0

I'm trying to make a simple reset password form where the user enters their username, email address, a new password and confirms the new password. However, nothing happens when I run the page. Below is the form that I'm using as well as the PHP script.

FORM:

 <form method="POST" action="password.php">
    <table>
    <tr>
    <td>Enter your Email</td>
    <td><input type="text" size="60" name="email"></td>
    </tr>
    <tr>
   <td>Enter your UserName</td>
    <td><input type="text" size="30" name="username"></td>
    </tr>
  <tr>
    <td>Enter your new password:</td>
    <td><input type="password" size="30" name="newpassword"></td>
    </tr>
    <tr>
   <td>Re-enter your new password:</td>
   <td><input type="password" size="30" name="confirmnewpassword"></td>
    </tr>
    </table>
    <p><input type="submit" value="Update Password">
    </form>

PHP SCRIPT

<?php require_once('Connections/register.php'); ?>
<?php

$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirmnewpassword = $_POST['confirmnewpassword'];

// Redirect links for when password reset is successful or not.
$MM_passwordResetSuccess = "password-updated.php";
$MM_passwordResetFailed = "reset-password.php";


$result = mysql_query("SELECT * FROM register WHERE 
username='$username' AND email='$email'");
        if(!$result)
        {
        echo "The username or email you entered does not exist";
        }

        if($password == $confirmnewpassword)
        $sql=mysql_query("UPDATE register SET password='$password' where 

 username='$username' AND email='$email'");
        if($sql)
        {
            header("Location: " . $MM_passwordResetSuccess );
        //echo "Congratulations You have successfully changed your password";
        }
       else
        {
            header("Location: ". $MM_passwordResetFailed );
       //echo "Passwords do not match";
       }
      ?>

Can anyone help?

Improve this question
7
  • do you have error_reporting switched on? put error_reporting (E_ALL); as your first line. Commented Apr 21, 2018 at 15:15
  • are you getting any error? Commented Apr 21, 2018 at 15:16
  • this $_POST['password']; should be $_POST['newpassword']; - so you get an 'UNDEFINED INDEX ERROR' Commented Apr 21, 2018 at 15:17
  • BUT: 1st: never store plain passwords into your database. 2nd: use prepared statements. 3rd: you need to ask for the old password too. Commented Apr 21, 2018 at 15:18
  • Hi Jeff, no I don't. I'm new to PHP. Rather than updating the password in the database it's failing every time, any ideas whats wrong? Commented Apr 21, 2018 at 15:18

3 Answers 3

Reset to default
1

You have this input element <td><input type="password" size="30" name="newpassword"></td> with name 'newpassword', but then you try to get $password = $_POST['password'] - 'password' only.
So change that to $password = $_POST['newpassword'];

BUT:
1st: never store plain passwords into your database. Use password_hash() and password_verify()
2nd: Use prepared statements. Now this script is very unsecure.
3rd: You need to ask for the old password too. 4th: You should check if you got values first, so do a 

if(!isset($_POST['email']) { 
   // show an error, exit script
   echo "ERROR"
}

for every post-variable. Otherwise you could get an error (as you did now).
5th: Switch on error_reporting(E_ALL);

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You are not checking for the form submission ..

Also, you should add a name to the input field

Like this :

<p><input name="reset" type="submit" value="Update Password">

PHP file :

<?php

if(isset($_POST['reset'])){

//Your php code


}


?>
Improve this answer

Comments

0

you can modify the header as follow :header("Location: password-updated.php" ); and header("Location: reset-password.php"); as it is simplest ways to use header function. Also change $password = $_POST['password']; to $password = $_POST['newpassword'];

Improve this answer

1 Comment

I don't see nothing wrong in keeing the header redirects modular!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.