Jump to content
Killersites Community
ghost123456789

Php Login Part 14

Recommended Posts

Hello,

 

I don't know what I did wrong with the code. Here is the PHP Code:

 

<?php

// start the session & load configs
session_start();
include 'includes/config.php';
include 'includes/db.php';

// form defaults
$error['alert'] = '';
$error['email']  = '';
$error['pass']  = '';
$error['pass2']  = '';

$input['email']  = '';
$input['pass']  = '';
$input['pass2']  = '';

if(isset($_GET['key'])) {
   // User enter a new password

} else {
   // User is reqesting new password
   if(isset($_POST['submit'])) {
       // process the form
       $input['email'] = htmlentities($_POST['email'], ENT_QUOTES);

       if($_POST['email'] == '') {
           $error['email'] = 'required!';
           $error['alert'] = "Please fill in all the required fields!";

           include 'views/v_reset_pw.php';
       } elseif(!preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/', $input['email'])) {
           // email is not valid
           $error['email'] = 'Please enter an valid email.';

           // show form
           include 'views/v_reset_pw.php';
       }
   } else {
       // check that the email exists in the database
       $check = $mysqli->prepare("SELECT email FROM users WHERE email = ?");
       $check->bind_param('s', $input['email']);
       $check->execute();
       $check->store_result();
       if($check->num_rows == 0) {
           // display an error - email isn't in the database
           $error['alert'] = "Please check for typos. This email doesn't exist in the database!";
           include 'views/v_reset_pw.php';
           $check->close();
       } else {
           // create key
           $key = randomString(16);

           // create the email
           $subject = 'Password reset request from ' . $config['site_name'];

           $message = "<html><body>";
           $message .= "<p>Hello, </p>";
           $message .= "<p>You (or someone claiming to be you) recently asked that your " . $config['site_name'] . " password be reset. If so, please click on the link below to reset your password. If you do not want to reset your password, or if the request was in error, please ignore this message</p>";
           $message .= "<a href='" . $config['site_url'] . "/reset_password.php?key=" . $key . "'>" . $config['site_url'] . "/reset_password.php?key=" . $key . "</a>";
           $message .= "<p>Thanks, <br />The Administrator, " . $config['site_name'];
           $message .= "</body></html>";

           // create email headers
           $header = "MIME-Version : 1.0" . "\r\n";
           $header .=  "Content-Type: text/html; charset=iso-8859-1" . "/r/n";
           $header .= "From: " . $config['site_name'] . " <noreply@" . $config['site_domain'] . ">\r\n";
           $header .= "X-Sender: <noreply@" . $config['site_domain'] . ">\r\n";
           $header .= "Reply-To: <noreply@" . $config['site_domain'] . ">\r\n";

           // send mail
           mail($input['email'], $subject, $message, $header);

           // update the database
           $stmt = $mysqli->prepare("UPDATE users SET pw_reset = ? WHERE email = ?");
           $stmt->bind_param('ss', $key, $input['email']);
           $stmt->execute();
           $stmt->close();

           // add alert and clear form values
           $error['alert'] = 'Password resent sent successfully. Please check your email inbox.';
           $input['email'] = '';
           include 'views/v_reset_pw.php';
       }
   }
}

function randomString($lenght) {
   $charakters = '0123456789abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLNMOPQRSTUVWXYZ';
   $string = '';

   for($p = 0; $p < $lenght; $p++) {
       $string .= $charakters[mt_rand(0, strlen($charakters)-1)];
   }

   return $string;
}

$mysqli->close();

 

And the Form in HTML:

            <form action="" method="post">
               <div>
                   <?php
                   if ($error['alert'] != '') {
                       echo "<div class='alert'>" . $error['alert'] . "</div>";
                   }
                   ?>

                   <p>Fotget your password? Enter your email below, and we will email you a link to resert your password</p>

                   <label for="email">Email: *</label>
                   <input type="text" name="email" value="<?php echo $input['email'] ?>" />
                   <div class='error'><?php echo $error['email']; ?></div>

                   <p class="required">All fields marked with * are required!</p>
                   <input type="submit" name="submit" class="submit" value="Submit" />
               </div>
           </form>

 

When I'm going to the URL reset-password.php the first alert what I see is: Please check for typos. This email doesn't exist in the database! It's directly there if i'm just entering the url with params. What did I do wrong?

 

Sorry for bad english, I'm just 15 and from Germany ;)

Share this post


Link to post
Share on other sites

Your code looks ok. Your email address may be getting changed though in the htmlentities function, or somewhere along the line as the script processes.

 

If you call the var_dump() function on your various variables and arrays throughout the logic, you can get a pretty good idea of what's happening.

 

For example, place the function var_dump($input); prior to the mysqli statement to see what the $input['email'] variable looks like right before it is passed to the database.

 

In case you don't quite understand, here's a snippet...

 

   } else {
       var_dump($input);
       // check that the email exists in the database
       $check = $mysqli->prepare("SELECT email FROM users WHERE email = ?");

 

If you don't have Xdebug installed on your MAMP/WAMP stack - you may want to google on how to do that.

Share this post


Link to post
Share on other sites

Hello,

 

thanks for the answer. I'm haven't WAMP/MAMP, I've got XAMPP at my work. At home I've got MAMP. The problem is that the script doesn't go to this line. The interpretor skips this if statement and go directly to the else line.

   // User is reqesting new password
   if(isset($_POST['submit'])) {

   } else {

 

I don't know why. I tested it with the var_dump() function but I didn't find the problem.

Share this post


Link to post
Share on other sites

You have an issue with an unnecessary "}" -- basically, you have an "else" that's associated with the wrong "if".

 

Here's the original source file -- take a look and compare it to yours (look closely at around line 39 in your file, which matches about line 120 in my file).

 

reset_password.php

Share this post


Link to post
Share on other sites

Guten Tag Jan - ich spreche Englisch aber ich lerne Deutsch jetzt. Du arbeitest noch, mit 15 Jahre?

 

Using a text editor like Notepad++ (it's free!) will show you pretty clearly when a "{" closes with a respective "}" and helps greatly in locating these kinds of errors ahead of time.

Edited by khanahk

Share this post


Link to post
Share on other sites

Hello khanahk,

hello Ben,

 

for understanding problems I'm using english right now. I like your idea of learning german ;) Yes, I'm 16 (3 month ago I was 15) and I've got my own small IT company for webdesign & customer support in germany. You can visit my website at it4need.de. Thank you for the tip with notepad++ but i'm using a mac and still use Netbeans as my PHP IDE.

 

By the way the problem was solved and I'm learning so much with your courses Ben. Thank you for the big part of work!

 

Best wishes

Edited by Jan

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×