Jump to content

Password change, PHP Email Problem

vixsair

By vixsair
in PHP Coding Help

 Share

Recommended Posts

vixsair Newbie

vixsair

Posted
Posted

Hi there,

 

I've set up  a basic password change that sends an email to the client when they change their password. The email notify's the client that their password has been changed and what the password is. The current problem I'm receiving is that when the user changes their password  the message confirms that an email has been sent however, the email never arrives. The original email only arrives when the client changes their password again and they receive their first password change not their new password change.

 

Can you help?? my code is below:

 

<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="*******"; // Mysql password 
$db_name="testpwreset"; // Database name 


//Connect to server and select database.

$con=mysql_connect("$host", "$username", "$password");
mysql_connect("$host", "$username", "$password") or die("cannot connect to server"); 
mysql_select_db("$db_name") or die("cannot select DB");

// value sent from form 
$email_to=$_POST['email_to'];
$old_password=$_POST['old_password'];
$new_password=$_POST['new_password'];
$new_password2=$_POST['new_password2'];

if ($new_password != $new_password2) {die("Your passwords do not match");}

// table name 
$tbl_name=members; 
mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'");




// retrieve password from table where e-mail = $email_to(*****@gmail.com) 
$sql="SELECT password FROM $tbl_name WHERE email='$email_to' AND password = '$old_password'";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row 
// keep value in variable name "$count" 
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){
$asdf=mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'");
$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];
// ---------------- SEND MAIL FORM ---------------- 

// send e-mail to ...
$to=$email_to; 

// Your subject 
$subject="Your Tafe FTP Password"; 

// From 
$header="from: your name \<your email\>"; 

// Your message 
$messages= "Your password for login to the Orange Tafe IT Ftp Server is: $your_password \r\n";



// send email 
$sentmail = mail($to,$subject,$messages,$header); 

}

// else if $count not equal 1 
else {
echo "Cannot find your email in our database";
}

// if your email succesfully sent 
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}

?>

 

 

Link to comment
Share on other sites
erm410 Newbie

erm410

Posted
Posted

The code you supply changes the password once, then checks if the original entry is still there:

 

// table name 
$tbl_name=members; 
mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'");

// retrieve password from table where e-mail = $email_to(*****@gmail.com) 
$sql="SELECT password FROM $tbl_name WHERE email='$email_to' AND password = '$old_password'";
$result=mysql_query($sql);

 

Is this actually the code you are using? If so you should not get the behavior you describe. When I run the script the 

if($count==1)

fails and I get the output:

 

Cannot find your email in our databaseCannot send password to your e-mail address

 

The behavior you describe is probably because of the order of sql statements in the script. Here is what I would do:

 

// table name 
$tbl_name=members; 

mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'");

// If no user with $email_to and $old_password was found, no rows will be affected and the script can fail with an appropriate message
if (mysql_affected_rows != 1) {
die('Password not updated because your email or password were incorrect');
}

// retrieve password from table where e-mail = $email_to(*****@gmail.com) ($new_password is now in the table, looking for $old_password will inevitably fail)
$sql="SELECT password FROM $tbl_name WHERE email='$email_to' AND password = '$new_password'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

// ---------------- SEND MAIL FORM ---------------- 

// send e-mail to ...
$to=$email_to; 

// Your subject 
$subject="Your Tafe FTP Password"; 

// From 
$header="from: your name \<your email\>"; 

// Your message 
$messages= "Your password for login to the Orange Tafe IT Ftp Server is: $your_password \r\n";

// send email 
$sentmail = mail($to,$subject,$messages,$header);

// if your email succesfully sent 
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}

 

Let me know if this works out.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.