I am having an issue with my forgot password page. When i enter in my email address and click submit i am brought to a blank page and an email with my password is not sent. Any help is appreciated. Thanks!
<?php
include 'db.php';
if(isset($_POST['submit']))
{
$email_address=$_POST['email_address'];
$q=mysql_query("select * from login where email_address='".$email_address."' ") or die(mysql_error());
$p=mysql_affected_rows();
if($p!=0)
{
$res=mysql_fetch_array($q);
$to=$res['email_address'];
$subject='YNAGS Password Recovery';
$message='Your password : '.$res['password'];
$headers='From:password_reset@ynags.com';
$m=mail($to,$subject,$message,$headers);
if($m)
{
echo'Check your inbox in mail';
}
else
{
echo'mail is not send';
}
}
else
{
echo'You entered mail id is not present';
}
}
?>
I am not quite sure what this is here:
$q=mysql_query("select * from login where email_address='".$email_address."' ") or die(mysql_error());
mainly the login part of this statement.
1. We should know the code from db.php (obviously without the sensitive data).
2. Try something like this:
db.php
<?php
define("HOST", "your host");
define("USER", "db user name");
define("NAME", "db name");
define("PASSWORD", "password");
?>
forgot.php
<?php
include("db.php");
if(isset($_POST['email_address'])){
$email_address = $_POST['email_address'];
$con = mysqli_connect(HOST, USER, PASSWORD, NAME);
$sql = "SELECT * FROM login WHERE email_address = '".$email_address."'";
if(mysqli_affected_rows(mysqli_query($con, $sql)) != 0){
$res = array();
$res = mysqli_fetch_array(mysqli_query($con, $sql));
$to = $res['email_address'];
// and so on ...
}else{
echo "Email not found";
}
}else{
echo "Form not submitted";
}
?>