ForgotPassword PHP and Mysql

Question

I am writing a login form with PHP and Mysql.

I did everything its just the forgot password that is not working.

It sends me email confirmation but it does not update the password in the database.

First is the forgot page, then sends an email and redirect me to the confirm_pass.html page where is the form for the two passwords and on this page executes the confirm_pass.php where is doing everything, except updating the password in the database.

Please help.

 <?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') { 

// Make sure the two passwords match
if ( $_POST['newpassword'] == $_POST['confirmpass'] ) { 

    $new_password = password_hash($_POST['newpassword'], PASSWORD_BCRYPT);

    $email = $mysqli->escape_string($_POST['email']);
    $confirm_code  = md5(rand().$password);

    $result = "UPDATE `mv_db`.`users` SET `password`='$new_password', `confirm`='$confirm_code' WHERE `email`='$email'";

    if ( $mysqli->query($result) ) {
        header("location: login.html");    

    }

}
else {
    $_SESSION['message'] = " The two passwords you entered don't match, try again!";
    header("location: error.php");    
}

}
?>

define "not working". Start by checking for errors via php and the query; you're not doing that. — Funk Forty Niner, Jan 23 '18 at 13:15
@FunkFortyNiner it is not updating the password in the database. The password stays the same. What do you mean by checking for errors? — Nadia, Jan 23 '18 at 13:18
Error reporting https://php.net/manual/en/function.error-reporting.php would have signaled an undefined index error. — Funk Forty Niner, Jan 23 '18 at 13:22

score 2 · Answer 1 · answered Jan 23 '18 at 13:16

2

Your $_POST['email'] is not defined, because there is no "email" field in your HTML form.

So nothing is updated in database, because there is no matching record.

answered Jan 23 '18 at 13:16

Syscall

19,327
10
37
52

heyy, I have this two hidden inputs in the html – Nadia Jan 24 '18 at 09:07

ForgotPassword PHP and Mysql

1 Answers1