Here is the code of index.php and retreive.php

index.php

<html>
<head>
<title>Forget Password</title>
</head>
<body>
<h1>Forgot Password using php</h1>
<form name="frm" action="" method="post">
<table border="0">

<td>Username</td>
<td><input type="text" name="id" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="btn" value="Login" /></td>
</tr>
<tr>
<td align="right" colspan="2"><a href="retrievepass.php">Forgot password</a></td>
</tr>
</table>
</form>
</body>
</html>

retreive.php
<html>
<head>
<title>Forget Password</title>
</head>
<body>
<h1>Forgot Password using php</h1>
<form name="frm" action="" method="post">
<table border="0">

<td>Username</td>
<td><input type="text" name="id" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="btn" value="Login" /></td>
</tr>
<tr>
<td align="right" colspan="2"><a href="retrievepass.php">Forgot password</a></td>
</tr>
</table>
</form>
</body>
</html>

action="" is missing
where is action page which acutally sends mail

Your code for index.php and retrieve.php seems to be the same script. Also the link points to retrievepass.php but you don't have a file by that name listed. If you post the relevant code we can take a look.

These here are only the forms, where are the server-side scripts? They are necessary to understand where the problem is, and as urtrivedi told you the action in the forms is missing.

<?php
session_start();

$conn=mysql_connect('localhost','root','') or die('Mysql not connected');
$database=mysql_select_db('test123',$conn) or die('Database Not connected');

if(isset($_REQUEST['btn-forget'])){  

$user_name=$_POST['email'];
$query1="select * from tbl_user where user_name='$user_name'";
$result1=mysql_query($query1);
$rows1=mysql_num_rows($result1);

if($rows1>=1){
$x=array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v",
"w","x","y","z","A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T",
"U","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9");

$user_password="";

for($i=0;$i<=8;$i++){
$user_password=$user_password.$x[rand(0,count($x)-1)];
}

$query2="update tbl_user set user_password='$user_password' where user_name='$user_name'";
mysql_query($query2);

$to=$_REQUEST['email'];
$subject="New password";
$message="This is Your New Password is : $user_password";
$from='v.j.n.rao@gmail.com';
$headers = "From: $from";

$result=mail($to,$subject,$message,$from,$headers);

if($result){
$_SESSION['msg']="Your password has been sent to your email";
}

}
else{
$_SESSION['msg']="Your Email ID does not exist our database";
}
}
?>
<html>
<head>
<title>Forget Password</title>
</head>
<body>
<form name="frm" action="" method="post">
<table width="362" border="0">
<tr>
<td align="center" colspan="2">
<?php if(isset($_SESSION['msg'])) {
echo "<font color='green' size='+1'>".$_SESSION['msg']."</font>"; 
unset($_SESSION['msg']);
}
?>
</td></tr>
<tr>
<td align="center" colspan="2">Please Enter a valid email address to recieve your password­</td>
</tr>
<tr><td height="24" colspan="2" align="center">&nbsp;</td>
</tr>
<tr>
<td>Email Address</td>
<td><input type="text" name="email"  style="width:200px;" /></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="btn-forget" value="Submit" /></td></tr>
</table>
</form>
</body>
</html>
  • The action field in the form tag must be filled in,
  • And I think that a better way to write the autogenerated password is to write it so (i think these is y your $user_password is empty)

    for($i=0;$i<=8;$i++){
    $user_password .= $x[rand(0,count($x)-1)];
    }

Try this and let us know!

I already had the line

$user_password .= $x[rand(0,count($x)-1)];

This is my code

$user_password="";
for($i=0;$i<=8;$i++){
$user_password=$user_password.$x[rand(0,count($x)-1)];
}

I feel is there any wrong with to,message,subject and from

Now I'm not sure i got your problem, the email is sent without the password or the email is not sending?

Anyway there is an other error in the php mail, your code is

$result=mail($to,$subject,$message,$from,$headers);

it should be

$result=mail($to,$subject,$message,$headers);

because the from is already into the header! (PHP mail function reference http://php.net/manual/en/function.mail.php)

And anyway I think that a better way to write your password generator is to take away the $user_password from after the equal and put a dot beforethe equal, like this

$user_password .= $x[rand(0,count($x)-1)];

naui95 is correct about the parameter difference, if fixing that doesn't solve it then I would echo out the to, subject, message, and headers right before they are used in the function call to see what the actual values are at run-time.

Also I really need to point this out:

9.  $user_name=$_POST['email'];
10. $query1="select * from tbl_user where user_name='$user_name'";

You NEVER want to use data from an HTML form directly in an SQL query. This opens you up to SQL injection. Regardless of whether this is just a test project or not, you need to drill the habit into your head that HTML form data needs to be sanitized before usage in a query. use mysql_real_escape_string() on strings, use is_numeric() to validate number input.