-3

I need to be able to allow a user to reset their password via entering their email , which will then update the database, and send an email to the user with the updated password. they will also be redirected to a page that will allow them to update the password to something else, but I have been unable to get the database to update the password? Please help!

This is my code

  <?php
                $pwd_rand = rand();
            $pwd_reset = $pwd_rand;
            $email_password = $pwd_reset;
            $new_password = sha1($email_password);

if (isset($_POST['useremail'])){
        require 'PHPMailer/PHPMailerAutoload.php';  



$mail = new PHPMailer;
$mail->IsSMTP();
$mail->setFrom('test@phpserver.com', 'A Smith');
$to = $_POST['useremail'];
$mail->addAddress($to, 'Somebody');
$mail->Subject = 'PHPMailer mail() test';
$mail->msgHTML($new_password."   This is your new password." ); 
if (isset($_POST['submit'])){
$db_server = "127.0.0.1";
            $db_usr = "";
            $db_pwd = "";
            $db = $db_usr;
            $conn = mysqli_connect($db_server, $db_usr, $db_pwd, $db);
            $q = "SELECT * FROM login WHERE email = '$to'";
        $row = mysqli_fetch_assoc($queryget);
        $r = mysqli_query($conn, $q);


                $querychange = mysqli_query($conn, "UPDATE login SET password='$newpassword' WHERE email='$to'");







        mysqli_close($conn);
        }
if (!empty($_POST[$useremail])){

mail($to, "From: ");


        } else {
            echo "<div class=\"msg\">Please supply your email address.</div>";
        }
    } else {
        echo "<div class=\"msg\">Please supply your email address.</div>";
    }
}
{

if (!$mail->send()) {
    echo "Mailer Error: " . $mail->ErrorInfo;
} else {
    echo "Message sent!";
                                echo "<div class=\"msg\">Password has been reset, check your email.</div>";
    echo "<script>setTimeout(\"location.href = 'changepassword.php';\",1500);</script>";

}}


?>

This is what i am working with at this moment^ my code will send the email with the new password, and redirects to the update password page, but it fails to update the database with the new password?

Natt
  • 3
  • 2
  • Please be more specific - what happens when you do the MYSQL call to update the user's password? – aphextwix Dec 06 '14 at 14:44
  • at this moment in time, the page does not load, and im guessing theres something wrong with the code to update the database :/ – Natt Dec 06 '14 at 14:47
  • Yeah usually if the page doesn't load it suggests a problem! Ha-Ha. Could you please post the PHP or MYSQL error message? In order to get this add `` to the top of your page and add a `die` statement to the end of your mysqli_query - see [link](http://stackoverflow.com/questions/17053466/how-to-display-errors-for-my-mysqli-query) – aphextwix Dec 06 '14 at 14:52
  • hey sorry, ive tried that but i'm not veiwing any errors :/ i've managed to get the page to load, it will send the email with the updated password, but the login details are still not updated :/ – Natt Dec 06 '14 at 15:26

2 Answers2

0

Don't need that while loop on the update.

Also the update sqli query doesn't really need to be stored in a variable.

Mattigins
  • 1,003
  • 9
  • 25
0

If the updated password is appearing in the email, then the problem isn't due to an undefined variable.

Therefore you will need to see what is being passed to the SQL query.

The most likely cause of this is the variable $newpassword isn't being passed properly to the MYSQL query.

Try either of the following alternate strings and see if either work : 

$querychange = mysqli_query($conn, "
UPDATE login SET password= '".$newpassword."' 
WHERE email='".$to."' ");

OR

 $querychange = mysqli_query($conn, "
 UPDATE login SET password = $newpassword
 WHERE email = $to ");

The first example is escaping the variables $newpassword and $id with '. *$variable *.' and the second example doesn't using any quotation marks.

Check out this other answer for a much better explanation - LINK

Community
  • 1
  • 1
aphextwix
  • 1,775
  • 3
  • 18
  • 27
  • hey thanks for replying! I tried that, yet my database still is not being updated? – Natt Dec 06 '14 at 22:29
  • Managed to solve the problem, which was along with the errors you pointed out, was fixed by replacing if (!empty($_POST[$useremail])) with if (!empty($_POST['useremail'])){ – Natt Dec 06 '14 at 23:24
  • Glad to have been able to help! – aphextwix Dec 07 '14 at 10:44