-2
Notice: Array to string conversion in C:\wamp\www\myphpfile\reset_pass_form.php on line <i>33</i>

An email has been sent for you to reset your password!

I already check in my email box i'm getting the proper user_id=value&reset_token=value

reset_pass_form.php

if ( !empty($_POST) && !empty($_POST['forgot_emailpass']) ) { 

$email = escape_data($_POST['forgot_emailpass']);

$result = $heidisql->prepare("SELECT * FROM users WHERE email_address='$email'");
$result->execute();

$user = $result->fetch();

    If($user) {

        session_start();

        $reset_token = random_str(30);
        $new_hashtoken = bin2hex($reset_token);

        $sql = "UPDATE users "
                . "SET reset_token= '$new_hashtoken', "
                . "reset_allocated_time= now() "
                . "WHERE user_id='$user' "; // <- Error is here!

        $reset_pass = $heidisql->prepare($sql);

        $reset_pass->execute();

    // Send registration confirmation link (reset.php)
    $to= $email;
    $from = "smtp.intnet.mu";
    $subject = 'Reset Password';

    //Compose a simple HTML email msg
    $message = "<html><body>";
    $message .= "<h1 style='color: darkblue;'> Hi, there you</h1>";
    $message .= "<p><b>Email:</b> $email</p>";
    $message .= "<p>To reset your password, please click on the given link below: </p>";
    $message .= "<a href='http://localhost:8080/myphpfile/reset_pass_form.php?user_id=".$user['user_id']."&reset_token=".$new_hashtoken. " '> Click Here</a>"; //http://localhost:8080/myphpfile/reset_pass_form.php?
    $message .= "</body></html>";

    $headers = 'From:' .$from. "\r\n" . // Creating the email headers // To send an HTML mail, content-type must be set to HTML
                        'Reply-To: '.$from. "\r\n" .
                        'MIME-Version: 1.0' . "\r\n" . 
                        'Content-type: text/html; charset=iso-8859-1' . "\r\n" .
                        'X-Mailer: PHP/' . phpversion();

    if (mail($to, $subject, $message, $headers)) { // Sending email // email_to, subject, body,email_from

            echo 'An email has been sent for you to reset your password!'; // As you can see above the email is being sent
            exit();

        } else {

            echo'Server failed to sent message, please try again later.';
            exit();

        }

    }
}

In my database my reset_token remain empty instead to being the value $new_hashtoken and the same goes for my reset_allocated_time which also remain null

John Laimuin
  • 91
  • 9
  • 1
    Please, `print_r($user)`. Maybe after this you will see that it is array. Maybe this gives you an idea. – u_mulder Jul 30 '17 at 11:14
  • Still no idea? Hint - if you search by user_id - maybe you should provide this user_id, don't you think? – u_mulder Jul 30 '17 at 11:19

2 Answers2

0

Please print_r the $user variable and use the key of the array in where clause.

$sql = "UPDATE users "
                . "SET reset_token= '$new_hashtoken', "
                . "reset_allocated_time= now() "
                . "WHERE user_id=$user['user_id'] "; // <- user id or what ever the key is
Gulmuhammad Akbari
  • 1,986
  • 2
  • 13
  • 28
0

$user = $result->fetch(); probably returns an array. It could be an array of users or a user array. Try var_dump($user); to inspect what it holds.

If it returns an array of users:

$user[0]->id; // in case it was an array of user objects
OR
$user[0]['id']; // in case it was an array of user arrays

If it returns a user array:

$user['id'];

Also, my other answer might help you understand how to access arrays and objects better.

Lucky Soni
  • 6,811
  • 3
  • 38
  • 57