Hi, sorry it’s me again :-[
(Sorry for bad english)
So, i’ve learned quite a bit about PhP, but my code is not working very well…
I was helped by somebody else but i couldn’t finish the work as i see
Actually, it’s working quite good : you enter your e-mail, you got the code, you change the password…
But the password change to another one, not the same that i set. I just can’t connect anymore (with my old and new password).
I tried to put some text for you to not get lost, as it’s in french
[php]<?php
/* Connecting to DDB */
session_start();
require_once(‘connect.php’);
$bdd = CENSORED (connection to DDB)
if(isset($_GET[‘section’])) {
$section = htmlspecialchars($_GET[‘section’]);
} else {
$section = “”;
}
/* Verifying and sending e-mail (email not working yet) */
if(isset($_POST[‘recup_submit’],$_POST[‘recup_mail’])) {
if(!empty($_POST[‘recup_mail’])) {
$recup_mail = htmlspecialchars($_POST[‘recup_mail’]);
if(filter_var($recup_mail,FILTER_VALIDATE_EMAIL)) {
$mailexist = $bdd->prepare(‘SELECT id,username FROM users WHERE mail = ?’);
$mailexist->execute(array($recup_mail));
$mailexist_count = $mailexist->rowCount();
if($mailexist_count == 1) {
$username = $mailexist->fetch();
$username = $username[‘username’];
$_SESSION['recup_mail'] = $recup_mail;
$recup_code = "";
for($i=0; $i < 8; $i++) {
$recup_code .= mt_rand(0,9);
}
$mail_recup_exist = $bdd->prepare('SELECT id FROM recuperation WHERE mail = ?');
$mail_recup_exist->execute(array($recup_mail));
$mail_recup_exist = $mail_recup_exist->rowCount();
if($mail_recup_exist == 1) {
$recup_insert = $bdd->prepare('UPDATE recuperation SET code = ? WHERE mail = ?');
$recup_insert->execute(array($recup_code,$recup_mail));
} else {
$recup_insert = $bdd->prepare('INSERT INTO recuperation(mail,code) VALUES (?, ?)');
$recup_insert->execute(array($recup_mail,$recup_code));
}
$header="MIME-Version: 1.0\r\n";
$header.='From:"mreleyox"<[email protected]>'."\n";
$header.='Content-Type:text/html; charset="utf-8"'."\n";
$header.='Content-Transfer-Encoding: 8bit';
$message = '
<html>
<head>
<title>Récupération de mot de passe - OPNC</title>
<meta charset="utf-8" />
</head>
<body>
<font color="#303030";>
<div align="center">
<table width="600px">
<tr>
<td>
<div align="center">Bonjour <b>'.$username.'</b>,</div>
Voici votre code de récupération: <b>'.$recup_code.'</b>
A bientôt !
</td>
</tr>
<tr>
<td align="center">
<font size="2">
Ceci est un email automatique, merci de ne pas y répondre
</font>
</td>
</tr>
</table>
</div>
</font>
</body>
</html>
';
mail($recup_mail, "Récupération de mot de passe - OPNC", $message, $header);
header("Location:recuperation.php?section=code");
} else {
$error = "Cette adresse mail n'est pas enregistrée";
}
} else {
$error = "Adresse mail invalide";
}
} else {
$error = “Veuillez entrer votre adresse mail”;
}
}
/* The user get a code by email, he need it to get to the password reset. /
if(isset($_POST[‘verif_submit’],$_POST[‘verif_code’])) {
if(!empty($_POST[‘verif_code’])) {
$verif_code = htmlspecialchars($_POST[‘verif_code’]);
$verif_req = $bdd->prepare(‘SELECT id FROM recuperation WHERE mail = ? AND code = ?’);
$verif_req->execute(array($_SESSION[‘recup_mail’],$verif_code));
$verif_req = $verif_req->rowCount();
if($verif_req == 1) {
$up_req = $bdd->prepare(‘UPDATE recuperation SET confirme = 1 WHERE mail = ?’);
$up_req->execute(array($_SESSION[‘recup_mail’]));
header(‘Location:recuperation.php?section=changemdp’);
} else {
$error = “Code invalide”;
}
} else {
$error = “Veuillez entrer votre code de confirmation”;
}
}
/ There, the user is supposed to enter his new password. */
if(isset($_POST[‘change_submit’])) {
if(isset($_POST[‘change_mdp’],$_POST[‘change_mdpc’])) {
$verif_confirme = $bdd->prepare(‘SELECT confirme FROM recuperation WHERE mail = ?’);
$verif_confirme->execute(array($_SESSION[‘recup_mail’]));
$verif_confirme = $verif_confirme->fetch();
$verif_confirme = $verif_confirme[‘confirme’];
if($verif_confirme == 1) {
$mdp = htmlspecialchars($_POST[‘change_mdp’]);
$mdpc = htmlspecialchars($_POST[‘change_mdpc’]);
if(!empty($mdp) AND !empty($mdpc)) {
if($mdp == $mdpc) {
$mdp = sha1($mdp);
$ins_mdp = $bdd->prepare(‘UPDATE users SET password = ? WHERE mail = ?’);
$ins_mdp->execute(array($mdp,$_SESSION[‘recup_mail’]));
$del_req = $bdd->prepare(‘DELETE FROM recuperation WHERE mail = ?’);
$del_req->execute(array($_SESSION[‘recup_mail’]));
header(‘Location:login.php’);
} else {
$error = “Vos mots de passes ne correspondent pas”;
}
} else {
$error = “Veuillez remplir tous les champs”;
}
} else {
$error = “Veuillez valider votre mail grâce au code de vérification qui vous a été envoyé par mail”;
}
} else {
$error = “Veuillez remplir tous les champs”;
}
}
?>
Récupération de mot de passe
<?php if($section == 'code') { ?> Un code de vérification vous a été envoyé par mail: <?= $_SESSION['recup_mail'] ?><?php } elseif($section == "changemdp") { ?> Nouveau mot de passe pour <?= $_SESSION['recup_mail'] ?>
<?php } else { ?>
<?php } ?> <?php if(isset($error)) { echo ''.$error.''; } else { echo ""; } ?>[/php]
Here is the way it should work :
- The user click on “Forgot my password”
- He is asked to put his e-mail, the code check if the e-mail is registered in “users”
- The user get a mail with the confirmation code (i take mine in the database as the e-mail is not working yet)
- He put the code. If it works, he is asked to change his password (password and password confirm)
- When done, he is redirected to login.php where he can connect
The error is, as i said, that the password change into something incorrect, and i have no idea why.
My “users” sql got :
id/username/login/mail/password/phone/status
(Those are the columns names)
My “recuperation” sql got:
id/mail/code/confirme
Hope you can help me, thanks you very much !