I followed this tutorial to my specs, but then installed it exactly like described. I have it all connected; the email gets sent with the expiration token and properly connects the user to the password reset page. But, the password page submits and says all is well, but none of the passwords get changes.
I tried another email password recovery tutorial that worked to the same point, but then changed the password to something unknown, which created a lot of problems.
Important: Create Database with name "register" then import the attached password_reset_temp.sql file
OR You can also create using following query:
CREATE TABLE
password_reset_temp(keyvarchar(250) NOT NULL,expDatedatetime NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
I have all that in place.
This is password_reset_temp.sql
-- phpMyAdmin SQL Dump
-- version 3.5.2.2
-- http://www.phpmyadmin.net
--
-- Host: 127.0.0.1
-- Generation Time: Aug 13, 2018 at 09:14 AM
-- Server version: 5.5.27
-- PHP Version: 5.4.7
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
--
-- Database: `register`
--
-- --------------------------------------------------------
--
-- Table structure for table `password_reset_temp`
--
CREATE TABLE IF NOT EXISTS `password_reset_temp` (
`email` varchar(250) NOT NULL,
`key` varchar(250) NOT NULL,
`expDate` datetime NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
This is index.php
<?php
/*
Author: Javed Ur Rehman
Website: https://www.allphptricks.com
*/
require_once('class.phpmailer.php');
?>
<html>
<head>
<title>Demo Forgot Password Recovery (Reset) using PHP and MySQL - AllPHPTricks.com</title>
<link rel='stylesheet' href='css/style.css' type='text/css' media='all' />
</head>
<body>
<div style="width:700px; margin:50 auto;">
<h2>Demo Forgot Password Recovery (Reset) using PHP and MySQL</h2>
<?php
include('db.php');
if(isset($_POST["email"]) && (!empty($_POST["email"]))){
$email = $_POST["email"];
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!$email) {
$error .="<p>Invalid email address please type a valid email address!</p>";
}else{
$sel_query = "SELECT * FROM `users` WHERE email='".$email."'";
$results = mysqli_query($con,$sel_query);
$row = mysqli_num_rows($results);
if ($row==""){
$error .= "<p>No user is registered with this email address!</p>";
}
}
if($error!=""){
echo "<div class='error'>".$error."</div>
<br /><a href='javascript:history.go(-1)'>Go Back</a>";
}else{
$expFormat = mktime(date("H"), date("i"), date("s"), date("m") , date("d")+1, date("Y"));
$expDate = date("Y-m-d H:i:s",$expFormat);
$key = md5(2418*2+$email);
$addKey = substr(md5(uniqid(rand(),1)),3,10);
$key = $key . $addKey;
// Insert Temp Table
mysqli_query($con,
"INSERT INTO `password_reset_temp` (`email`, `key`, `expDate`)
VALUES ('".$email."', '".$key."', '".$expDate."');");
$output='<p>Dear user,</p>';
$output.='<p>Please click on the following link to reset your password.</p>';
$output.='<p>-------------------------------------------------------------</p>';
$output.='<p><a href="http://jerrittpace.com/practice/Login%20with%20emai%20password%20protections%201112/original%20demo/reset-password.php?key='.$key.'&email='.$email.'&action=reset" target="_blank">http://jerrittpace.com/practice/Login%20with%20emai%20password%20protections%201112/original%20demo/reset-password.php?key='.$key.'&email='.$email.'&action=reset</a></p>';
$output.='<p>-------------------------------------------------------------</p>';
$output.='<p>Please be sure to copy the entire link into your browser.
The link will expire after 1 day for security reason.</p>';
$output.='<p>If you did not request this forgotten password email, no action
is needed, your password will not be reset. However, you may want to log into
your account and change your security password as someone may have guessed it.</p>';
$output.='<p>Thanks,</p>';
$output.='<p>AllPHPTricks Team</p>';
$body = $output;
$subject = "JerrittPace.COM - Password Recovery";
$email_to = $email;
$fromserver = "jerrittpace@jerrittpace.com";
require("PHPMailer/PHPMailerAutoload.php");
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->Host = "mail.jerrittpace.com"; // Enter your host here
$mail->SMTPAuth = true;
$mail->Username = "jerrittpace@jerrittpace.com"; // Enter your email here
$mail->Password = "_Jjp553597"; //Enter your password here
$mail->Port = 587;
$mail->IsHTML(true);
$mail->From = "jerrittpace@jerrittpace.com";
$mail->FromName = "JerrittPace.COM";
$mail->Sender = $fromserver; // indicates ReturnPath header
$mail->Subject = $subject;
$mail->Body = $body;
$mail->AddAddress($email_to);
if(!$mail->Send()){
echo "Mailer Error: " . $mail->ErrorInfo;
}else{
echo "<div class='error'>
<p>An email has been sent to you with instructions on how to reset your password.</p>
</div><br /><br /><br />";
}
}
}else{
?>
<form method="post" action="" name="reset"><br /><br />
<label><strong>Enter Your Email Address:</strong></label><br /><br />
<input type="email" name="email" placeholder="username@email.com" />
<br /><br />
<input type="submit" value="Reset Password"/>
</form>
<p> </p>
<p> </p>
<p> </p>
<?php } ?>
<br /><br />
<a href="https://www.allphptricks.com/forgot-password-recovery-reset-using-php-and-mysql/"><strong>Tutorial Link</strong></a> <br /><br />
For More Web Development Tutorials Visit: <a href="https://www.allphptricks.com/"><strong>AllPHPTricks.com</strong></a>
</div>
</body>
</html>
Thia ia db.php, which I am confident connects correctly.
<?php
/*
Author: Javed Ur Rehman
Website: https://www.allphptricks.com
*/
// Enter your Host, username, password, database below.
// I left password empty because i do not set password on localhost.
$con = mysqli_connect("localhost","register","_Jjp553597","register");
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
die();
}
date_default_timezone_set('us/eastern');
$error="";
?>
I had to include these files:
class.smtp.php
class.phpmailer.php
I just put them in the main directory. I really doubt these files are a a problem, but I will upload them if anyone thinks it might be helpful. They are really long files.
Here is reset-password.php, which is where I think I have my mistake.
<?php
/*
Author: Javed Ur Rehman
Website: https://www.allphptricks.com
*/
?>
<html>
<head>
<title>Demo Reset Password - AllPHPTricks.com</title>
<link rel='stylesheet' href='css/style.css' type='text/css' media='all' />
</head>
<body>
<div style="width:700px; margin:50 auto;">
<h2>Demo Reset Password</h2>
<?php
include('db.php');
if (isset($_GET["key"]) && isset($_GET["email"])
&& isset($_GET["action"]) && ($_GET["action"]=="reset")
&& !isset($_POST["action"])){
$key = $_GET["key"];
$email = $_GET["email"];
$curDate = date("Y-m-d H:i:s");
$query = mysqli_query($con,"
SELECT * FROM `password_reset_temp` WHERE `key`='".$key."' and `email`='".$email."';");
$row = mysqli_num_rows($query);
if ($row==""){
$error .= '<h2>Invalid Link</h2>
<p>The link is invalid/expired. Either you did not copy the correct link from the email,
or you have already used the key in which case it is deactivated.</p>
<p><a href="https://www.allphptricks.com/forgot-password/index.php">Click here</a> to reset password.</p>';
}else{
$row = mysqli_fetch_assoc($query);
$expDate = $row['expDate'];
if ($expDate >= $curDate){
?>
<br />
<form method="post" action="" name="update">
<input type="hidden" name="action" value="update" />
<br /><br />
<label><strong>Enter New Password:</strong></label><br />
<input type="password" name="pass1" id="pass1" maxlength="15" required />
<br /><br />
<label><strong>Re-Enter New Password:</strong></label><br />
<input type="password" name="pass2" id="pass2" maxlength="15" required/>
<br /><br />
<input type="hidden" name="email" value="<?php echo $email;?>"/>
<input type="submit" id="reset" value="Reset Password" />
</form>
<?php
}else{
$error .= "<h2>Link Expired</h2>
<p>The link is expired. You are trying to use the expired link which as valid only 24 hours (1 days after request).<br /><br /></p>";
}
}
if($error!=""){
echo "<div class='error'>".$error."</div><br />";
}
} // isset email key validate end
if(isset($_POST["email"]) && isset($_POST["action"]) && ($_POST["action"]=="update")){
$error="";
$pass1 = mysqli_real_escape_string($con,$_POST["pass1"]);
$pass2 = mysqli_real_escape_string($con,$_POST["pass2"]);
$email = $_POST["email"];
$curDate = date("Y-m-d H:i:s");
if ($pass1!=$pass2){
$error .= "<p>Password do not match, both password should be same.<br /><br /></p>";
}
if($error!=""){
echo "<div class='error'>".$error."</div><br />";
}else{
$pass1 = md5($pass1);
mysqli_query($con,
"UPDATE `users` SET `password`='".$pass1."', `trn_date`='".$curDate."' WHERE `email`='".$email."';");
mysqli_query($con,"DELETE FROM `password_reset_temp` WHERE `email`='".$email."';");
echo '<div class="error"><p>Congratulations! Your password has been updated successfully.</p>
<p><a href="https://www.allphptricks.com/forgot-password/login.php">Click here</a> to Login.</p></div><br />';
}
}
?>
<br /><br />
<a href="https://www.allphptricks.com/forgot-password-recovery-reset-using-php-and-mysql/"><strong>Tutorial Link</strong></a> <br /><br />
For More Web Development Tutorials Visit: <a href="https://www.allphptricks.com/"><strong>AllPHPTricks.com</strong></a>
</div>
</body>
</html>
The stlye sheet is very plain: css/style.css
It is hosted at
The other system I have uploaded is at http://jerrittpace.com/practice/another%20reset%20password%20with%20email%20system%20trial/forgot_password.php
This is the one that changes the password to something unknown, which causes all kinds of problems managing the database. I can upload that code too if it's helpful, but I think I have just overlooked something simple in the reset-password.php file I left above.
Cheers, and thanks for your kind considerations!!
Jerritt Pace