Results 1 to 4 of 4

Thread: Need help with forgot login script (please!)

  1. #1
    Join Date
    Oct 2009
    Posts
    9
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Default Need help with forgot login script (please!)

    I thought everything was a go, but it looks like no-dice. Seems like it would be simpler than this, but after days of trying to hash it out myself I have to ask for help yet again

    So what we have is a form on one page where the user answers two preset security questions. The answers are then posted to the processing script where my problem occurs. As far as I can tell there is no issue with the query portion, but in inserting the retrieved data into the mail form.

    The script will actually run through and show me my success page, but no mail is actually delivered. After setting the processor to my email manually I found that the message delivered completely ignored my $ variables.

    Well, here's the code in all its glory. Hopefully someone can make me feel stupid by showing me a simple solution!

    Code:
    <?PHP
    
    $host="localhost";
    $username=".";
    $password=".";
    $db_name=".";
    
    $Color=$_POST['Color'];
    $Hobby=$_POST['Hobby'];
    
    mysql_connect("$host", "$username", "$password")or die("cannot connect to server");
    mysql_select_db("$db_name")or die("cannot select DB");
    
    $User=mysql_query("SELECT User FROM users WHERE Color='$Color'")or die('failed to find username');
    
    $Pass=mysql_query("SELECT Pass FROM users WHERE Hobby='$Hobby'")or die('failed to find password');
    
    $Email=mysql_query("SELECT Email FROM users WHERE Color='$Color'") or die('failed to get email address');
    
    $result=mysql_query("SELECT Account FROM users WHERE Hobby='$Hobby'") or die('Query failed'); 
    
    $count = mysql_num_rows($result); 
    if($count < 1){ 
    header("Location: error.php");
    }
    else {
    
    // ---------------- SEND MAIL FORM ----------------
    
    $to=$Email;
    
    $subject="Your login is here!";
    
    $header="from: security <security@mysite.com>";
    
    $message= "Was this what you were looking for? \r\n 
    Your username is $User \r\n 
    Your password is $Pass \r\n";
    }
    if (mail($to, $subject, $message, $header)) {
    header("Location: login-sent.htm");
    }
    else {
    header("Location: error.php");
    }
    
    ?>

  2. #2
    Join Date
    May 2007
    Location
    Boston,ma
    Posts
    2,127
    Thanks
    173
    Thanked 207 Times in 205 Posts

    Default

    If you echo out the variables do you get the correct values? You should also not put straight user inputs into a sql statement this leaves you open to sql injections.

  3. #3
    Join Date
    Oct 2009
    Posts
    9
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Default

    Yeah, I did and got nothing. Thanks for the reply though!

  4. #4
    Join Date
    May 2007
    Location
    Boston,ma
    Posts
    2,127
    Thanks
    173
    Thanked 207 Times in 205 Posts

    Default

    If your getting nothing from color and hobby than the problem is with the form submitting to this.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •