I'm writing a page to work as a forgotten password which emails a link with a token, for the most it works perfectly and up until line 89 which is to update the user table with the token and exp date for the token, I get nothing, no errors no success, it doesn't even return me to the index.php page defined on success
Line 89 is just after the commented-out section which emails the user, up till this point all works perfectly
I'm learning as I'm building, to be honest, so I have no formal training I have used the mysqli_prepare statements on the Register and Login pages but there is a select and insert statement this is the first time with an UPDATE.
From my existing pages and web guides/references, I can not see where I have gone wrong.
Any help you can give would be much appreciated.
<?php
// Initialize the session
session_start();
// Check if the user is logged in, otherwise redirect to login page
if($_SESSION["loggedin"] == true){
header("location: password-change.php");
exit;
}
// Include config file
require_once "inc/config.php";
// Define variables and initialize with empty values
$email = $human = "";
$email_err = $human_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate email
if(empty(trim($_POST["email"]))){
$email_err = "Please enter a email.";
} elseif(!preg_match('/^([a-zA-Z0-9\+_\-]+)(\.[a-zA-Z0-9\+_\-]+)*@([a-zA-Z0-9\-]+\.)+[a-zA-Z]{2,6}$/', trim($_POST["email"]))){
$email_err = "email can only contain letters, numbers, and underscores.";
} else{
// Prepare a select statement
$sql = "SELECT id FROM users WHERE email = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_email);
// Set parameters
$param_email = trim($_POST["email"]);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
$email = trim($_POST["email"]);
} else{
$email_err = "No email like this exists.";
}
} else{
echo "Oops! Looks like Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Validate human name
if(empty(trim($_POST["human"]))){
$human_err = "Please enter your answer (In Numbers)";
} elseif(!preg_match('/[0-9]$/', trim($_POST["human"]))){
$human_err = "Your answer can only contain numbers.";
} elseif(trim($_POST["human"]) != 12 ) {
$human_err = "Sorry thats incorrect, please try again.";
} else {
}
// Check input errors before inserting in database
if(empty($email_err) && empty($human_err)){
$token = md5($email).rand(10,9999);
$expFormat = mktime(date("H"), date("i"), date("s"), date("m") ,date("d")+1, date("Y"));
$expDate = date("Y-m-d H:i:s",$expFormat);
$link = "<a href='https://www.heroestable.com.au/reset-password.php?key=" . $email . "&token=" . $token . "'>Click To Reset password</a>";
// $toMail = "peddlerstable@gmail.com";
// $header = "From: Trevor <trevormulley@outlook.com>\r\n" .
// "Content-Type: text/html; charset=UTF-8\r\n" .
// "Reply-To: trevormulley@outlook.com\r\n" .
// "X-Mailer: PHP/" . phpversion();
// $MySubject = "User password request request from [HeroesTable.com.au]\r\n";
// $body = "<p>Hey there friend,</p>" .
// "Someone has requested the password to be reset for this email address: $email.<br>" .
// "If this wasnt you please ignore this email as no change has been made, otherwise please click the link below to reset your password." .
// "<p> $link </p>" .
// "Regards<br>" .
// " - Trev<br><br>" .
// "<img src='https://heroestable.com.au/images/heroes-table-disc-150x150.webp' width='150' height='150'>";
// mail($toMail, $MySubject, $body, $header);
// Prepare an update statement
$sql = "UPDATE users SET reset_link_token = ?, exp_date = ? WHERE email = ?";
if($stmt = mysqli_prepare($link, $sql)){
mysqli_stmt_bind_param($stmt, "sss", $param_token, $param_expDate, $param_email);
// Set parameters
$param_token = $token;
$param_expDate = $expDate;
$param_email = $email;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
header("location: index.php");
exit();
} else{
echo "Oops! Something went wrong. Please try again later.";
echo("Error description: " . $stmt -> error);
echo "<br>"; print_r($_POST);
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($link);
}
include "inc/headder.php"
?>
<body>
<div class="center padd-text-top">
<div class="auth">
<h2>Forgot password</h2>
<p>Please enter your registered email address and the human check and we will email you a link to reset your password.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group">
<label> </label>
<input type="text" name="email" placeholder="email address" class="form-control <?php echo (!empty($email_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $email; ?>">
<span class="invalid-feedback"><?php echo $email_err; ?></span>
</div>
<div class="form-group">
<label> </label>
<input type="text" name="human" placeholder="What is six plus six? (Numbers Only)" class="form-control <?php echo (!empty($human_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $human; ?>">
<span class="invalid-feedback"><?php echo $human_err; ?></span>
</div>
<div class="form-group">
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<a class="btn btn-link ml-2" href="index.php">Cancel</a>
</div>
</form>
</div>
</div>
</body>
</html>
