.php and retreive.php

index.php

<html>
<head>
<title>Forget Password</title>
</head>
<body>
<h1>Forgot Password using php</h1>
<form name="frm" action="" method="post">
<table border="0">

<td>Username</td>
<td><input type="text" name="id" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="btn" value="Login" /></td>
</tr>
<tr>
<td align="right" colspan="2"><a href="retrievepass.php">Forgot password</a></td>
</tr>
</table>
</form>
</body>
</html>

retreive.php
<html>
<head>
<title>Forget Password</title>
</head>
<body>
<h1>Forgot Password using php</h1>
<form name="frm" action="" method="post">
<table border="0">

<td>Username</td>
<td><input type="text" name="id" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="btn" value="Login" /></td>
</tr>
<tr>
<td align="right" colspan="2"><a href="retrievepass.php">Forgot password</a></td>
</tr>
</table>
</form>
</body>
</html>

Edited by diafol: fixed formatting

4
Contributors
8
Replies
34
Views
3 Years
Discussion Span
Last Post by Lsmjudoka
0

Your code for index.php and retrieve.php seems to be the same script. Also the link points to retrievepass.php but you don't have a file by that name listed. If you post the relevant code we can take a look.

0

These here are only the forms, where are the server-side scripts? They are necessary to understand where the problem is, and as urtrivedi told you the action in the forms is missing.

Edited by naui95

0
<?php
session_start();

$conn=mysql_connect('localhost','root','') or die('Mysql not connected');
$database=mysql_select_db('test123',$conn) or die('Database Not connected');

if(isset($_REQUEST['btn-forget'])){  

$user_name=$_POST['email'];
$query1="select * from tbl_user where user_name='$user_name'";
$result1=mysql_query($query1);
$rows1=mysql_num_rows($result1);

if($rows1>=1){
$x=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v",
"w","x","y","z","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T",
"U","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9");

$user_password="";

for($i=0;$i<=8;$i++){
$user_password=$user_password.$x[rand(0,count($x)-1)];
}

$query2="update tbl_user set user_password='$user_password' where user_name='$user_name'";
mysql_query($query2);

$to=$_REQUEST['email'];
$subject="New password";
$message="This is Your New Password is : $user_password";
$from='v.j.n.rao@gmail.com';
$headers = "From: $from";

$result=mail($to,$subject,$message,$from,$headers);

if($result){
$_SESSION['msg']="Your password has been sent to your email";
}

}
else{
$_SESSION['msg']="Your Email ID does not exist our database";
}
}
?>
<html>
<head>
<title>Forget Password</title>
</head>
<body>
<form name="frm" action="" method="post">
<table width="362" border="0">
<tr>
<td align="center" colspan="2">
<?php if(isset($_SESSION['msg'])) {
echo "<font color='green' size='+1'>".$_SESSION['msg']."</font>"; 
unset($_SESSION['msg']);
}
?>
</td></tr>
<tr>
<td align="center" colspan="2">Please Enter a valid email address to recieve your password­</td>
</tr>
<tr><td height="24" colspan="2" align="center">&nbsp;</td>
</tr>
<tr>
<td>Email Address</td>
<td><input type="text" name="email"  style="width:200px;" /></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="btn-forget" value="Submit" /></td></tr>
</table>
</form>
</body>
</html>

Edited by narasimha9: new code

0
  • The action field in the form tag must be filled in,
  • And I think that a better way to write the autogenerated password is to write it so (i think these is y your $user_password is empty)

    for($i=0;$i<=8;$i++){
    $user_password .= $x[rand(0,count($x)-1)];
    }

Try this and let us know!

0

I already had the line

$user_password .= $x[rand(0,count($x)-1)];

This is my code

$user_password="";
for($i=0;$i<=8;$i++){
$user_password=$user_password.$x[rand(0,count($x)-1)];
}

I feel is there any wrong with to,message,subject and from

Edited by narasimha9: new line

0

Now I'm not sure i got your problem, the email is sent without the password or the email is not sending?

Anyway there is an other error in the php mail, your code is

$result=mail($to,$subject,$message,$from,$headers);

it should be

$result=mail($to,$subject,$message,$headers);

because the from is already into the header! (PHP mail function reference http://php.net/manual/en/function.mail.php)

And anyway I think that a better way to write your password generator is to take away the $user_password from after the equal and put a dot beforethe equal, like this

$user_password .= $x[rand(0,count($x)-1)];

Edited by naui95: added missing part

0

naui95 is correct about the parameter difference, if fixing that doesn't solve it then I would echo out the to, subject, message, and headers right before they are used in the function call to see what the actual values are at run-time.

Also I really need to point this out:

9.  $user_name=$_POST['email'];
10. $query1="select * from tbl_user where user_name='$user_name'";

You NEVER want to use data from an HTML form directly in an SQL query. This opens you up to SQL injection. Regardless of whether this is just a test project or not, you need to drill the habit into your head that HTML form data needs to be sanitized before usage in a query. use mysql_real_escape_string() on strings, use is_numeric() to validate number input.

Edited by Lsmjudoka

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.