Hello,
I don't know what I did wrong with the code. Here is the PHP Code:
<?php
// start the session & load configs
session_start();
include 'includes/config.php';
include 'includes/db.php';
// form defaults
$error['alert'] = '';
$error['email'] = '';
$error['pass'] = '';
$error['pass2'] = '';
$input['email'] = '';
$input['pass'] = '';
$input['pass2'] = '';
if(isset($_GET['key'])) {
// User enter a new password
} else {
// User is reqesting new password
if(isset($_POST['submit'])) {
// process the form
$input['email'] = htmlentities($_POST['email'], ENT_QUOTES);
if($_POST['email'] == '') {
$error['email'] = 'required!';
$error['alert'] = "Please fill in all the required fields!";
include 'views/v_reset_pw.php';
} elseif(!preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/', $input['email'])) {
// email is not valid
$error['email'] = 'Please enter an valid email.';
// show form
include 'views/v_reset_pw.php';
}
} else {
// check that the email exists in the database
$check = $mysqli->prepare("SELECT email FROM users WHERE email = ?");
$check->bind_param('s', $input['email']);
$check->execute();
$check->store_result();
if($check->num_rows == 0) {
// display an error - email isn't in the database
$error['alert'] = "Please check for typos. This email doesn't exist in the database!";
include 'views/v_reset_pw.php';
$check->close();
} else {
// create key
$key = randomString(16);
// create the email
$subject = 'Password reset request from ' . $config['site_name'];
$message = "<html><body>";
$message .= "<p>Hello, </p>";
$message .= "<p>You (or someone claiming to be you) recently asked that your " . $config['site_name'] . " password be reset. If so, please click on the link below to reset your password. If you do not want to reset your password, or if the request was in error, please ignore this message</p>";
$message .= "<a href='" . $config['site_url'] . "/reset_password.php?key=" . $key . "'>" . $config['site_url'] . "/reset_password.php?key=" . $key . "</a>";
$message .= "<p>Thanks, <br />The Administrator, " . $config['site_name'];
$message .= "</body></html>";
// create email headers
$header = "MIME-Version : 1.0" . "\r\n";
$header .= "Content-Type: text/html; charset=iso-8859-1" . "/r/n";
$header .= "From: " . $config['site_name'] . " <noreply@" . $config['site_domain'] . ">\r\n";
$header .= "X-Sender: <noreply@" . $config['site_domain'] . ">\r\n";
$header .= "Reply-To: <noreply@" . $config['site_domain'] . ">\r\n";
// send mail
mail($input['email'], $subject, $message, $header);
// update the database
$stmt = $mysqli->prepare("UPDATE users SET pw_reset = ? WHERE email = ?");
$stmt->bind_param('ss', $key, $input['email']);
$stmt->execute();
$stmt->close();
// add alert and clear form values
$error['alert'] = 'Password resent sent successfully. Please check your email inbox.';
$input['email'] = '';
include 'views/v_reset_pw.php';
}
}
}
function randomString($lenght) {
$charakters = '0123456789abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLNMOPQRSTUVWXYZ';
$string = '';
for($p = 0; $p < $lenght; $p++) {
$string .= $charakters[mt_rand(0, strlen($charakters)-1)];
}
return $string;
}
$mysqli->close();
And the Form in HTML:
<form action="" method="post">
<div>
<?php
if ($error['alert'] != '') {
echo "<div class='alert'>" . $error['alert'] . "</div>";
}
?>
<p>Fotget your password? Enter your email below, and we will email you a link to resert your password</p>
<label for="email">Email: *</label>
<input type="text" name="email" value="<?php echo $input['email'] ?>" />
<div class='error'><?php echo $error['email']; ?></div>
<p class="required">All fields marked with * are required!</p>
<input type="submit" name="submit" class="submit" value="Submit" />
</div>
</form>
When I'm going to the URL reset-password.php the first alert what I see is: Please check for typos. This email doesn't exist in the database! It's directly there if i'm just entering the url with params. What did I do wrong?
Sorry for bad english, I'm just 15 and from Germany
