Hi I am trying to make forgot password script and successfully completed but I am getting one problem. In forgot.php
When user enter email, script checks the email
<?php
if(isset($_GET['code'])) $acode = $_GET['code'];
else die("No code!");
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
$acode = mysqli_real_escape_string($con, $acode);
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con));
if(mysqli_num_rows($query) == 0) {
echo "Wrong code";
die();
} elseif (mysqli_num_rows ($query)==1 && isset($_POST['pass'])) {
$pass = mysqli_real_escape_string($con, $_POST['pass']);
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con));
echo 'Password Changed';
}
}
?>
enter code here
<form action="resetpass.php?code=<?php echo $_GET['code'];?>" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit" name="submit" value="Signup!" />
</form>
I got a bug in resetpass.php
You'l first have to use $_GET['code']
to get your activation code and store in a hidden field of
here is modified code, that should work.
<?php
if(isset($_POST['pass'])){
$pass = $_POST['pass'];
$acode=$_POST['code'];
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con));
if (mysqli_num_rows ($query)==1)
{
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con));
echo 'Password Changed';
}
else
{
echo 'Wrong CODE';
}
}
?>
<form action="resetpass.php" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit" name="submit" value="Signup!" />
<input type="hidden" name="code" value="<?php echo $_GET['code'];?>" />
</form>
You need to change the action from resetpass.php
to resetpass.php?code=<?php echo $_GET['code'];?>
Otherwise the code gets lost when you submit the form.
For example: (Not bugfree!)
<?php
if(isset($_GET['code'])) $acode = $_GET['code'];
else die("No code!");
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
$acode = mysqli_real_escape_string($con, $acode);
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con));
if(mysqli_num_rows($query) == 0) {
echo "Wrong code";
die();
} elseif (mysqli_num_rows ($query)==1 && isset($_POST['pass'])) {
$pass = mysqli_real_escape_string($con, $_POST['pass']);
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con));
echo 'Password Changed';
}
}
?>
<form action="resetpass.php?code=<?php echo $_GET['code'];?>" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit" name="submit" value="Signup!" />
</form>
But think about some things: