Forgot password problem

Hello!

I’m coding my first php website right now and I have a small problem…

In this code:

[php]

<?php include_once("php_includes/check_login_status.php"); ini_set('display_errors',1); // If user is already logged in, header him/her away if($user_ok == true){ header("location: user.php?u=".$_SESSION["username"]); exit(); } ?><?php

// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST[“e”])){
$e = mysqli_real_escape_string($db_conx, $_POST[‘e’]);
$sql = “SELECT id, username FROM users WHERE email=’$e’ AND activated=‘1’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$id = $row[“id”];
$u = $row[“username”];
}
$emailcut = substr($e, 0, 4);
$randNum = rand(10000,99999);
$tempPass = “$emailcut$randNum”;
$hashTempPass = hash(“SHA512”, $tempPass);
$validate = md5($_POST[‘username’] + microtime());
$sql = “UPDATE useroptions SET temp_pass=’$hashTempPass’ WHERE username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$to = “$e”;
$from = "[email protected]";
$headers =“From: $from\n”;
$headers .= “MIME-Version: 1.0\n”;
$headers .= “Content-type: text/html; charset=iso-8859-1 \n”;
$subject =“Busarna4.net78.net Temporary Password”;
$msg = ‘

Hello ‘.$u.‘

This is an automated message from Busarna4.net78.net. If you did not recently initiate the Forgot Password process, please disregard this email.

You indicated that you forgot your login password. We can generate a temporary password for you to log in with, then once logged in you have to change your password to anything you like.

After you click the link below your password to login will be:
’.$tempPass.‘

Click here now to apply the temporary password shown below to your account

If you do not click the link in this email, no changes will be made to your account. In order to set your login password to the temporary password you must click the link above.

’;
if(mail($to,$subject,$msg,$headers)) {
echo “success”;
exit();
} else {
echo “email_send_failed”;
exit();
}
} else {
echo “no_exist”;
}
exit();
}
?><?php
// EMAIL LINK CLICK CALLS THIS CODE TO EXECUTE
if(isset($_GET[‘u’]) && isset($_GET[‘e’])){
$u = preg_replace(’#[^a-z0-9]#i’, ‘’, $_GET[‘u’]);
$temppasshash = $hashTempPass;
if(strlen($temppasshash) < 10){
exit();
}
$sql = “SELECT id FROM useroptions WHERE username=’$u’ AND temp_pass=’$temppasshash’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows == 0){
header(“location: message.php?msg=There is no match for that username with that temporary password in the system. We cannot proceed.”);
exit();
} else {
$row = mysqli_fetch_row($query);
$id = $row[0];
$sql = “UPDATE users SET password=’$temppasshash’ WHERE id=’$id’ AND username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$sql = “UPDATE useroptions SET temp_pass=’’ WHERE username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
header(“location: login.php”);
exit();
}
}
?> Forgot Password #forgotpassform{ margin-top:24px; } #forgotpassform > div { margin-top: 12px; } #forgotpassform > input { width: 250px; padding: 3px; background: #F3F9DD; } #forgotpassbtn { font-size:15px; padding: 10px; } <?php include_once("template_pageTop.php"); ?> <?php include_once("template_pageBottom.php"); ?> [/php] the code at line 61 won't execute... Then I click the emailed link that should update the database and then header me to the login page I only get a blank white page and the database haven't been updated...

Does anyone know what I should do?

Thanks in advance // Busarna4

here’s the mysql database tables

[php]

<?php include_once("php_includes/db_conx.php"); $tbl_users = "CREATE TABLE IF NOT EXISTS users ( id INT(11) NOT NULL AUTO_INCREMENT, username VARCHAR(255) NOT NULL, email VARCHAR(255) NOT NULL, password VARCHAR(255) NOT NULL, gender ENUM('m','f') NOT NULL, website VARCHAR(255) NULL, country VARCHAR(255) NULL, userlevel ENUM('a','b','c','d') NOT NULL DEFAULT 'a', avatar VARCHAR(255) NULL, ip VARCHAR(255) NOT NULL, signup DATETIME NOT NULL, lastlogin DATETIME NOT NULL, notescheck DATETIME NOT NULL, activated ENUM('0','1') NOT NULL DEFAULT '0', PRIMARY KEY (id), UNIQUE KEY username (username,email) )"; $query = mysqli_query($db_conx, $tbl_users); if ($query === TRUE) { echo "

user table created OK :)

"; } else { echo "

user table NOT created :(

"; } //////////////////////////////////// $tbl_useroptions = "CREATE TABLE IF NOT EXISTS useroptions ( id INT(11) NOT NULL, username VARCHAR(255) NOT NULL, background VARCHAR(255) NOT NULL, question VARCHAR(255) NULL, answer VARCHAR(255) NULL, temp_pass VARCHAR(255) NOT NULL, PRIMARY KEY (id), UNIQUE KEY username (username) )"; $query = mysqli_query($db_conx, $tbl_useroptions); if ($query === TRUE) { echo "

useroptions table created OK :)

"; } else { echo "

useroptions table NOT created :(

"; } //////////////////////////////////// $tbl_friends = "CREATE TABLE IF NOT EXISTS friends ( id INT(11) NOT NULL AUTO_INCREMENT, user1 VARCHAR(255) NOT NULL, user2 VARCHAR(255) NOT NULL, datemade DATETIME NOT NULL, accepted ENUM('0','1') NOT NULL DEFAULT '0', PRIMARY KEY (id) )"; $query = mysqli_query($db_conx, $tbl_friends); if ($query === TRUE) { echo "

friends table created OK :)

"; } else { echo "

friends table NOT created :(

"; } //////////////////////////////////// $tbl_blockedusers = "CREATE TABLE IF NOT EXISTS blockedusers ( id INT(11) NOT NULL AUTO_INCREMENT, blocker VARCHAR(255) NOT NULL, blockee VARCHAR(255) NOT NULL, blockdate DATETIME NOT NULL, PRIMARY KEY (id) )"; $query = mysqli_query($db_conx, $tbl_blockedusers); if ($query === TRUE) { echo "

blockedusers table created OK :)

"; } else { echo "

blockedusers table NOT created :(

"; } //////////////////////////////////// $tbl_status = "CREATE TABLE IF NOT EXISTS status ( id INT(11) NOT NULL AUTO_INCREMENT, osid INT(11) NOT NULL, account_name VARCHAR(255) NOT NULL, author VARCHAR(255) NOT NULL, type ENUM('a','b','c') NOT NULL, data TEXT NOT NULL, postdate DATETIME NOT NULL, PRIMARY KEY (id) )"; $query = mysqli_query($db_conx, $tbl_status); if ($query === TRUE) { echo "

status table created OK :)

"; } else { echo "

status table NOT created :(

"; } //////////////////////////////////// $tbl_photos = "CREATE TABLE IF NOT EXISTS photos ( id INT(11) NOT NULL AUTO_INCREMENT, user VARCHAR(255) NOT NULL, gallery VARCHAR(255) NOT NULL, filename VARCHAR(255) NOT NULL, description VARCHAR(255) NULL, uploaddate DATETIME NOT NULL, PRIMARY KEY (id) )"; $query = mysqli_query($db_conx, $tbl_photos); if ($query === TRUE) { echo "

photos table created OK :)

"; } else { echo "

photos table NOT created :(

"; } //////////////////////////////////// $tbl_notifications = "CREATE TABLE IF NOT EXISTS notifications ( id INT(11) NOT NULL AUTO_INCREMENT, username VARCHAR(255) NOT NULL, initiator VARCHAR(255) NOT NULL, app VARCHAR(255) NOT NULL, note VARCHAR(255) NOT NULL, did_read ENUM('0','1') NOT NULL DEFAULT '0', date_time DATETIME NOT NULL, PRIMARY KEY (id) )"; $query = mysqli_query($db_conx, $tbl_notifications); if ($query === TRUE) { echo "

notifications table created OK :)

"; } else { echo "

notifications table NOT created :(

"; } ?>

[/php]

The code at line 61 won't execute...

As you know there is no line numbering in the PHP embedded code therefore it is hard to guess what information resides on line 61 or 40. It would be much better if you embed the entire script first and after that just that line which is creating problem. for example.

Line No. 61 is:
[php]echo something;[/php]

As result it will be much easier for us to figure out what’s wrong with the code.

okay

You got the whole script above…

First I got this error when clicking on the emailed link, line 55-61:

[php]
$sql = “SELECT id FROM useroptions WHERE username=’$u’ AND temp_pass=’$temppasshash’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows == 0){
header(“location: message.php?msg=There is no match for that username with that temporary password in the system. We cannot proceed.”);
exit();
}
[/php]

But I managed to fix that error and now this code won’t execute and I just get a blank white page when clicking the link in the email, line 61-70:

[php]
} else {
$row = mysqli_fetch_row($query);
$id = $row[0];
$sql = “UPDATE users SET password=’$temppasshash’ WHERE id=’$id’ AND username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
$sql = “UPDATE useroptions SET temp_pass=’’ WHERE username=’$u’ LIMIT 1”;
$query = mysqli_query($db_conx, $sql);
header(“location: login.php”);
exit();
}
[/php]

And here’s the hole if() statement that I’m having problems with, line 47-72:

[php]

<?php // EMAIL LINK CLICK CALLS THIS CODE TO EXECUTE if(isset($_GET['u']) && isset($_GET['e'])){ $u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']); $temppasshash = $hashTempPass; if(strlen($temppasshash) < 10){ exit(); } $sql = "SELECT id FROM useroptions WHERE username='$u' AND temp_pass='$temppasshash' LIMIT 1"; $query = mysqli_query($db_conx, $sql); $numrows = mysqli_num_rows($query); if($numrows == 0){ header("location: message.php?msg=There is no match for that username with that temporary password in the system. We cannot proceed."); exit(); } else { $row = mysqli_fetch_row($query); $id = $row[0]; $sql = "UPDATE users SET password='$temppasshash' WHERE id='$id' AND username='$u' LIMIT 1"; $query = mysqli_query($db_conx, $sql); $sql = "UPDATE useroptions SET temp_pass='' WHERE username='$u' LIMIT 1"; $query = mysqli_query($db_conx, $sql); header("location: login.php"); exit(); } } ?>

[/php]

Thanks in advance // Busarna4

It’s a lot of reading. :-X I will read it later and will tell you about any updates (if any) :

Comment this line…
[php]
header(“location: message.php?msg=There is no match for that username with that temporary password in the system. We cannot proceed.”);
exit();
[/php]

and add the following right beneath it.
[php] mysqli_affected_rows($sql);[/php]

and tell me what do you get???

I only get a white blank page ???

Have you commented out the lines I told you??? and do get any error warning if you make any??? If you don’t know about this, then create a new demp.php page and paste the following code in it.

[php]

<?php phpinfos(); ?>

[/php]

Do you get any error?? or just Blank Page???

I get this on demp.php:

Fatal error: Call to undefined function phpinfos() in /home/a3854613/public_html/test/demp.php on line 2

and when clicking the emailed link I get a blank page

Ok. Your errors are turned on by default. Therefore, remove this line form the code and the give it a try.

[php] ini_set(‘display_errors’,1);[/php]

Still the same

Well it’s strange there should some error or any other output, a blank page can’t help us ;D

Do you get redirected to another page???

not when I should on forgot pass page but sigup and login etc redirect me just fine ???

Sorry have no idea about it. Hope some one else might help you out.

okay thanks for trying to help me at least

When I did this:

[php]
if(isset($_GET[‘u’]) && $validate = md5($_POST[‘username’] + microtime())){
$u = preg_replace(’#[^a-z0-9]#i’, ‘’, $_GET[‘u’]);
$temppasshash = $hashTempPass;
if(strlen($temppasshash) < 10){
echo(“ERROR”);
exit();
}
[/php]

instead of:

[php]
if(isset($_GET[‘u’]) && $validate = md5($_POST[‘username’] + microtime())){
$u = preg_replace(’#[^a-z0-9]#i’, ‘’, $_GET[‘u’]);
$temppasshash = $hashTempPass;
if(strlen($temppasshash) < 10){
exit();
}
[/php]
I got ERROR on the blank page so it’s that code that dosen’t work

That’s great you have figured it out yourself.

Thanks