Jump to content

Php Login Part 14


ghost123456789

Recommended Posts

Hello,

 

I don't know what I did wrong with the code. Here is the PHP Code:

 

<?php

// start the session & load configs
session_start();
include 'includes/config.php';
include 'includes/db.php';

// form defaults
$error['alert'] = '';
$error['email']  = '';
$error['pass']  = '';
$error['pass2']  = '';

$input['email']  = '';
$input['pass']  = '';
$input['pass2']  = '';

if(isset($_GET['key'])) {
   // User enter a new password

} else {
   // User is reqesting new password
   if(isset($_POST['submit'])) {
       // process the form
       $input['email'] = htmlentities($_POST['email'], ENT_QUOTES);

       if($_POST['email'] == '') {
           $error['email'] = 'required!';
           $error['alert'] = "Please fill in all the required fields!";

           include 'views/v_reset_pw.php';
       } elseif(!preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/', $input['email'])) {
           // email is not valid
           $error['email'] = 'Please enter an valid email.';

           // show form
           include 'views/v_reset_pw.php';
       }
   } else {
       // check that the email exists in the database
       $check = $mysqli->prepare("SELECT email FROM users WHERE email = ?");
       $check->bind_param('s', $input['email']);
       $check->execute();
       $check->store_result();
       if($check->num_rows == 0) {
           // display an error - email isn't in the database
           $error['alert'] = "Please check for typos. This email doesn't exist in the database!";
           include 'views/v_reset_pw.php';
           $check->close();
       } else {
           // create key
           $key = randomString(16);

           // create the email
           $subject = 'Password reset request from ' . $config['site_name'];

           $message = "<html><body>";
           $message .= "<p>Hello, </p>";
           $message .= "<p>You (or someone claiming to be you) recently asked that your " . $config['site_name'] . " password be reset. If so, please click on the link below to reset your password. If you do not want to reset your password, or if the request was in error, please ignore this message</p>";
           $message .= "<a href='" . $config['site_url'] . "/reset_password.php?key=" . $key . "'>" . $config['site_url'] . "/reset_password.php?key=" . $key . "</a>";
           $message .= "<p>Thanks, <br />The Administrator, " . $config['site_name'];
           $message .= "</body></html>";

           // create email headers
           $header = "MIME-Version : 1.0" . "\r\n";
           $header .=  "Content-Type: text/html; charset=iso-8859-1" . "/r/n";
           $header .= "From: " . $config['site_name'] . " <noreply@" . $config['site_domain'] . ">\r\n";
           $header .= "X-Sender: <noreply@" . $config['site_domain'] . ">\r\n";
           $header .= "Reply-To: <noreply@" . $config['site_domain'] . ">\r\n";

           // send mail
           mail($input['email'], $subject, $message, $header);

           // update the database
           $stmt = $mysqli->prepare("UPDATE users SET pw_reset = ? WHERE email = ?");
           $stmt->bind_param('ss', $key, $input['email']);
           $stmt->execute();
           $stmt->close();

           // add alert and clear form values
           $error['alert'] = 'Password resent sent successfully. Please check your email inbox.';
           $input['email'] = '';
           include 'views/v_reset_pw.php';
       }
   }
}

function randomString($lenght) {
   $charakters = '0123456789abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLNMOPQRSTUVWXYZ';
   $string = '';

   for($p = 0; $p < $lenght; $p++) {
       $string .= $charakters[mt_rand(0, strlen($charakters)-1)];
   }

   return $string;
}

$mysqli->close();

 

And the Form in HTML:

            <form action="" method="post">
               <div>
                   <?php
                   if ($error['alert'] != '') {
                       echo "<div class='alert'>" . $error['alert'] . "</div>";
                   }
                   ?>

                   <p>Fotget your password? Enter your email below, and we will email you a link to resert your password</p>

                   <label for="email">Email: *</label>
                   <input type="text" name="email" value="<?php echo $input['email'] ?>" />
                   <div class='error'><?php echo $error['email']; ?></div>

                   <p class="required">All fields marked with * are required!</p>
                   <input type="submit" name="submit" class="submit" value="Submit" />
               </div>
           </form>

 

When I'm going to the URL reset-password.php the first alert what I see is: Please check for typos. This email doesn't exist in the database! It's directly there if i'm just entering the url with params. What did I do wrong?

 

Sorry for bad english, I'm just 15 and from Germany ;)

Link to comment
Share on other sites

Your code looks ok. Your email address may be getting changed though in the htmlentities function, or somewhere along the line as the script processes.

 

If you call the var_dump() function on your various variables and arrays throughout the logic, you can get a pretty good idea of what's happening.

 

For example, place the function var_dump($input); prior to the mysqli statement to see what the $input['email'] variable looks like right before it is passed to the database.

 

In case you don't quite understand, here's a snippet...

 

   } else {
       var_dump($input);
       // check that the email exists in the database
       $check = $mysqli->prepare("SELECT email FROM users WHERE email = ?");

 

If you don't have Xdebug installed on your MAMP/WAMP stack - you may want to google on how to do that.

Link to comment
Share on other sites

Hello,

 

thanks for the answer. I'm haven't WAMP/MAMP, I've got XAMPP at my work. At home I've got MAMP. The problem is that the script doesn't go to this line. The interpretor skips this if statement and go directly to the else line.

   // User is reqesting new password
   if(isset($_POST['submit'])) {

   } else {

 

I don't know why. I tested it with the var_dump() function but I didn't find the problem.

Link to comment
Share on other sites

  • 3 months later...

Guten Tag Jan - ich spreche Englisch aber ich lerne Deutsch jetzt. Du arbeitest noch, mit 15 Jahre?

 

Using a text editor like Notepad++ (it's free!) will show you pretty clearly when a "{" closes with a respective "}" and helps greatly in locating these kinds of errors ahead of time.

Edited by khanahk
Link to comment
Share on other sites

Hello khanahk,

hello Ben,

 

for understanding problems I'm using english right now. I like your idea of learning german ;) Yes, I'm 16 (3 month ago I was 15) and I've got my own small IT company for webdesign & customer support in germany. You can visit my website at it4need.de. Thank you for the tip with notepad++ but i'm using a mac and still use Netbeans as my PHP IDE.

 

By the way the problem was solved and I'm learning so much with your courses Ben. Thank you for the big part of work!

 

Best wishes

Edited by Jan
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...