Hi I am trying to write a password reset script. An email with a link is sent to the user, and then if the username and a 32 character string in the link match the info in the database they can change the password for that account. Here is what I've got so far:
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
if (isset($_GET['x'])) {
$x = $_GET['x'];
} else {
$x = 0;
}
if (isset($_GET['y'])) {
$y = $_GET['y'];
} else {
$y = 0;
}
if (strlen($y) > 0) {
echo '<form action="reset.php" method="post">
<p><input type="password" name="password1" size="30" maxlength="40" />Password</p>
<p><input type="password" name="password2" size="30" maxlength="40" />Confirm Password</p>
<p><input type="submit" name="submit" value="Reset" /></p>
</form>';
}
else {
echo 'Link not valid!';
}
if (isset($_POST['password1']) && isset($_POST['password2'])) {
if ($_POST['password1']=$_POST['password2']) {
$realp = $_POST['password1'];
$link = mysql_connect('', '', '');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db();
$query = "UPDATE users SET password=$realp WHERE (username='" . $x . "' AND password='" . $y . "') LIMIT 1";
$result = mysql_query($query);
if (mysql_affected_rows() == 1) {
echo 'Your password has been changed. You may now <a href=\"http://example.com/login.php\">log in</a>.';
} else {
echo 'Your password could not be changed. Please re-check the link or contact the system administrator.';
}
}
}
?>
When I test it it says the password could not be changed...
Thanks for any help
Gilgil