0

Connection variables would be above ($dbConnected), but I took them out for obvious reasons. As for the issue I cannot seem to tell if there is an issue with the connection to my database or if it is a logic error within the main body of my code.

<?php

 $hostname = "";
 $username = "";
 $password = "";

 $databaseName = "";

 $dbConnected = mysql_connect($hostname, $username, $password);

 $dbSelected = mysql_select_db($databaseName, $dbConnected);

 if ($dbConnected) {
      $email = $_POST['email'];

      $query = mysql_query("SELECT * FROM Users WHERE Primary_Email = '$email'");   
      $numrows = mysql_num_rows($query);
        // Checking to see whether the email address is registered in the database
        if ($numrows == 1) {

        $pass = rand();
        $pass = md5($pass);
        $password = $pass;

        // Updating database with new password
        mysql_query("UPDATE Users SET UserPassword = '$password' WHERE User_Email = '$email'");

        $query = mysql_query("SELECT * FROM users WHERE User_Email = '$email' AND UserPassword = '$password'");
        $numrows = mysql_num_rows($query);
        if ($numrows == 1) {
          // Create email
          $webmaster = "admin@chaluparosa-gaming.com";
          $headers = "From: Ian Monson <$webmaster>";
          $subject = "Your new password";
          $message = "Hello. You have requested a password reset. Your new password is below. Please do not reply to this email, as it was automated \n
                      Password: $password \n ";

          if (mail($email, $subject, $message, $headers)) {
            echo "Your password has been reset. An email has been sent with your new password!"
            echo '<br />';

          } else {
            echo "Error in sending out the email...";
            echo '<br />';

          }

        }

    } else {
        echo "Email address was invalid or not found...!";
    }
} else {
  echo "Error connecting to the database...!";
}

?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Chewy
  • 85
  • 2
  • 4
  • 15
  • 1
    Done any basic debugging, like addding `or die(mysql_error())` to all of your query() calls? NONE of your code has error handling and simply assumes queries can never fail. Bad assumption. You are also vulnerable to [sql injection attacks](http://bobby-tables.com). – Marc B Oct 07 '14 at 15:40
  • Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide. – Jay Blanchard Oct 07 '14 at 15:45
  • or you could simply add some echos.. saying I'm here! – EricSSH Oct 07 '14 at 17:00

1 Answers1

0

You need to add error message for the sql separately then leave the rest of the code to show its own error message

 <?php

 $hostname = "";
 $username = "";
 $password = "";
 $databaseName = "";
 $dbConnected = mysql_connect($hostname, $username, $password) or die(mysql_error()); //die() with a mysql error message 
 $dbSelected = mysql_select_db($databaseName);
if (isset($email = $_POST['email'])) { //Check if email has been submitted
      $query = mysql_query("SELECT * FROM Users WHERE Primary_Email = '$email'") or die(mysql_error());   
      $numrows = mysql_num_rows($query);
        // Checking to see whether the email address is registered in the database
        if ($numrows == 1) {
        $pass = rand();
        $pass = md5($pass);
        $password = $pass;
        // Updating database with new password
        mysql_query("UPDATE Users SET UserPassword = '$password' WHERE User_Email = '$email'") or die(mysql_error());
        $query = mysql_query("SELECT * FROM users WHERE User_Email = '$email' AND UserPassword = '$password'") or die(mysql_error());
        $numrows = mysql_num_rows($query);
        if ($numrows == 1) {
          // Create email
          $webmaster = "admin@chaluparosa-gaming.com";
          $headers = "From: Ian Monson <$webmaster>";
          $subject = "Your new password";
          $message = "Hello. You have requested a password reset. Your new password is below. Please do not reply to this email, as it was automated \n
                      Password: $password \n ";
          if (mail($email, $subject, $message, $headers)) {
            echo "Your password has been reset. An email has been sent with your new password!"
            echo '<br />';
          } else {
            echo "Error in sending out the email...";
            echo '<br />';
          }
        }
    } else {
        echo "Email address was invalid or not found...!";
    }
}
Nickk
  • 3
  • 2