Recovered Passwords do not update in database

Question

MrXortex 0 Light Poster

11 Years Ago

Hello.

I created a little recover page. Users write the email and a random password is sent to them. The random password is successfully send in their emails but when they login with the new password it doesn't login. I think the new password does not updates in my database. How do I fix this issue?

Heres the code:

if(isset($_POST['submit']) && $inLoggad == false){

    //storing the posted info in variables // anvandare or anvandarnamn means 'users' in swedish.

    $email = mysql_real_escape_string($_POST['email']);

    $exist = mysql_fetch_array( mysql_query("SELECT * FROM anvandare WHERE email='$email' LIMIT 1") );

    if($exist['email'] == $email){

        //creating a new generated password for the user, if the user has forgotten
        $newPwd = genPassword();
        $newHashPwd = md5($newPwd);

        //send the new generated password via email of the user
        $message = "Hello " . $exist['anvandarnamn'] . ". Your new password is: " . $newPwd;
        $mailheader = "From: mySite";   
        $mailheader .= "Reply-To: noreply@noreply.com";   
        $mailheader .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
        mail($exist['email'],  "mySite - Your new password has arrived!", $message, $mailheader) or die($fail = true); 

        //Updating the new password in the dB
        if($fail != true){
            mysql_query("UPDATE anvandare SET password='$newHashPwd' WHERE email='$email' ");
        }
    }else {
        $showErrors = true;
    }


}
elseif($inLoggad == true) {
    print '<script>window.location = "index.php"</script>';
}

?>

Thank you.

mysql

3 Contributors
6 Replies
217 Views
2 Days Discussion Span
Latest Post 11 Years Ago Latest Post by paulkd

paulkd 59 Newbie Poster

11 Years Ago

Have you confirmed the problem by using the process for your own "test" account?

paulkd 59 Newbie Poster

11 Years Ago

I'll get back to you soon. Just busy with other commitments.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

MrXortex 0 Light Poster · Answer 1 · 2013-08-02T10:21:41+00:00

MrXortex 0 Light Poster

11 Years Ago

Yes.

MrXortex 0 Light Poster · Answer 2 · 2013-08-02T12:52:11+00:00

MrXortex 0 Light Poster

11 Years Ago

Anyone? come on?

iamthwee · Answer 3 · 2013-08-02T15:48:27+00:00

Debug it...

Try just running this statement:

mysql_query("UPDATE anvandare SET password='$newHashPwd' WHERE email='$email' ");

If that passes something before is stopping it from working. Just gotta figure out step by step what it is.

paulkd 59 Newbie Poster · Answer 4 · 2013-08-02T21:05:14+00:00

Here's my simplified method. Note: I would personally do more validation of the post['email'].

No need to LIMIT 1 - email should be unique.
No need to confirm email before, simply update.

$query = sprintf("
    update anvandare
    set password = '%s'
    where email = '%s'
    ",
    mysql_real_escape_string($newHashPwd),
    mysql_real_escape_string($post['email'])
);

$rs = mysql_query($query);
$rowsUpdated = mysql_affected_rows();

if ($rowsUpdated==1) {
    //send your email
} else {
    //log the failure and/or check if email is valid
    //be aware if the newHashPwd value is the same as existing password rowsUpdated will equal 0
}