Can't get my 'Forgot Password' php script to work

General PHP Help
#1

Hi all,

I am trying to get a Password reminder script to work, which I have found online and tried to replicate.

Basically I have 2 tables in my database.

Table 1 - users
Fields: uid, password, uemail, name

Table 2 - recovery_keys
Fields: rid, userID, token, valid

The code up until the point of failure is this -

[php]<?php
include (‘config.php’);
include (‘function.php’);
include (‘database.php’);

if(isset($_POST[‘submit’]))
{
$uemail = $_POST[‘uemail’];
$uemail = mysqli_real_escape_string($db, $uemail);

if(checkUser($uemail) == "true") //check user is a function defined in function.php
{
	$userID = UserID($uemail);
	$token = generateRandomString();
	
	$query = mysqli_query($db, "INSERT INTO recovery_keys (userID, token) VALUES ($userID, '$token') ");
	if($query)
	{
		 $send_mail = send_mail($uemail, $token);


		if($send_mail === 'success')
		{
			 $msg = 'A mail with recovery instruction has sent to your email.';
			 $msgclass = 'bg-success';
		}else{
			$msg = 'There is something wrong - Failed at this point.';
			$msgclass = 'bg-danger';
		}[/php]

When I enter my email address into the post field in the form, it returns the message - There is something wrong - Failed at this point.. This is despite my email address being in the users table. However, what I notice also happens is that a new entry is created in the recovery_keys table when I submit my email. In that table both userIDs and valid columns are set to 1 and the token value is a long string of mixed up characters.

The functions specified in functions.php are as follows. I commented out the link to the PhpMailer documents as this wasn’t on the original code and I:

[php]<?php

function checkUser($uemail)
{
global $db;

$query = mysqli_query($db, "SELECT uid FROM users WHERE uemail = '$uemail'");

if(mysqli_num_rows($query) > 0)
{
	return 'true';
}else
{
	return 'false';
}

}

function UserID($uemail)
{
global $db;

$query = mysqli_query($db, "SELECT uid FROM users WHERE uemail = '$uemail'");
$row = mysqli_fetch_assoc($query);

return $row['uid'];

}

function generateRandomString($length = 20) {
// This function has been taken from stackoverflow.com

$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
    $randomString .= $characters[rand(0, $charactersLength - 1)];
}
return md5($randomString);

}

function send_mail($to, $token)
{
require ‘PHPMailer/PHPMailerAutoload.php’;

$mail = new PHPMailer;

$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = '[email protected]';
$mail->Password = 'XXXXXX'; //I'm guessing my password goes here?
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;

$mail->From = '[email protected]';
$mail->FromName = 'Henry Swanson';
$mail->addAddress($to);
$mail->addReplyTo('henryswanson2018@gmail', 'Reply');

$mail->isHTML(true);

$mail->Subject = 'Demo: Password Recovery Instruction';
$link = 'forget.php?email='.$to.'&token='.$token;
$mail->Body    = "<b>Hello</b><br><br>You have requested for your password recovery. <a href='$link' target='_blank'>Click here</a> to reset your password. If you are unable to click the link then copy the below link and paste in your browser to reset your password.<br><i>". $link."</i>";

$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

if(!$mail->send()) {
	return 'fail';
} else {
	return 'success';
}

}

function verifytoken($userID, $token)
{
global $db;

$query = mysqli_query($db, "SELECT valid FROM recovery_keys WHERE userID = $userID AND token = '$token'");
$row = mysqli_fetch_assoc($query);

if(mysqli_num_rows($query) > 0)
{
	if($row['valid'] == 1)
	{
		return 1;
	}else
	{
		return 0;
	}
}else
{
	return 0;
}

}
?>[/php]

The config file seems to have the correct parameters to connect to my table.

Is there anything that stands out as being wrong? There is more code which I can post, but as I was getting an error at line 29 (in the top pasted code snippet) I haven’t pasted it all.

Many thanks for reading and any help would be greatly appreciated.

#2

Oh, and if it’s relevant, I’m working on a local WAMP testing server. I changed settings in my Google Account to

From Access for less secure apps section, select Turn on as suggested here:

Still didn’t work though…

#3

If the message is failing, it is important to figure out why.

While you want a generic error message for a production system, while working on it, you need as much helpful information as you can get. Return the error on failure, or log it so that you can see what happened.
[php]
if(!$mail->send()) {
return $mail->ErrorInfo;[/php]

#4

Thanks astonecipher,

Sorry, but how would I implement that? Do I need to define $mail string? I tried to stick that code in here:

[php]
$query = mysqli_query($db, "INSERT INTO recovery_keys (userID, token) VALUES ($userID, ‘$token’) ");
if($query)
{
$send_mail = send_mail($uemail, $token);

		  if(!$mail->send()) {
		  return $mail->ErrorInfo;}

		if($send_mail === 'success')
		{
			 $msg = 'A mail with recovery instruction has sent to your email.';
			 $msgclass = 'bg-success';
		}else{
			
			
			$msg = 'There is something wrong - Failed at this point.';
			$msgclass = 'bg-danger';
		}

[/php]

But php didn’t like that. I need to define mail and send() function? Apologies, complete beginner here.

Thanks

#5

You are using it in your send_mail function, just need to go down to where you call the send method and add it where you are doing the [php]return ‘fail’;[/php]

#6

So in the form? After I have called the send method POST?

#7

[php]function send_mail($to, $token)
{
require ‘PHPMailer/PHPMailerAutoload.php’;

$mail = new PHPMailer;

$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = '[email protected]';
$mail->Password = 'XXXXXX'; //I'm guessing my password goes here?
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;

$mail->From = '[email protected]';
$mail->FromName = 'Henry Swanson';
$mail->addAddress($to);
$mail->addReplyTo('henryswanson2018@gmail', 'Reply');

$mail->isHTML(true);

$mail->Subject = 'Demo: Password Recovery Instruction';
$link = 'forget.php?email='.$to.'&token='.$token;
$mail->Body    = "<b>Hello</b><br><br>You have requested for your password recovery. <a href='$link' target='_blank'>Click here</a> to reset your password. If you are unable to click the link then copy the below link and paste in your browser to reset your password.<br><i>". $link."</i>";

$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

if(!$mail->send()) {
	return 'fail';
} else {
	return 'success';
}

}[/php]

In there

#8

Thanks - I’ve added at the bottom of the send_mail function as you showed me.

[php]if(!$mail->send()) {
	return $mail->ErrorInfo;
} else {
	return 'success';
}[/php]

I’m not getting any more information about the error however. I’m not sure if it’s to do with my localhost settings or something else?

Thanks for your help astonecipher

#9

Update - I’ve reached a bit of dead end here so I’ve been following a different tutorial on how to do this. Again issues however, but I’ll post about this in a separate thread. Thanks.

Sponsor our Newsletter | Privacy Policy | Terms of Service