Jump to content
xisto Community
chappill

Gahhh This Isn't Going Well Please Help! Its a forgot password form in php

Recommended Posts

<?// database connection details stored hereinclude "database.php"; ?><!doctype html public "-//w3c//dtd html 3.2//en"><html><head><title>Thanks!</title></head><body bgcolor="#ffffff" text="#000000"><?$email=mysql_real_escape_string($email);$status = "OK";$msg="";//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);if (!stristr($email,"@") OR !stristr($email,".")) {$msg="Your email address is not correct<BR>";$status= "NOTOK";}echo "<br><br>";if($status=="OK"){ $query="SELECT * FROM users WHERE password = '$email'";$st=mysql_query($query);$recs=mysql_num_rows($st);$row=mysql_fetch_object($st);$em=$row->email;// email is stored to a variableif ($recs == 0) { echo
That's a snippet of code from my forgot password form on my site...I don't know why it doesn't work. Here's a few links you may need to help:
http://forums.xisto.com/no_longer_exists/
http://forums.xisto.com/no_longer_exists/
http://forums.xisto.com/no_longer_exists/

Login is the login page, register is the register page and forgot is the forgotten password page, I hope you can help!
The problem is when you click submit on the forgotten password page it takes you off to the next page (like it should) but the next page displays

Your email address is not correct

Even though I know It's right... so there must be something wrong wth the way the script gets the information out of the MySQL database, heres the full code: http://forums.xisto.com/no_longer_exists/ Edited by chappill (see edit history)

Share this post


Link to post
Share on other sites

The problem lies with the way you check for the pattern of an email address:

if (!stristr($email,"@") OR !stristr($email,".")) {

I would take a look at using regexp to detect email addresses, rather than stristr. preg_match will use a regular expression, and tell you whether a given string matches that regular expression.

There is a lot of information on validating email addresses using regular expressions here: http://www.regular-expressions.info/email.html

Share this post


Link to post
Share on other sites

Hmmm now that's confused me :S So I change

if (!stristr($email,"@") OR !stristr($email,".")) {
to this
if (!regexp($email,"@") OR !regexp($email,".")) {
??? Or is that wrong, help I'm lost!!!

But thanks for trying, i get into al sorts of problem with my scripts lol.
Edited by chappill (see edit history)

Share this post


Link to post
Share on other sites

No, regexp isn't a function :D

Regexp stands for regular expressions, and is a way of checking if a string matches a certain pattern. In PHP, the easiest way to use regular expressions is with preg_match. You use it like this:

preg_match("regexp here", "string to check here");
It will return 0 for no matches, or 1 for a match.

The most difficult part is writing the regexp - the pattern the email address has to match to be classed as valid. Regular expressions are tricky to understand to start with, but incredibly powerful.

Share this post


Link to post
Share on other sites

Gahhhh my head hurts I need another break already but I'm not off!

I now have:

preg_match("$email,"@"", "$email,"."");
Instead of:
if (!stristr($email,"@") OR !stristr($email,".")) {

And that produces the error:

Parse error: syntax error, unexpected '@' in /home/chappill/public_html/test/test/forgot-passwordck.php on line 36

Line 36 is that very line above...It's still screwed and It's all because I'm a retard =[

Share this post


Link to post
Share on other sites

What you want that line to say is this:

 

if ( preg_match("^[-._%+A-Za-z0-9]+@[-.A-Za-z0-9]+\.[A-Za-z]{2,4}$", $email) == 0 ) {

The most difficult part to understand is the regexp string, which I will try to explain below. It is basically a pattern that the variable $email must fit to be declared valid. If it fits the pattern, preg_match returns 1, and the email address is valid. If it doesn't fit the pattern, preg_match returns 0, and the email address is invalid.

 

So, to explain that huge jumble of characters:

^ - The start of the string

[-._%+A-Za-z0-9] - Look for the -, ., _, % and + characters, along with characters in the ranges A-Z, a-z and 0-9...

+ - ...repeated any number of times...

@ - ...followed by the @ sign...

[-.A-Za-z0-9] - ...then more letters...

+ - ...repeated any number of times...

\. - ...followed by a dot...

[A-Za-z] - ...then the letters A-Z and a-z...

{2,4} - ...repeated between 2 and 4 times (the domain, like .COM or .UK or something)...

$ - ...and then the end of the string.


Share this post


Link to post
Share on other sites

Sorry it's been about 3 days just got off holidays =].
I put that line in and as I thought it would go ape over

Warning: preg_match() [function.preg-match]: No ending delimiter '^' found in /home/chappill/public_html/test/test/forgot-passwordck.php on line 47

Your email address is not correct

the little ^ thats in there, should that not be something else?

Share this post


Link to post
Share on other sites

Sorry, PHP, for some reason, needs slashes added:

if ( preg_match("/^[-._%+A-Za-z0-9]+@[-.A-Za-z0-9]+\.[A-Za-z]{2,4}$/", $email) == 0 ) {

Just tested it, and it seems to work. Let us know.

Share this post


Link to post
Share on other sites

Dude your a star =] Thanks so much for putting up with my dodgy scripts and finding and solving the problem, without you I would be lost, it works, thanks very much =]

Oh wait, I think theres something wrong with the way it's pulling the information from the MySQL. I have:

echo "<br><br>";if($status=="OK"){ $query="SELECT * FROM users WHERE password = '$email'";$st=mysql_query($query);$recs=mysql_num_rows($st);$row=mysql_fetch_object($st);$em=$row->email;// email is stored to a variable
That as the code, my MySQL table is set up like this, users as the table name which i presumed was FROM, and then username, password and email as my fields. Should this be changed?
Edited by chappill (see edit history)

Share this post


Link to post
Share on other sites

Either you have a very weird and confusing way of naming variables, or this line is wrong:

{ $query="SELECT * FROM users WHERE password = '$email'";

Any reason the password would be the same as their email address?

Share this post


Link to post
Share on other sites

Good point lol I have absolutely no idea, a friend recommended

{ $query="SELECT email,password,username FROM users WHERE password = '$email'";

But i can't see that working either and it didn't!

Share this post


Link to post
Share on other sites

Good point lol I have absolutely no idea, a friend recommended

{ $query="SELECT email,password,username FROM users WHERE password = '$email'";

But i can't see that working either and it didn't!

You've still got password equal to email...?

Surely that line should either be:
{ $query="SELECT * FROM users WHERE email = '$email'";

Or:
{ $query="SELECT * FROM users WHERE password = '$encryptedPassword'";

Identifying users by their password seems somewhat bizarre, so I assume you want the first example - getting a list of people with the email address you want.

Share this post


Link to post
Share on other sites

Why don't you use Mysql query? that would make it a lot easier!Don't jump in at the deep end trying to make a super secure login script with loads of features, a simple register, login and logout is fine for a first try! from there you can make more adjustments to it later. Also i noticed you don't seem to have a members page yet, what use is a forgotten password script if your visitors have no reason to come back!. Like I said don't jump in at the deep end, simple Mysql query's are fine! if you do that there's little chance of errors, and the errors that you do get are simple mistakes, ones that a novice could correct easily.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.