-3

I am new to website design and I have recently made a website and i would like to add a reset password function, it doesn't work.

The SQL connection is inside of the init.php file

<?php
include('core/init.php');
include('includes/overall/header.php');
echo "
<h1>Reset Password</h1>


<div class='Reset' align='center'>
<form action='forgot_pass.php' method'POST'>
Enter your username<br><input type='text' name='username'><p>
<br>
Enter your email<br><input type='email' name='email'><p>
<input type='submit' value='Submit' name='submit'>
</form>
</div>
";

if (isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];

$query = mysql_query("SELECT * FROM `users` WHERE `username`='$username'");
$numrow = mysql_num_rows($query);

if ($numrow!=0)
{
    while($row = mysql_fetch_assoc($query))
    {
        $db_email = $row['email'];
    }
    if ($email == $db_email)
    {
        $code = rand(10000,1000000);

        $to = $db_email;
        $subject = "Password Reset";
        $body = "

        Automated email. Click the link
        http://random-html-stuff.webege.com/forgot_pass.php?code=$code&username=$username

        ";

        mysql_query("UPDATE users SET passreset='$code' WHERE username='$username'");
        mail($to,$subject,$body);

        echo "Check Email";
    }
    else
    {
        echo "Email not correct";
    }
} else {
    echo "That user does not exist";
    }


}

?>

I will be so happy if somebody could help me thanks

Dopey Dopesta
  • 1
  • 1
  • 1
    define "it doesn't work". – Funk Forty Niner Jun 29 '15 at 20:51
  • 4
    You are open to SQL injections with this code. Anytime you pass user input direct to a query you open your DB up to being manipulated/exposing data meant to be secure. – chris85 Jun 29 '15 at 20:51
  • 3
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jun 29 '15 at 20:52
  • Don't ask them for their email. Just ask for the username, and use the email in the database. – Barmar Jun 29 '15 at 20:55
  • 2
    You are vulnerable to [sql injection attacks](http://bobby-tables.com), so enjoy getting your server pwn3d. – Marc B Jun 29 '15 at 20:57
  • As has been pointed out you are vulnerable to sql injections you should learn about PDO... here is a link to a video series: https://www.youtube.com/watch?v=RA-klM5kGn8&list=PLyKBLKYqadGmD33SGjyk_MXrGAHVTVcqa – petebolduc Jun 29 '15 at 21:01
  • you have a major design flaw. You shouldn't use this method – Funk Forty Niner Jun 29 '15 at 21:28

2 Answers2

6

You have an error in your form:

<form action='forgot_pass.php' method'POST'>

It should be

<form action='forgot_pass.php' method='POST'>
                                     ^

Because it's not reading the method option correctly, it's submitting the form via GET, and your isset($_POST['submit']) will return false and not run your code at all.

And finally: As people said in the comments, stray away from mysql_* functions, and look to sanitize the data going in and out of your database.

Blue
  • 22,608
  • 7
  • 62
  • 92
  • 3
    good catch. took me a bunch of staring to figure out the difference between your before/after... maybe consider putting a `^` under the `=` to point it out... – Marc B Jun 29 '15 at 20:59
  • @MarcB Thanks for the suggestion. – Blue Jun 29 '15 at 22:39
0

try to change the query

$query = mysql_query("SELECT * FROM `users` WHERE `username`='$username'");

to 

$query = mysql_query("SELECT * FROM `users` WHERE `username`='$username' and `email`='$email'");
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119