HOME       >>       Programming

Gahhh This Isn't Going Well Please Help! Its a forgot password form in php


chappill

<?// database connection details stored hereinclude "database.php"; ?><!doctype html public "-//w3c//dtd html 3.2//en"><html><head><title>Thanks!</title></head><body bgcolor="#ffffff" text="#000000"><?$email=mysql_real_escape_string($email);$status = "OK";$msg="";//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);if (!stristr($email,"@") OR !stristr($email,".")) {$msg="Your email address is not correct<BR>";$status= "NOTOK";}echo "<br><br>";if($status=="OK"){ $query="SELECT * FROM users WHERE password = '$email'";$st=mysql_query($query);$recs=mysql_num_rows($st);$row=mysql_fetch_object($st);$em=$row->email;// email is stored to a variableif ($recs == 0) { echo
That's a snippet of code from my forgot password form on my site...I don't know why it doesn't work. Here's a few links you may need to help:
http://forums.xisto.com/no_longer_exists/
http://forums.xisto.com/no_longer_exists/
http://forums.xisto.com/no_longer_exists/

Login is the login page, register is the register page and forgot is the forgotten password page, I hope you can help!
The problem is when you click submit on the forgotten password page it takes you off to the next page (like it should) but the next page displays

Your email address is not correct

Even though I know It's right... so there must be something wrong wth the way the script gets the information out of the MySQL database, heres the full code: http://forums.xisto.com/no_longer_exists/

rvalkass

The problem lies with the way you check for the pattern of an email address:

if (!stristr($email,"@") OR !stristr($email,".")) {

I would take a look at using regexp to detect email addresses, rather than stristr. preg_match will use a regular expression, and tell you whether a given string matches that regular expression.

There is a lot of information on validating email addresses using regular expressions here: http://www.regular-expressions.info/email.html

chappill

Hmmm now that's confused me :S So I change

if (!stristr($email,"@") OR !stristr($email,".")) {
to this
if (!regexp($email,"@") OR !regexp($email,".")) {
??? Or is that wrong, help I'm lost!!!

But thanks for trying, i get into al sorts of problem with my scripts lol.

rvalkass

No, regexp isn't a function

Regexp stands for regular expressions, and is a way of checking if a string matches a certain pattern. In PHP, the easiest way to use regular expressions is with preg_match. You use it like this:

preg_match("regexp here", "string to check here");
It will return 0 for no matches, or 1 for a match.

The most difficult part is writing the regexp - the pattern the email address has to match to be classed as valid. Regular expressions are tricky to understand to start with, but incredibly powerful.

chappill

Gahhhh my head hurts I need another break already but I'm not off!

I now have:

preg_match("$email,"@"", "$email,"."");
Instead of:
if (!stristr($email,"@") OR !stristr($email,".")) {

And that produces the error:

Parse error: syntax error, unexpected '@' in /home/chappill/public_html/test/test/forgot-passwordck.php on line 36

Line 36 is that very line above...It's still screwed and It's all because I'm a retard =[

rvalkass

What you want that line to say is this:

 

if ( preg_match("^[-._%+A-Za-z0-9]+@[-.A-Za-z0-9]+\.[A-Za-z]{2,4}$", $email) == 0 ) {

The most difficult part to understand is the regexp string, which I will try to explain below. It is basically a pattern that the variable $email must fit to be declared valid. If it fits the pattern, preg_match returns 1, and the email address is valid. If it doesn't fit the pattern, preg_match returns 0, and the email address is invalid.

 

So, to explain that huge jumble of characters:

^ - The start of the string

[-._%+A-Za-z0-9] - Look for the -, ., _, % and + characters, along with characters in the ranges A-Z, a-z and 0-9...

+ - ...repeated any number of times...

@ - ...followed by the @ sign...

[-.A-Za-z0-9] - ...then more letters...

+ - ...repeated any number of times...

\. - ...followed by a dot...

[A-Za-z] - ...then the letters A-Z and a-z...

{2,4} - ...repeated between 2 and 4 times (the domain, like .COM or .UK or something)...

$ - ...and then the end of the string.



chappill

Sorry it's been about 3 days just got off holidays =].
I put that line in and as I thought it would go ape over

Warning: preg_match() [function.preg-match]: No ending delimiter '^' found in /home/chappill/public_html/test/test/forgot-passwordck.php on line 47

Your email address is not correct

the little ^ thats in there, should that not be something else?

rvalkass

Sorry, PHP, for some reason, needs slashes added:

if ( preg_match("/^[-._%+A-Za-z0-9]+@[-.A-Za-z0-9]+\.[A-Za-z]{2,4}$/", $email) == 0 ) {

Just tested it, and it seems to work. Let us know.

chappill

Dude your a star =] Thanks so much for putting up with my dodgy scripts and finding and solving the problem, without you I would be lost, it works, thanks very much =]

Oh wait, I think theres something wrong with the way it's pulling the information from the MySQL. I have:

echo "<br><br>";if($status=="OK"){ $query="SELECT * FROM users WHERE password = '$email'";$st=mysql_query($query);$recs=mysql_num_rows($st);$row=mysql_fetch_object($st);$em=$row->email;// email is stored to a variable
That as the code, my MySQL table is set up like this, users as the table name which i presumed was FROM, and then username, password and email as my fields. Should this be changed?

rvalkass

Either you have a very weird and confusing way of naming variables, or this line is wrong:

{ $query="SELECT * FROM users WHERE password = '$email'";

Any reason the password would be the same as their email address?

chappill

Good point lol I have absolutely no idea, a friend recommended

{ $query="SELECT email,password,username FROM users WHERE password = '$email'";

But i can't see that working either and it didn't!

rvalkass

Good point lol I have absolutely no idea, a friend recommended

{ $query="SELECT email,password,username FROM users WHERE password = '$email'";

But i can't see that working either and it didn't!

You've still got password equal to email...?

Surely that line should either be:
{ $query="SELECT * FROM users WHERE email = '$email'";

Or:
{ $query="SELECT * FROM users WHERE password = '$encryptedPassword'";

Identifying users by their password seems somewhat bizarre, so I assume you want the first example - getting a list of people with the email address you want.

tracdoor

Why don't you use Mysql query? that would make it a lot easier!Don't jump in at the deep end trying to make a super secure login script with loads of features, a simple register, login and logout is fine for a first try! from there you can make more adjustments to it later. Also i noticed you don't seem to have a members page yet, what use is a forgotten password script if your visitors have no reason to come back!. Like I said don't jump in at the deep end, simple Mysql query's are fine! if you do that there's little chance of errors, and the errors that you do get are simple mistakes, ones that a novice could correct easily.



VIEW DESKTOP VERSION REGISTERGET FREE HOSTING

Xisto.com offers Free Web Hosting to its Members for their participation in this Community. We moderate all content posted here but we cannot warrant full correctness of all content. While using this site, you agree to have read and accepted our terms of use, cookie and privacy policy. Copyright 2001-2019 by Xisto Corporation. All Rights Reserved.