Basically if the user comes to the page they get a form where they type in their username. That then checks against the db and then adds a generated key to their row in the db and emails the key link to them. The link brings them back to the same page but with a different form asking to update their password.
This is where my problem lies. The script first checks if that key exists. Even though it does exist I keep getting the uh oh key does not exist error. I've read through it a few times, taken breaks and still can't get it. Hopefully someone here can catch the issue!
Snippet of the problem:
<?php
if ($_GET['do'] == "password") {
$forgetKeyEmail = mysql_real_escape_string($_GET['key']);
if ($forgetKeyEmail !== "") {
$keyQuery = mysql_query("SELECT * FROM users WHERE forgetKey = '$forgetKeyEmail' LIMIT 1");
$keyCheck - mysql_num_rows($keyQuery);
if ($keyCheck == 1) {
?>
form goes here to update password
<?php
if ($_GET['do'] == "update") {
$hasher = new PasswordHash(10, false);
$resetPasswdord = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
$resetPassword = $_POST['inputPassword'];
if ($_POST['inputPassword'] !== "") {
mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
echo "g";
?>
success message
<?php
}
else {
?>
empty field message
<?php
}
}
}
else{
?>
incorrect key message (what I keep getting)
<?php
}
}
}
Full code:
<?php
if ($_GET['do'] == "password") {
$forgetKeyEmail = mysql_real_escape_string($_GET['key']);
if ($forgetKeyEmail !== "") {
$keyQuery = mysql_query("SELECT * FROM users WHERE forgetKey = '$forgetKeyEmail' LIMIT 1");
$keyCheck - mysql_num_rows($keyQuery);
if ($keyCheck == 1) {
?>
<form method="POST"class="form-horizontal" action="?do=update&key=<?php echo $forgetKeyEmail; ?>" >
<div class="control-group">
<label class="control-label" for="inputPassword">New Password</label>
<div class="controls">
<input type="text" id="inputPassword" name="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Reset!</button>
</div>
</div>
</form>
<?php
if ($_GET['do'] == "update") {
$hasher = new PasswordHash(10, false);
$resetPasswdord = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
$resetPassword = $_POST['inputPassword'];
if ($_POST['inputPassword'] !== "") {
mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
echo "g";
?>
<div class="alert alert-success" style="margin:0;">
<strong>Woooo!</strong> Your password has been changed, you can now <a href="login.php">login.</a>
</div>
<?php
}
else {
?>
<div class="alert alert-error" style="margin:0;">
<strong>Woops!</strong> You need to fill out a password!
</div>
<?php
}
}
}
else{
?>
<div class="alert alert-error" style="margin:0;">
<strong>Uh oh!</strong> That key is incorrect.
</div>
<?php
}
}
}
elseif ($_GET['do'] == "reset") {
$resetUsername = mysql_real_escape_string($_POST['inputUser']);
if ($resetUsername !== "") {
$checkQuery = mysql_query("SELECT * FROM users WHERE username = '$resetUsername' LIMIT 1");
$checkExist = mysql_num_rows($checkQuery);
$userData = mysql_fetch_array($checkQuery);
$mailEmail = $userData['email'];
if ($checkExist == 1) {
$forgetKey = genRandomString() . genRandomString();
mysql_query("UPDATE users SET forgetKey = '$forgetKey' WHERE username = '$resetUsername'");
$message = "Hey there, ".$resetUsername." - We've received a request to reset your password. <br /><br /> Please click the following link to do so: <a href=\"http://localhost/vanilla/forgot.php?do=reset&key=".$forgetKey."\"";
echo $forgetKey;
mail($mailEmail, 'realvanil.la Password Reset', $message);
?>
<div class="alert alert-info" style="margin:0;">
An email has been sent to <strong><?php echo $userData['email']; ?></strong> with your reset information!
</div>
<?php
}
else {
?>
<div class="alert alert-error">
<strong>Uh oh!</strong> We can't seem to find an account with that username. Remember, it's your Minecraft username!
</div>
<form method="POST"class="form-horizontal" action="?do=reset" >
<div class="control-group">
<label class="control-label" for="inputUser">Username</label>
<div class="controls">
<input type="text" id="inputUser" name="inputUser" placeholder="Username">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Send Email!</button>
</div>
</div>
</form>
<?php
}
}
else {
?>
<div class="alert alert-error">
<strong>Uh oh!</strong> You need to tell us your username ;)
</div>
<form method="POST"class="form-horizontal" action="?do=reset" >
<div class="control-group">
<label class="control-label" for="inputUser">Username</label>
<div class="controls">
<input type="text" id="inputUser" name="inputUser" placeholder="Username">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Send Email!</button>
</div>
</div>
</form>
<?php
}
}
else {
?>
<form method="POST"class="form-horizontal" action="?do=reset" >
<div class="control-group">
<label class="control-label" for="inputUser">Username</label>
<div class="controls">
<input type="text" id="inputUser" name="inputUser" placeholder="Username">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Send Email!</button>
</div>
</div>
</form>
<?php
}
?>
you may want to edit you script so it does not have any syntax errors.
$keyCheck - mysql_num_rows($keyQuery);
change to
$keyCheck = mysql_num_rows($keyQuery);