Password Recovery Script

[Eggie 0]

While trying to make password recovery script for "bhupinunder" i run into a problem...
i made this:

<?php$dbh = mysql_connect('localhost','jaskaran_gc','gc') or die ("Cannot Connect: " . mysql_error());mysql_select_db('jaskaran_gc',$dbh);?><form method=post action=restore.php?recover=answer><?php print"Email:</td><td><input type=text name=email></td></tr>";?><P><INPUT TYPE=submit VALUE=Submit!></P></form><?phpif ($recover=answer) print"$email";?>

and it doesn't print anything...but if i put it like this

<?php$dbh = mysql_connect('localhost','jaskaran_gc','gc') or die ("Cannot Connect: " . mysql_error());mysql_select_db('jaskaran_gc',$dbh);?><form method=post action=restore.php?recover=answer><?php print"Email:</td><td><input type=text name=email></td></tr>";?><P><INPUT TYPE=submit VALUE=Validate it!></P></form><?phpif ($recover=answer) print"ssss";?>

it just shows that form and prints

ssss

how do i make it that i type email and click submit that the email is stored in "$email"
if someone help me with that i don't think that i'll have any problems storing it in mysql!
pls respond

[turbopowerdmaxsteel 0]

email is the name of the field in the form, correct? Depending on the HTTP method of submission you are using for the form, you can retrieve the values as:-$_GET['email'] for GET method$_POST['email'] for POST method

[Quatrux 4]

It's one of the worst things I ever saw in a while, but anyway, I just fixed some things, it might work, I didn't test anything by myself, but I guess it should work, even though I think you're still learning and are just practicing, this is why I just fixed some stuff.

<?php$dbh = mysql_connect('localhost','jaskaran_gc','gc') or die("Cannot Connect: " . mysql_error());mysql_select_db('jaskaran_gc',$dbh);?><form method="post" action="restore.php?recover=answer"><tr><td>Email:</td><td><input type="text" name="email"></td></tr><p><input type="submit" value="Submit!"></p></form><?phpif ($_GET['recover'] == 'answer') echo $_POST['email'];?>

[Eggie 0]

<?php$dbh = mysql_connect('localhost','jaskaran_gc','gc') or die("Cannot Connect: " . mysql_error());mysql_select_db('jaskaran_gc',$dbh);?><form method="post" action="restore.php?recover=answer"><tr><td>Email:</td><td><input type="text" name="email"></td></tr><tr><td>pass:</td><td><input type="password" name="pass"></td></tr><p><input type="submit" value="Submit!"></p></form><?phpif ($_GET['recover'] == 'answer') mysql_query("update users set userpass=$_POST['pass'] where email=$_POST['email']") or die(mysql_error());?>

whats wrong now?(i should have asked from the start for someone to solve it now now when no one will answer)

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/jaskaran/public_html/restore.php on line 11
Edited February 5, 2008 by Eggie (see edit history)

[turbopowerdmaxsteel 0]

Use $_POST outside of the double quotes.

if ($_GET['recover'] == 'answer') mysql_query("update users set userpass=" . $_POST['pass'] . "where email=" . $_POST['email']) or die(mysql_error());

Edited February 6, 2008 by turbopowerdmaxsteel (see edit history)

[Eggie 0]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'email=jurica@mail.com' at line 1

[Eggie 0]

solved again ))

mysql_query("UPDATE users SET userpass = '".md5($_POST['pass'])."' WHERE email = '".$_POST['email']."'") or die(mysql_error());

pls put [sOLVED] in the topic name(and delete this)

[iGuest 3]

well their really isn't any confirmation.. Like what happened after you enter the user and pass.. It just changes the username and pass without verification.. So you could just put anyone's user and pass in..

-reply by nate