password recovery

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dsusa
Forum Newbie
Posts: 3
Joined: Tue Aug 05, 2003 1:11 am

password recovery

Post by dsusa »

I can't get this code to run:

Code: Select all

<? 
include 'db.php'; 

switch($_POST&#1111;'recover'])&#123; 
   default: 
   include 'lost_pw.html'; 
   break; 
    
   case "recover": 
   recover_pw($_POST&#1111;'email_address']); 
   break; 
&#125; 
function recover_pw($email_address)&#123; 
   if(!$email_address)&#123; 
      echo "You forgot to enter your Email address <strong>Knucklehead</strong><br />"; 
      include 'lost_pw.php'; 
      exit(); 
   &#125; 
   // quick check to see if record exists    
   $sql_check = mysql_query("SELECT * FROM $table_name WHERE email_address='$email_address'"); 
   $sql_check_num = mysql_num_rows($sql_check); 
   if($sql_check_num = '0')&#123; 
      echo "No records found matching your email address<br />"; 
      include 'lost_pw.php'; 
      exit(); 
   &#125; 
   // Everything looks ok, generate password, update it and send it! 
    
   function makeRandomPassword() &#123; 
        $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
        srand((double)microtime()*1000000); 
        $i = 0; 
        while ($i <= 7) &#123; 
             $num = rand() % 33; 
             $tmp = substr($salt, $num, 1); 
             $pass = $pass . $tmp; 
             $i++; 
        &#125; 
        return $pass; 
   &#125; 

   $random_password = makeRandomPassword(); 

   $db_password = md5($random_password); 
    
   $sql = mysql_query("UPDATE $table_name SET password='$db_password' WHERE email_address='$email_address'"); 
    
   $subject = "Your Password at AlternativeContainer.com!"; 
   $message = "Hi, we have reset your password. 
    
   New Password: $random_password 
    
   http://www.transienttomorrow.com/alt_cont/login_form.php 
    
   Thanks! 
   The Webmaster 
    
   This is an automated response, please do not reply!"; 
    
   mail($email_address, $subject, $message, "From: The Webmaster<admin@transienttomorrow.com>\nX-Mailer: PHP/" . phpversion()); 
   echo "Your password has been sent! Please check your email!<br />"; 
   include 'login_form.html'; 
&#125; 
?>
I'm getting this error message:

Code: Select all

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /usr/local/4admin/apache/vhosts/****.com/httpdocs/test1/ie_htm/lostpw.php on line 21
The error lies here somewhere:

Code: Select all

$sql_check = mysql_query("SELECT * FROM $table_name WHERE email_address='$email_address'"); 
   $sql_check_num = mysql_num_rows($sql_check); 
   if($sql_check_num == 0)&#123; 
      echo "No records found matching your email address<br />"; 
      include 'lost_pw.php'; 
      exit(); 
   &#125;
And the database is not getting updated too!

Code: Select all

$sql = mysql_query("UPDATE $table_name SET password='$db_password' WHERE email_address='$email_address'");
But the email get sent... I tried a hundred times... what is wrong?
Telos
Forum Commoner
Posts: 37
Joined: Sat Aug 02, 2003 9:03 am
Location: Finland

Post by Telos »

by fast look I think you need ' chars around the $table_name but I'm not sure
dsusa
Forum Newbie
Posts: 3
Joined: Tue Aug 05, 2003 1:11 am

Post by dsusa »

I tried that and there is the same error. The problem lies in the mysql_query but I don't know why?
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

becasue you use '' around e-mail address?? you might be either giving the WRONG feildname, or $email_address instead of the e-mail address
c2497
Forum Newbie
Posts: 10
Joined: Wed Aug 06, 2003 8:18 pm

Post by c2497 »

I agree with m3rajk. Try removing the single quotes around $email_address.
rterrar
Forum Newbie
Posts: 8
Joined: Wed Aug 06, 2003 12:32 am

MySQL Connection

Post by rterrar »

A couple of things, mysql_query requires a valid mysql connection return id from mysql_connect as one of it's parameters. I don't see anywhere where you are actually connecting to the database first. If you are somewhere else you need to include that id in the mysql_query statement. Also mysql_query returns 0 if successful and non-zero if not. I would check the return to make sure the query was successful before finding out affected_rows.
Post Reply