Page 1 of 1

Lost password code

Posted: Wed Apr 11, 2007 3:04 pm
by enemeth
Hi there ,

i got a code here to send a new password to my users if they forget there password!

it is as follows:

Code: Select all

<? 
include 'db.php';
switch($_POST['recover']){ 
    default: 
    include 'lostpsw.php'; 
    break;
 case "recover": 
$email_address=$_POST['email_address'];
    recover_pw($email_address); 
    break;
} 
function recover_pw($email_address){ 
    if(!$email_address){ 
        echo "You forgot to enter your Email address"; 
        include 'lostpsw.php'; 
        exit(); 
    } 
    // quick check to see if record exists     
    $sql_check = mysql_query("SELECT * FROM users WHERE email_address='$email_address'"); 
    $sql_check_num = mysql_num_rows($sql_check); 
    if($sql_check_num == 0){ 
        echo "No records found matching your email address<br />"; 
        include 'lostpsw.php'; 
        exit(); 
    } 
    // Everything looks ok, generate password, update it and send it!
    function makeRandomPassword() { 
          $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
          srand((double)microtime()*1000000);  
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
                $i++; 
          } 
          return $pass; 
    }
    $random_password = makeRandomPassword();
    $db_password = md5($random_password);
    $sql = mysql_query("UPDATE users SET password='$db_password' 
                WHERE email_address='$email_address'");
    $subject = "Your Password at The Truth Discovered!"; 
    $message = "Hi, we have reset your password.
    New Password: $random_password 
    http://www.thetruthdiscovered.com/login.php 
    Thanks! 
    The Webmaster 
    This is an automated response, please do not reply!"; 
    mail($email_address, $subject, $message, "From: The Truth Discovered Webmaster< admin@mydomain.com>\n 
        X-Mailer: PHP/" . phpversion()); 
    echo "Your password has been sent! Please check your email!<br />"; 
    include 'login.php'; 
} 
?>
the form as follows:

Code: Select all

<?php include 'header.php'; ?>
<center>
<p align="center"><font face="Calligraphic" size="5" font color="white">New Password Request</font></p>
<form action="lost_pw.php" method="post"> 
<font face="Calligraphic" font color='white' size="4"> Email Address:<font color='white'>*</font>
<input type=text name='email_address' size=30><br><br><br>
<input type="submit" value="Get Password" name="recover"> 
</form>
</center>
<br><br>
<?php include 'footer.php'; ?>
I cant seem to figure it out , when i enter an email address in the field, hit the get password button, and it flashes, and stays on the page, never gives an error , never emails a password , does anyone see the problem ?

Elaine ,

Thank you :)

Posted: Wed Apr 11, 2007 3:26 pm
by feyd
Your switch is looking at the value given for $_POST['recover'] which is 'Get Password' thereby including 'lostpsw.php'

Posted: Wed Apr 11, 2007 3:29 pm
by enemeth
so what should it be ? email_address?

Elaine

Posted: Wed Apr 11, 2007 3:39 pm
by feyd
Well, lets break it down. You essentially have:

Code: Select all

switch($foo)
{
  default:
    echo 'in default';
  break;

  case 'asdf':
    echo 'in asdf';
  break;

  case 'floob':
    echo 'in floob';
  break;
}
If $foo is "I don't exist" you'll get "in default." If $foo is "asdf" you'll get "in asdf."

Posted: Wed Apr 11, 2007 7:04 pm
by enemeth
i tried but it just doesnt seem to work , it just flashes and stays put , im very confused with the $foo thing ,

now i have :

Code: Select all

<? 
include 'db.php';
switch($_POST['recover']){ 
    case "recover":
{ 
    recover_pw($_POST['email_address']); 
    break;
} 
    default:
{ 
    include 'lostpsw.php'; 
    break;
}

} 
function recover_pw($email_address){ 
    if(!$email_address){ 
        echo "You forgot to enter your Email address"; 
        include 'lostpsw.php'; 
        exit(); 
    } 
    // quick check to see if record exists     
    $sql_check = mysql_query("SELECT * FROM users WHERE email_address='$email_address'"); 
    $sql_check_num = mysql_num_rows($sql_check); 
    if($sql_check_num == 0){ 
        echo "No records found matching your email address<br />"; 
        include 'lostpsw.php'; 
        exit(); 
    } 
    // Everything looks ok, generate password, update it and send it!
    function makeRandomPassword() { 
          $salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
          srand((double)microtime()*1000000);  
          $i = 0; 
          while ($i <= 7) { 
                $num = rand() % 33; 
                $tmp = substr($salt, $num, 1); 
                $pass = $pass . $tmp; 
                $i++; 
          } 
          return $pass; 
    }
    $random_password = makeRandomPassword();
    $db_password = md5($random_password);
    $sql = mysql_query("UPDATE users SET password='$db_password' 
                WHERE email_address='$email_address'");
    $subject = "Your Password at The Truth Discovered!"; 
    $message = "Hi, we have reset your password.
    New Password: $random_password 
    http://www.thetruthdiscovered.com/login.php 
    Thanks! 
    The Webmaster 
    This is an automated response, please do not reply!"; 
    mail($email_address, $subject, $message, "From: The Truth Discovered Webmaster< admin@mydomain.com>\n 
        X-Mailer: PHP/" . phpversion()); 
    echo "Your password has been sent! Please check your email!<br />"; 
    include 'login.php'; 
} 
?>
form as follows:

Code: Select all

<? include 'header.php'; ?>
<center>
<p align="center"><font face="Calligraphic" size="5" font color="white">New Password Request</font></p>
<form action="lost_pw.php" method="post"> 
<font face="Calligraphic" font color='white' size="4"> Email Address:<font color='white'>*</font>
<input type=text name='email_address' size=30><br><br>
<input type="submit" value="Get Password" name="submit"> 
</form>
</center>
<? include 'footer.php'; ?>
i just cant see what is wrong , anyone ?

Elaine

Posted: Wed Apr 11, 2007 10:38 pm
by aaronhall
You added curly brackets after the case statements (switch doesn't require them). Also, it doesn't look like $_POST['recover'] is being set in your form.

Posted: Thu Apr 12, 2007 6:59 am
by feyd
$foo is merely used as an example variable. It could be $_POST['something'] or $_GET['nothing'] or even $myVar.

Posted: Thu Apr 12, 2007 7:40 am
by enemeth
got it working !

the recover wasnt on the form page, entered it and it all works fine now !

Thanks

Elaine