PHP - password reset code problems

Question

PHP - password reset code problems

Asked 7 years, 1 month ago

Viewed 64 times

2

I am trying to create a link that is sent to the user so that I can reset the password:

I have the following code that sends the code to the user:

<?php
 include("config.php");
if(isset($_POST['submit_email']) && $_POST['email'])
{
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $sql = "SELECT * FROM registo WHERE email = '$email'";
    $r = mysqli_query($conn, $sql);
    $count = mysqli_num_rows($r);
    if($count == 1){
        $res = mysqli_fetch_assoc($r);
        $email=password_hash($res['email'],PASSWORD_DEFAULT);
        $pass=password_hash($res['password'],PASSWORD_DEFAULT);
        $link="<a href='http:****.php?key=".$email."&reset=".$pass."'>Click To Reset password</a>";
        $to = $res['email'];
        $subject = 'Reset Password';
        $message = 'Click On This Link to Reset Password '.$link;
        $headers = 'From: Galaxy books shop <**@gmail.com>' . "\r\n" .
                   'Reply-To: **@mail.com' . "\r\n" .
                   'X-Mailer: PHP/' . phpversion();
        // Send email
        if(mail($to, $subject, $message, $headers)){
            echo "Your reset link has been sent to your email ";
        }else{
            echo "Failed to Recover your password, try again";
        }

    }else{
        echo "User name does not exist";
    }
}
?>

And then I have the code that was supposed to make the user create a new pass:

<?php
include("config.php");
if($_GET['key'] && $_GET['reset'])
{
  $email=password_hash($_GET['key'],PASSWORD_DEFAULT);
  $pass=password_hash($_GET['reset'],PASSWORD_DEFAULT);
  $sql=mysqli_query($conn,"SELECT email, password FROM registo where email='$email' and password='$pass'");
  $count = mysqli_num_rows($sql);  
  if($count==1)
  {
    ?>
<html>
    <form method="post" action="update_newpassword.php">
    <input type="hidden" name="email" value="<?php echo $email;?>">
    <p>Enter New password</p>
    <input type="password" name='password'>
    <input type="submit" name="submit_password">
    </form>
    </html>
    <?php

  }
}

?>

The problem is that nothing happens the link is actually sent but when clicking on the link the page simply appears blank.

Did you check which http return status? Did you check if the $email variable is being decrypted? Probably blank because $Count must be returning ZERO.

– Karl Zillner

2017/05/16 at 21:21
Your code has no error, literally the error is in the implementation of password_hash. It won’t work because you’ll never find one email and password equal, simple like this, this is Bcrypt, with an always different salt. The $count will return 0, in the latter case, when not found, you’ve asked about it.

– Inkeliz

2017/05/16 at 22:27
Inkeliz has already posted my code with the changes that Oce suggests pf? because I don’t understand. the other answer you gave was more theory than practice and I honestly never heard what you’re saying because I’m new in PHP

– Diana Madeira

2017/05/18 at 05:21

No answers

Browser other questions tagged php html sql

You are not signed in. Login or sign up in order to post.