Jump to content
Larry Ullman's Book Forums

Please Need Help With My User Registration Site


Recommended Posts

Dear All,

 

Kindly help me out. I am now learning PHP and need help.

 

Currently following the example in Chapter 16; trying to tweak script to send an email also to the user when they Change password.

 

i.e Apart from what happens in the book, where after the 'Change My Password' button is clicked, I want an email to the send to the user also.

 

I am running this code:

 

 

$body = "The password for your account - '$e' - was recently changed.

If you made this change, you don't need to do anything more.

 

mail ('albert@localhost.com', 'Account password changed.', $body, 'From: postmaster@localhost.com');

 

The email is hard-coded here but It would be really neat if the user's email address to be added automatically.

 

Please help.

 

I am currently running PHP version 5.4.0; MySQL version 5.5.22

 

Many thanks,

Albert

Link to comment
Share on other sites

I don't have this book so I'm not sure what data you are using to change the password. If $e is the email address of the user who is changing the password, use that in your mail:

 

mail($e, 'Account password changed.', $body, 'From: postmaster@localhost.com');

Link to comment
Share on other sites

Hello Margaux,

 

Thanks a lot for your response.

 

I have already tried this code and it did not work.

 

I think the issue is that $e is not define in my code. I would be really grateful if I could get ideas on how to define variable $e to be assigned to a user's email address. That way, when the password is changed the user's email address is automatically picked and added to the mail ().

 

Many thanks,

Albert.

Link to comment
Share on other sites

Not sure, but in your original post, you defined $body as follows:

 

$body = "The password for your account - '$e' - was recently changed.

If you made this change, you don't need to do anything more.

 

Does your $body definition in your code end with ";?

Link to comment
Share on other sites

I can't tell if you got this to work or not. If so ignore the rest of the response.

 

At some point in the user registration process you must have collected the user's email address? and created a record for the user which uniquely identifies him and stored his details in the d/b? For the user to change his password, he must input some details which you can use to access his info from the database including his email address. For example, if he is required to enter a password and username to change his password you can do something like

$r = ($dbconn, "SELECT email FROM users WHERE username = $_POST['username'] AND password=SHA1($_POST['password']) LIMIT 1");
if (mysqli_num_rows($r) == 1) {
list($email) = $mysqli_fetch_array($r, MYSQLI_NUM)
}

 

Then you can use $email in your mail() function. Not sure if the above helps, but as I don't know the full code, its difficult to know what you have to work with. I skipped a few steps, particularly security ones, so if you have any questions on the above, feel free to comment.

Link to comment
Share on other sites

Its still not working.

 

My change password page shows two password fields. The user can change their password, making sure that passwords entered in both fields match. After this, user is informed that the password has been successfully changed. The code therefore looks like so:

 

 

if (preg_match ('/^(\w){4,20}$/', $_POST['password1']) ) {

if ($_POST['password1'] == $_POST['password2']) {

$p = mysqli_real_escape_string ($dbc, $_POST['password1']);

} else {

echo '<p class="error">Your password did not match the confirmed password!</p>';

}

} else {

echo '<p class="error">Please enter a valid password!</p>';

}

 

if ($p) {

 

$q = "UPDATE users SET pass=SHA1('$p') WHERE user_id={$_SESSION['user_id']} LIMIT 1";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

if (mysqli_affected_rows($dbc) == 1) {

 

 

echo '<h3>Your password has been changed.</h3>';

mysqli_close($dbc);

 

 

exit();

 

} else { // If it did not run OK.

 

echo '<p class="error">Your password was not changed. Make sure your new password is different than the current password. Contact the system administrator if you think an error occurred.</p>';

 

}

 

mysqli_close($dbc);

 

 

What I would like to do (in addition to echo '<h3>Your password has been changed.</h3>'; ) is to send an email informing the user that their password has changed.

 

I really appreciate any help you can give me on this.

 

Thank you.

Link to comment
Share on other sites

A couple of things occurred to me today:

 

1) I think you should change localhost.com to just localhost. I'm pretty sure that's right.

 

2) I remember having a heck of a time trying to set up the mail server in XAMPP to send emails to Gmail addresses. Point being, it might be best to avoid localhost email addresses to start with, as they might involve extra settings. Perhaps start with more standard addresses for testing purposes, and slowly work your way up to localhost addresses. I can't imagine you'll need to use localhost addresses for your actual application anyway.

Link to comment
Share on other sites

It's not clear what your problem is which you need to work out. What's not working? Are you getting error messages? Is your issue with sending emails from XAMPP or that you are not able to assign an email address to your variable $e? In my previous post, I suggested some code. What does 'not working' mean? When you run your script, what happens? It would help if you gave more information e.g. what does your database look like? Since we don't have the book, you have to provide this info.

Link to comment
Share on other sites

Please find below my code:

 

 

require_once ('includes/config.inc.php');

$page_title = 'Change Your Password';

include ('includes/header.html');

 

// If no first_name session variable exists, redirect the user:

if (!isset($_SESSION['first_name'])) {

 

$url = BASE_URL . 'index.php'; // Define the URL.

ob_end_clean(); // Delete the buffer.

header("Location: $url");

exit(); // Quit the script.

 

}

 

if (isset($_POST['submitted'])) {

require_once (MYSQL);

 

// Check for a new password and match against the confirmed password:

$p = FALSE;

if (preg_match ('/^(\w){4,20}$/', $_POST['password1']) ) {

if ($_POST['password1'] == $_POST['password2']) {

$p = mysqli_real_escape_string ($dbc, $_POST['password1']);

} else {

echo '<p class="error">Your password did not match the confirmed password!</p>';

}

} else {

echo '<p class="error">Please enter a valid password!</p>';

}

 

if ($p) { // If everything's OK.

 

// Make the query.

$q = "UPDATE users SET pass=SHA1('$p') WHERE user_id={$_SESSION['user_id']} LIMIT 1";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

 

// Send an email, if desired.

 

echo '<h3>Your password has been changed.</h3>';

mysqli_close($dbc); // Close the database connection.

include ('includes/footer.html'); // Include the HTML footer.

exit();

 

} else { // If it did not run OK.

 

echo '<p class="error">Your password was not changed. Make sure your new password is different than the current password. Contact the system administrator if you think an error occurred.</p>';

 

}

 

} else { // Failed the validation test.

echo '<p class="error">Please try again.</p>';

}

 

mysqli_close($dbc); // Close the database connection.

 

} // End of the main Submit conditional.

 

?>

 

<h1>Change Your Password</h1>

<form action="change_password.php" method="post">

<fieldset>

<p><b>New Password:</b> <input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p>

<p><b>Confirm New Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>

</fieldset>

<div align="center"><input type="submit" name="submit" value="Change My Password" /></div>

<input type="hidden" name="submitted" value="TRUE" />

</form>

 

<?php

include ('includes/footer.html');

?>

 

I need help suggestions as to how to send an email - using the customers registered email address - to the user after a successful password change.

 

Database stores email information in a table called users and a column called e_mail.

 

Thanks

Link to comment
Share on other sites

Thanks Larry. I used this query to retrieve email from the db:

 

 

$e = "SELECT email FROM users WHERE user_id={$_SESSION['user_id']} LIMIT 1";

$r = @mysqli_query ($dbc, $e) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

 

if (mysqli_affected_rows($dbc) == 1)

 

 

// Send email

$body = "The password for your account - '$e' - was recently changed.

If you made this change, you don't need to do anything more.

 

If you didn't change your password, your account might have been hijacked. To

get back into your account, you'll need to reset your password.";

 

mail ('$e', 'Account password changed.', $body, 'From: postmaster@localhost.com');

 

However when I try to reference $e in the mail() function I get an error like so: An error occured in script on line 70: mail(): SMTP server response: 553 Invalid RFC821 mailbox specification.

 

Can you please point me in the right direction?

 

Many thanks for your help.

Link to comment
Share on other sites

Two things:

1) The $e variable does not contain a valid email address, it contains an SQL statement.

2) Assuming $e contained a valid email address, you shouldn't place single quotation marks around it in the mail function.

 

Here are some tips:

 

Within the if (mysqli_affected_rows($dbc) == 1) statement, add the following:

 

$row = mysqli_fetch_array($r, MYSQLI_NUM);
$e = $row[0];
// Now $e contains a valid email address (assuming the info retrieved from the DB is valid).

mail($e, 'Account password changed.', $body, 'From: postmaster@localhost.com');
// Notice the lack of single quotation marks around the $e variable.

 

That help?

Link to comment
Share on other sites

  • 3 weeks later...
 Share

×
×
  • Create New...