0

I have put together a forgot password page that should insert a token to my lost password db table and send the user a email with a link to reset the password but I am not getting the email and just get there was a error message on the forgot password page after clicking the submit button and bit unsure what the issue is. My code is below

<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$db = new mysqli("localhost", "username", "password", "databasename");
if(isset($_POST['submit'])){
    $email = $_POST['email'];
    $stmt = $db->prepare("SELECT * FROM `users` where `customer_email` = ?");
    $stmt->bind_param('s', $email);
    $stmt->execute();
    $res = $stmt->get_result();
    if($res->num_rows < 1){
        echo "No such email has been found";
    } else{
        $fetch = $res->fetch_assoc();
        $userid = $fetch['user_id'];
        $token = bin2hex(openssl_random_pseudo_bytes(45));
        $from = "noreply@domain.co.uk";
        $url = 'https://www.domain.co.uk/account/passwordreset.php?token='.$token;
        if(mail($email, $url, $from)){
            //if(mail($to,$subject,$message,$url,$headers)){
            $stmt = $db->prepare("INSERT INTO `lost_password`(user_id, token) values(?,?)");
            $stmt->bind_param('is', $userid, $token);
            $stmt->execute();
            $to = $email;
            $subject = "New Password Instructions";
            $message = " Please visit $url to reset your password";
            // Always set content-type when sending HTML email
            $headers = "MIME-Version: 1.0" . "\r\n";
            $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
            // More headers
            $headers .= 'From: <noreply@domain.co.uk>' . "\r\n";
            $mail=mail($to,$subject,$message,$headers);
            if($stmt->affected_rows == 1){
                echo "We have emailed you instructions on how to reset your password";
            } else {
                echo "there was an error";
            }
        }
    }
}
?>
user3783243
  • 5,368
  • 5
  • 22
  • 41
Ian Haney
  • 87
  • 1
  • 2
  • 14
  • Please indent your code. This is hard to read. Currently you are getting `echo "there was an error";` or some 500 page? – user3783243 Dec 28 '19 at 15:48
  • I have indented the code, hopefully it is bit easier to read. Regarding the error, yeah am getting `echo "there was an error"` on the page – Ian Haney Dec 28 '19 at 15:53
  • Prior to `affected_rows` conditional try `printf("Error: %s.\n", $stmt->error);`. Also, this is going to be sending 2 emails, is that intended? – user3783243 Dec 28 '19 at 16:00
  • I put in `printf("Error: %s.\n", $stmt->error);` and it shows the error on the page Error: Field 'id' doesn't have a default value. there was an error. Also no should only send one email, im guessing thats because I have two mail lines in the code? `if(mail($email, $url, $from)){' and '$mail=mail($to,$subject,$message,$headers);` – Ian Haney Dec 28 '19 at 16:02
  • Yes, that is correct. So sounds like `lost_password` needs to have its schema updated so `id` is auto-incrementing. – user3783243 Dec 28 '19 at 16:03
  • I have made the id auto-incrementing now but now when I submitted the forgot password form again, I get the error Error: Incorrect integer value: 'bbd13c969f1b23c6709fa43dcbc4dc45b8365749194e13da46e8a750ebb0f6bd8e5aa73ec29cd3a631acf2b01b' for column 'token' at row 1. there was an error displayed on the page – Ian Haney Dec 28 '19 at 16:09
  • Sorry I forgot to make the token VARCHAR instead INT so sorted that now and the message now says the email has been sent but not receiving the email, is that due to having the two lines of mail? – Ian Haney Dec 28 '19 at 16:11
  • 1
    Emailing not being sent could be a large number of issues and is kind of a different question. `if(mail($email, $url, $from)){` should be removed. Look at what `$mail` is. https://stackoverflow.com/questions/4633227/why-mail-fails-in-php I usually use `swift` or `phpmailer`, the native function isn't the best https://stackoverflow.com/questions/5335273/how-to-send-an-email-using-php – user3783243 Dec 28 '19 at 16:15
  • I have removed the `if(mail($email, $url, $from)){` line and the mail coding looks ok from what I can see but not getting the email still? I prefer using the mail rather than the phpmailer and the mail code works on my register page so trying to compare the two – Ian Haney Dec 28 '19 at 16:23
  • One reason to use phpmailer/switfmailer instead of `mail()` is that they are more portable since they don't depend on any specific server configs. They also makes it much easier to create HTML emails and using a proper SMTP (which is highly recommended). – M. Eriksson Dec 28 '19 at 16:49

1 Answers1

0

If you are working on local server then the error will occure. Have you cheched it on live server? If not please check it on live server.

OR

Instead of using mail() function use PHPMailer

Nafish Ahmed
  • 64
  • 6
  • Yeah am using it on a live server as know on a local server it won't work, I think I will need to take a look at phpmailer as mentioned – Ian Haney Dec 28 '19 at 17:20