I have having a problem with a script I have wrote for resetting a members password
Basically it checks to make sure the user has entered all the fields in the reset form, then it checks that the email they have entered is the same one they login with, then it checks to make sure the new passwords match and finally updates the password in the table.
However when the script is run I always get the error message 'The email address you entered does not correspond to your account'
This is my form
<table name="reset">
<form name="password" action="reset.php" method="post">
<tr><td>email:</td><td><input type="text" name="email" value="current@email.com"/></td></tr>
<tr><td>password:</td><td><input type="password" name="new_password"/></td></tr>
<tr><td>Repeat your new password:</td><td><input type="password" name="confirm_password"/></td></tr>
<tr><td><input type="submit" name="submit" value="Reset"</td></tr>
</form>
</table>
the php script is
if (isset($_POST['submit'])) {
if(!$_POST['email'] | !$_POST['new_password'] | !$_POST['confirm_password']) {//makes sure the user has filled the form in
die('You did not fill in a required field.');
}
$emailCheck = "SELECT COUNT(*) as rowcount FROM users WHERE email = '".$_POST['email']."' AND id = '" . $SESSION['user_id'] . "'";//gives error if user doesnt exsist
$checkResults = mysql_query($emailCheck);
$checkCount = mysql_fetch_assoc($checkResults);
if ($checkCount['rowcount'] == 0) {
die('The email address you entered does not correspond to your account</a>');
}
if ($_POST['new_password'] != $_POST['confirm_password']) {
die('Your passwords did not match. ');//makes sure both passwords match
}
$_POST['new_password'] = md5($_POST['new_password']);
if (!get_magic_quotes_gpc()) {
$_POST['new_password'] = addslashes($_POST['new_password']);
}
else {
$reset_password_sql = "UPDATE users SET password = '$_POST[new_password]' WHERE id = '" . $SESSION['user_id'] . "'";
mysql_query($reset_password_sql) or die (mysql_error());
echo "Your password has been updated";
}
}
Can anyone notice an error where it checks the email against the user id?