daryll1 0 Light Poster

Hi I'm writing a piece of code to update a users password when they have forgotten it, but, for some reason I cannot seem to get it to work. It is always echoing out that the secret answer is wrong. It's probably something stupid that I have looked over, if someone could take a look for me that would be amazing.
Cheers, Daryll.

<?php ob_start();
include('header.php'); ?>
<h1> Password Reset </h1>
<p> Please enter the details below to reset your password </p>

<?php
if ( isset($_POST['submitted']) ) {
$uname = $_REQUEST['uname'];
echo "<br><p>Username: ".$uname."</p>";
$data1 = "SELECT * FROM user_info WHERE uname='".$uname."'";
$result1 = mysql_query($data1) or die(mysql_error());
$row=mysql_fetch_array($result1);
$ques = $row['sec_question'];
$ans = $row['sec_answer'];
echo $ans;
echo "<p>".$ques."?</p>";
print "<form action=";
echo $_SERVER['PHP_SELF']; 
print ' method=post>
<br><table id="tab1">
<tr><td>Answer: <input type=text size=50 name=sec_ans></td></tr>
<tr><td>New pass: <input type=text size=50 name=pass1></td>
<td><input type=submit value="Reset Password"></td></tr></table>
<input type=hidden name=submittedlol>';}

elseif ( isset($_POST['submittedlol']) ) {
	$ans1 = $_REQUEST['sec_ans'];
	if ($ans1 == $ans) {
		$password = sha1($_REQUEST['pass1']);
		$asd = "UPDATE user_info SET pass='".$password."' WHERE uname='".$uname."'";
			    mysql_query($asd) or die('Could not connect: ' . mysql_error());
		echo "<p>Password updated successfully!</p>";
	}
	elseif ($ans1 != $ans) { echo "<p>Sorry your answer was wrong!</p>";
	echo $_REQUEST['ans'];}
}
		

else {
print "<form action=";
echo $_SERVER['PHP_SELF']; 
print ' method=post>
<br><table id="tab1">
<tr>
<td><input type=text size=7 name=uname value="Username" onblur="if(this.value.length == 0) this.value=\'Username\';" onclick="if(this.value == \'Username\') this.value=\'\';" ></td>
<td><input type=submit value=Go></td></tr></table>
<input type=hidden name=submitted>';
}




include('footer.html'); 
ob_flush();
?>

I managed to fix this, a silly mistake, I wasn't pulling the sec_ans out of the database to check against the input answer.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.