SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Sep 2010
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    how to return to index.php or login.php after message is sent?

    I am using the following script to reset a forgotten password. When the process succeeds, this code occurs on line 124:

    error('New Password Sent!.');

    When the user clicks OK, the script continues and displays the form again.
    I want to link to index.php rather than display the form. I've tried several things, but nothing seems to work. I think I'm having a problem of "don't see the forest for the trees". Thanks for your help. Here is the script I'm using:

    PHP Code:
    <?php
    /**
     * ShuttleCMS - A basic CMS coded in PHP.
     * Password Reset - Used for allowing a user to reset password
     * 
     * @author Dan <dan@danbriant.com>
     * @version 0.0.1
     * @package ShuttleCMS
     * [url]www.danbriant.com/general/creating-php-password-reset-script[/url]
     */
    define('IN_SCRIPT'true);
    // Start a session
    session_start();

    //Connect to the MySQL Database
    //include '../connect.php';
    include ("db.php");
    include (
    "functions.php");
    include (
    "header.php");

    //this function will display error messages in alert boxes, used for login forms so if a field is invalid it will still keep the info
    //use error('foobar');
    function error($msg) {
        
    ?>
        <html>
        <head>
        <script language="JavaScript">
        <!--
            alert("<?=$msg?>");
            history.back();
        //-->
        </script>
        </head>
        <body>
        </body>
        </html>
        <?
        
    exit;
    }

    //This functions checks and makes sure the email address that is being added to database is valid in format. 
    function check_email_address($email) {
      
    // First, we check that there's one @ symbol, and that the lengths are right
      
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$"$email)) {
        
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        
    return false;
      }
      
    // Split it into sections to make life easier
      
    $email_array explode("@"$email);
      
    $local_array explode("."$email_array[0]);
      for (
    $i 0$i sizeof($local_array); $i++) {
         if (!
    ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$"$local_array[$i])) {
          return 
    false;
        }
      }  
      if (!
    ereg("^\[?[0-9\.]+\]?$"$email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
        
    $domain_array explode("."$email_array[1]);
        if (
    sizeof($domain_array) < 2) {
            return 
    false// Not enough parts to domain
        
    }
        for (
    $i 0$i sizeof($domain_array); $i++) {
          if (!
    ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$"$domain_array[$i])) {
            return 
    false;
          }
        }
      }
      return 
    true;
    }


    if (isset(
    $_POST['submit'])) {
        
        if (
    $_POST['forgotpassword']=='') {
            
    error('Please Fill in Email.');
        }
        if(
    get_magic_quotes_gpc()) {
            
    $forgotpassword htmlspecialchars(stripslashes($_POST['forgotpassword']));
        } 
        else {
            
    $forgotpassword htmlspecialchars($_POST['forgotpassword']);
        }
        
    //Make sure it's a valid email address, last thing we want is some sort of exploit!
        
    if (!check_email_address($_POST['forgotpassword'])) {
              
    error('Email Not Valid - Must be in format of [email]name@domain.tld[/email]');
        }
        
    // Lets see if the email exists
        
    $sql "SELECT COUNT(*) FROM posts WHERE email = '$forgotpassword'";
        
    $result mysql_query($sql)or die('Could not find member: ' mysql_error());
        if (!
    mysql_result($result,0,0)>0) {
            
    error('Email Not Found!');
        }

        
    //Generate a RANDOM MD5 Hash for a password
        
    $random_password=md5(uniqid(rand()));
        
    //Take the first 8 digits and use them as the password we intend to email the user
        
    $emailpassword=substr($random_password08);
            echo 
    "<p>$emailpassword</p>"
        
    //Encrypt $emailpassword in MD5 format for the database. 1/14/2013 Jim removing md5.
        
    $newpassword$emailpassword;
            echo 
    $newpassword;
            
    // Make a safe query
               
    $query sprintf("UPDATE `posts` SET `pass` = '%s' 
                              WHERE `email` = '
    $forgotpassword'",
                        
    mysql_real_escape_string($newpassword));
                        
                        
    mysql_query($query)or die('Could not update post: ' mysql_error());

    //Email out the infromation
    $subject "Your New Password"
    $message "Your new password is as follows:
    ---------------------------- 
    Password: 
    $emailpassword
    ---------------------------- 
    Please make note this information has been encrypted into our database 

    This email was automatically generated."

                           
              if(!
    mail($forgotpassword$subject$message,  "FROM: $site_name <$site_email>")){ 
                 die (
    "Sending Email Failed, Please Contact Site Admin! ($site_email)"); 
              }else{ 
                    
    error('New Password Sent!.');
             } 
            
        }
        
    else {
    ?>   <form name="forgotpasswordform" action="" method="post">

             <fieldset>
                 Enter your email address.
                 <p></p>
                 <p></p>
                 <label for="email" class="fixedwidth">Email Address:&nbsp &nbsp;</label>
                 <input name="forgotpassword" type="text" value="" id="forgotpassword" />
                 <input type="submit" name="submit" value="Submit"/>
            </fieldset>

          </form>

       <?   
    }

    include (
    "footer.php");
    ?>
    Last edited by cpradio; Jan 25, 2013 at 12:00. Reason: Added php bb codes

  2. #2
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,849
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    On success why don't you use PHP's header function to redirect them somewhere? Your use of the Javascript function history.back() is causing them to go back. You should definitely get rid of that, get rid of the Javascript altogether and just output a success message.

  3. #3
    SitePoint Member
    Join Date
    Sep 2010
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cheesedude View Post
    On success why don't you use PHP's header function to redirect them somewhere? Your use of the Javascript function history.back() is causing them to go back. You should definitely get rid of that, get rid of the Javascript altogether and just output a success message.
    Thank you, cheesedude. I didn't think of the header function. It is just what I need. Probably the reason I didn't think of it, every time I have used this function, I spend a lot of time finding offending white spaces in the code. Thanks much for the suggeston.

    I didn't understand why you suggest getting rid of the history.back(). Actually, I don't know why the author included it because it doesn't seem to do any thing. If you could explain this point a little more, I would appreciate it.

    Thanks again.

    Jim


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •