1

I'm very new to all of these things and I'm just really stumped on this. I've been trying for a day and a half to get this part of the code to work, and I've tried numerous different things. It's just not wanting to work for me.

Here's the whole script

<?php
$dbusername = "****";  // info works to connect to login
$dbpassword = "****";  // and everything works fine retrieving
$dbhost = "localhost"; // the email to send the code to (which all works)
$dbname = "****"; 
try {
$conn = new PDO("mysql:host={$dbhost};dbname={$dbname};charset=utf8", $dbusername, $dbpassword);
}
catch(PDOException $ex)
{
    $msg = "Failed to connect to the database";
}

function getToken($length=32){
//redacted - working and unrelated, suffice it to say the token returns properly
return $token;
}

if (isset($_POST["ForgotPassword"])) {

    if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
        $email = $_POST["email"];

    }else{
        echo "Email is invalid.";
        exit;
    }

    // Check to see if a user exists with this e-mail
    $query = $conn->prepare('SELECT email FROM users WHERE email = :email');
    $query->bindParam(':email', $email);
    $query->execute();
    $userExists = $query->fetch(PDO::FETCH_ASSOC);
    $conn = null

    if ($userExists["email"])
    {
        $resetpass = getToken();        

        try {
            $conn = new PDO("mysql:host={$dbhost};dbname={$dbname};charset=utf8", $dbusername, $dbpassword);
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            $stmt = $conn->prepare('UPDATE users SET passwordreset=:resetpass WHERE email=:email');
            $stmt->bindParam(':resetpass', $resetpass);
            $stmt->bindParam(':email', $email);
            $stmt->execute();

            echo $stmt->rowCount() . " records UPDATED successfully";
            }
        catch(PDOException $e)
            {
            echo $sql . "<br>" . $e->getMessage(); //$sql not set anymore
            }

        $conn = null;



    // Create a url which we will direct them to reset their password
    $pwrurl = "*******/reset_password.php?q=".$resetpass;

    // Mail them their key
    $mailbody = "redacted \n\n" . $pwrurl;
    mail($userExists["email"], "redacted", $mailbody);
    echo "Your password recovery key has been sent to your e-mail address.";

    }

    else
        echo "No user with that e-mail address exists.";
    }
?>

Without this query, everything else works famously. It breaks and won't continue here. It never echos the success or failure.

Edit Here's the HTML form too

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Forgot Password</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<form action="change.php" method="POST">
<table align="center" width="30%" border="0">
<div> 
<tr>
<td><input type="text" name="email" placeholder="[email protected]" required /></td>
</tr>
<tr>
<td><button type="submit" name="ForgotPassword" value=" Request Reset ">Reset</button></td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>
Improve this question
8
  • variables could be failing you. Not enough code. php.net/manual/en/function.error-reporting.php and you also have what seems to be an undefined variable $sql. Commented Oct 30, 2015 at 16:40
  • Please don't expect a magical answer to appear. Not without knowing what exactly we're dealing with here, since we have no idea where and how your variables are being declared. This question is impossible to answer in its present state. Commented Oct 30, 2015 at 16:45
  • Bad questions tend to attract bad answers. Take it up with the "bad" one that's been given. I'm out of here. I tried helping you, but you're not cooperating by probably just taking off. Commented Oct 30, 2015 at 16:53
  • I'm sorry, I'm not used to these things being answered so quickly. It normally takes hours on a forum. You're right, I had tried doing it pre-set with an $sql variable (like the one answer) and I didn't update the error. I'm updating the question now. Commented Oct 30, 2015 at 17:36
  • It's now updated. I apologize again. Commented Oct 30, 2015 at 17:47

3 Answers 3

Reset to default
3

Now that you've posted your full code...

Your code is failing because of this wee little bug in your code that is causing some BIG problems.

$conn = null
            ^ right there.

I know this is considered as an off-topic question, but we've been at this for so long, I felt that I had to submit it as answer. (Consult Special note below). It's not completely off-topic.

There is a missing semi-colon in there; add it.

$conn = null;

Had error reporting been set to catch and display errors in your code, would have thrown you a parse error.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

However, you should use proper bracing for all your conditional statements, such as this one:

else
    echo "No user with that e-mail address exists.";

as that could have adverse effects.

Special note:

There is another thing though and it's this variable $token that you've return'ed in your getToken() function. You're not using it anywhere, so it's unsure as to what you want to do with it exactly.

As noted in a comment under your answer, $sql isn't doing anything; it's undefined. However, that won't cause your code to fail, but just throw an undefined variable sql notice, when error reporting is set to catch and display.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Dang, that's a good catch. It was there at one time (and without it the email would still send, oddly). I didn't notice amongst my days of frantic editing that it had disappeared somewhere along the way. That simple change did it, thank you. I've been looking at the code too long. Also, I didn't now about error reporting, that'll be very helpful. :) The $token is used within the function that I redacted, returned here: $resetpass = getToken();
@soxroxr You're most welcome and I was glad to have helped, cheers
@soxroxr Oh, and I know the feeling about scratching my head for so long about a missing closing character somewhere, enough to have marks on my scalp for it. Yeah, a missing dot for me once, and many moons ago. Took me the better part of an hour to find a missing .. Pretty small eh? ;-) That's why I use a code editor and helps to catch those. All the best, cheers
0

As i m not able to comment, I am also new to php and pdo. I checked the code but it seems fine.

only error found 1)$sql variable 2) $conn=null;(semi colon missing) after first query.

Can you provide db side details,table details. So that i can try with that and will try to find a solution.

Improve this answer

3 Comments

I already made a comment about that and that shouldn't cause their code to fail.
I already based my answer about the OP's missing semi-colon, that I must say submitted first and spent a lot more time on this. I honestly don't know why you're posting this if you can't comment yet.
apologize for not commenting ,and about the missing semi-colon i copied code to texteditor and was checking for syntax errors,and i ddn't saw your answer
-1

http://php.net/manual/en/pdo.exec.php#refsect1-pdo.exec-examples

If you look at the example I provided you will see that you can do this without all the bindParam functions. Settings your SQL up before you execute can be helpful.

Although this Isn't tested - my best advice would be to create an $sql variable that you use to store your SQL in as you create it.

Something to this extent will let you see exactly what your $sql is and you can better find your problems after you see exactly what you are trying to execute.

$sql = "UPDATE users SET passwordreset = '" . $resetpass . "' WHERE email ='" . $email . "' ";
Improve this answer

3 Comments

passwordreset = '" . $resetpass . "' WHERE email ='" . $email . "' Are you serious? This is open to an SQL injection.
I had tried that way but I didn't like it and it didn't even work for me.
this person obviously doesn't seem to care much avoid receiving downvotes for both a bad and wrong answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.