hii…
PHP Code:
<?php
$key = substr(base64_encode(crypt(‘’, ‘’)), 0, 32);
$key = mysql_real_escape_string($key);
$query1=“INSERT INTO ss_customers (key) VALUES (‘{$key}’) WHERE customerID=‘8’”;
Try that
yes, i tried that… but i cannot see any key inserted into the DB…
thats fine, i’ve a doubt now regarding URL parameters…
now i need to GET those parameters which i’m sending to a particular user via URL.
$URL. “resetpassword.php?Login=” . urlencode($Login) . "&key=$key
"
after clicking the above URL, user will be shown a password update form, after entering passwords correctly, form action for the resetpassword page is updatepassword, where in update password page, i need to check for Login in DB and matches it with URL’s Login then if both are validated then the password will be updated else an error message “your userid not matched with the URL”
how to get parameters from that URL and match them with DB??
here is my resetpassword.php code
<?php
session_start();
$Login = $_GET['Login'];
//echo $Login;
//exit();
$customerID = $_GET['customerID'];
$Login = $_SESSION[$_GET['Login']];
?>
<HTML>
<HEAD>
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; CHARSET=UTF-8">
<META HTTP-EQUIV="CONTENT-SCRIPT-TYPE" CONTENT="text/javascript">
<TITLE>Password Change Form</TITLE>
<script>
form_submitted=false
function ValidationError(form, Invalid, error_message, focus)
{
alert(error_message)
if(form[focus].focus)
form[focus].focus()
}
function ValidateForm(theform)
{
var e='There were problems with your input:\
\
', i={}, f='', r, s
r=theform['newpassword']
r.className=''
r=theform['confirm']
r.className=''
if(!i['newpassword']
&& (theform['newpassword'].value==''))
{
r=theform['newpassword']
r.className='invalid'
if(e=='There were problems with your input:\
\
')
f='newpassword'
else
e+='\
\
'
e+=(i['newpassword']='==> Please enter your new password.')
}
if(!i['newpassword']
&& ((theform['newpassword'].value.search
&& theform['newpassword'].value.search(new RegExp('^[a-zA-Z]','g'))==-1)))
{
r=theform['newpassword']
r.className='invalid'
if(e=='There were problems with your input:\
\
')
f='newpassword'
else
e+='\
\
'
e+=(i['newpassword']='==> The new password must start with a letter.')
}
if(!i['newpassword']
&& (theform['newpassword'].value.length<8))
{
r=theform['newpassword']
r.className='invalid'
if(e=='There were problems with your input:\
\
')
f='newpassword'
else
e+='\
\
'
e+=(i['newpassword']='==> The Password must contain atleast 8 characters.')
}
if(!i['newpassword']
&& (theform['newpassword'].value.length>14))
{
r=theform['newpassword']
r.className='invalid'
if(e=='There were problems with your input:\
\
')
f='newpassword'
else
e+='\
\
'
e+=(i['newpassword']='==> The Password must not exceed 15 characters.')
}
if(!i['confirm']
&& (theform['confirm'].value==''))
{
r=theform['confirm']
r.className='invalid'
if(e=='There were problems with your input:\
\
')
f='confirm'
else
e+='\
\
'
e+=(i['confirm']='==> Please enter your confirmation password.')
}
if(!i['confirm']
&& (theform['confirm'].value!=theform['newpassword'].value))
{
r=theform['confirm']
r.className='invalid'
if(e=='There were problems with your input:\
\
')
f='confirm'
else
e+='\
\
'
e+=(i['confirm']='==> Passwords do not match.')
}
if(e!='There were problems with your input:\
\
')
{
ValidationError(theform, i, e, f)
form_submitted=false
return false
}
return true
}
</script>
</HEAD>
<body BGCOLOR="#FFFFFF" TEXT="#252525" VLINK="#990000" ALINK="#990000" LINK="#990000" onload="document.forms['changepassword']['password'].focus()" >
<BR>
<TABLE WIDTH="770" BORDER="0" CELLSPACING="2" CELLPADDING="4" ALIGN="CENTER" >
<TR>
<TD>
<P CLASS="headerbanner">
Password Change Form
</P>
<FORM NAME="changepassword" METHOD="POST"
ACTION="updatepassword.php" onsubmit="return ValidateForm(this)">
<TABLE CELLPADDING="2" ALIGN="CENTER"
SUMMARY="Secondary table holds input fields and buttons" >
<TR>
<TD CLASS="text">
<SPAN STYLE="font-weight: bold;" >
New Password:
</SPAN>
<BR>
<INPUT TYPE="PASSWORD" CLASS="password" NAME="newpassword" MAXLENGTH="15" SIZE="30">
</TD>
</TR>
<TR>
<TD CLASS="text">
<SPAN STYLE="font-weight: bold;">
Confirm New Password:
</SPAN>
<BR>
<INPUT TYPE="PASSWORD" NAME="confirm" MAXLENGTH="15" SIZE="30">
</TD>
</TR>
</TABLE>
<BR>
<CENTER>
<button type="submit" align="center" OnMouseover="window.status='Change Password';return true;" OnMouseout="window.status=' ';"/><img src="http://localhost/MyDreamProject/images/pwd.gif" alt=""/>
Save Password-></button>
<button type="reset" align="center" OnMouseover="window.status='Refresh Page';return true;" OnMouseout="window.status=' ';"/><img src="http://localhost/MyDreamProject/images/refresh.png" alt=""/>
Reset</button>
</CENTER>
</TD>
</TR>
</FORM>
</TABLE>
<div id='DetachDiv' height=0 width=0 frameborder=0></div>
</BODY>
</HTML>
here’s my update password.php (form action script for resetpassword.php page)
<?php
session_start();
$Login = $_GET['Login'];
//echo $Login;
//exit();
//Connect to mysql server
$link=mysql_connect("localhost","root","");
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db=mysql_select_db("blackerdread");
if(!$db) {
die("Unable to select database");
}
if(!get_magic_quotes_gpc())
{
$Login = stripslashes($_POST['Login']);
$row['customerID'] = stripslashes($_POST[$row['customerID']]);
$newpassword = stripslashes($_POST['newpassword']);
$confirm = stripslashes($_POST['confirm']);
}else{
$Login = $_POST['Login'];
$row['customerID'] = $_POST[$row['customerID']];
$newpassword = $_POST['newpassword'];
$confirm = $_POST['confirm'];
}
$encrypt1 = base64_encode($newpassword);
//echo $encrypt1;
//$decode = base64_decode($encrypt1);
//echo $decode;
//exit();
$key = $_POST['key'];
$query1 = "select Login FROM ss_customers WHERE key='".$_SESSION['key']."' and Login='".$Login."'";
$result = mysql_query($query);
if($newpassword == $confirm)
{
$query = "UPDATE ss_customers Set cust_password='$encrypt1' where Login='".$Login."'";
$result = mysql_query($query);
//echo $query;
//exit();
//update the password in the session so you don't have to logoff
//$_SESSION["password"] = $encrypt1;
//echo an confirm.
echo "password updated";
exit;
}
else{
echo "you are not authorized to change passowrd!";
exit;
}
?>
my task will be completed if i can match URL’s login with the DB login and URL’s key with DB’s key…
can you please suggest me…
many thanks for the comeback.