I wasn’t sure how to search for the issue I’m experiencing.
The code works properly to produce a randomly generated, encrypted password, but the password does not work when submitting the HTML form. I verified the password through the SQL query to make sure it was valid and it was.
In response to the user below, here’s the query I used:
SELECT * FROM users WHERE email='test@test.com' AND password=MD5('03884d917f');
03884d917f is the password that was generated. I queried the test@test.com account correctly with it.
To be more concise: the generated password changes properly in MySQL, but when submitted on the front-end I can’t log in using it.
I don’t think any additional code is required, the only bit that would be of use is config.php which only deals in connecting the database and establishing variables for the mail functions.
2 down-votes without actual input on how I could change the post to accomodate people. I tried to narrow down my problem, I’m not sure how else to explain it. Anyone want to respond with something of substance?
PHP:
<?php
require_once('config.php');
mysql_select_db($database,$dbhandle);
include_once('includes/header.inc.php');
include_once('includes/navigation.inc.php');
if (isset($_POST['submit']))
{
$email = $_POST['remail'];
$pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
if (!preg_match($pattern, trim($email))) {
$error[] = 'Please enter a valid email address';
}
$check = mysql_query("SELECT email FROM users WHERE email = '$email'")or
die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$error[] = 'Sorry, we cannot find your account details please try another email address.';
}
if (!$error) {
$query = mysql_query("SELECT email FROM users WHERE email = '$email' ")or die (mysql_error());
$r = mysql_fetch_object($query);
$password = substr(uniqid(rand(),1),3,10);
$pass = md5($password); //encrypted version for database entry
$to = "$email";
$subject = "Account Details Recovery";
$body = "Hi $r->email, \n\n you or someone else have requested your account details. \n\n Here is your account information please keep this as you may need this at a later stage. \n\nYour email is $r->email \n\n your password is $password \n\n Your password has been reset please login and change your password to something more rememberable.\n\n Regards Site Admin";
$additionalheaders = "From: admin@cenz.cz";
$additionalheaders .= "Reply-To: admin@cenz.cz";
mail($to, $subject, $body, $additionalheaders);
//update database
$sql = mysql_query("UPDATE users SET password='$pass' WHERE email = '$email'")or die (mysql_error());
$rsent = true;
}
}
if (!empty($error))
{
$i = 0;
while ($i < count($error)){
echo "<div class=\"msg-error\">".$error[$i]."</div>";
$i ++;}
}
if ($rsent == true){
echo "<p align='center'>You have been sent an email with your account details to $email</p>\n";
} else {
echo "<h2>Reset Password</h2><p align='center'>Please enter your e-mail address. You will receive a new password via e-mail.</p>\n";
}
?>
<form class="box login" action="" method="post">
<fieldset class="boxBody">
<label for="remail">Email Address: </label>
<input type="text" name="remail" size="50" maxlength="255" tabindex="1" />
</fieldset>
<footer>
<input type="submit" name="submit" value="Reset Password" class="btnLogin" tabindex="2">
</footer>
</form>
<?php include_once('includes/footer.inc.php'); ?>
md5() generates the hash according to the character encoding.
If table encoding is utf-8, for example, encode it like this: