password reset form mysql and php

Question

can someone please help me my password reset form is a bit of a mess, im really new to php and mysql so please please dont blame me for getting it wrong. but i really do need some help with it please.

Basically it all works, it lets a user type in an email and then will send them a new password. ( i havnt attached the send email/password bit of code because i dont need help with that bit.) the only problem with this is it isnt checking the email, its not checking if the email exists in my database and it lets a user type in any email they want. but if they type an email thats not in the database i want it to say sorry no email of that type exists or something. i need to know how i can get it to check that the email the user types actually exists.

and then either says email sent or there was a problem.

<?php
    $page_title = "Login";
    include('includes/header.php');
    include ('includes/mod_login/login_form2.php'); 

    if(!isset($_GET['err']) || isset($_GET['err'])=='') {
    $_GET['err'] = '0';
    }       
    ?>

    <?   
    $html_form = "<form name=\"forgotpasswordform\" action=\"sendpassword.php\" method=\"post\">
              <table border=\"0\" cellspacing=\"0\" cellpadding=\"3\" width=\"100%\">
                <tr>
                  <td width=\"15%\">Email Address:</td>
                  <td><input name=\"forgotpassword\" type=\"text\" value=\"\" id=\"forgotpassword\" size=\"30\"/></td>
                </tr>
                <tr>
                <td>&nbsp;</td>
                </tr>
                 <tr>
                  <td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Submit\" class=\"mainoption\" /></td>
                </tr>
              </table>
            </form>";


    if ($_GET['err'] == '1') { //error if message is not filled ?>

            <? echo $html_form; ?>

       <?

    } else if ($_GET['err'] == '2') { // error if email is not found

        ?>
            <h1>&nbsp;</h1>
            <p>
            Email Not Found!
            </p>
            <br />
        <?

    } else if ($_GET['err'] == '3') { // EMAIL SENT :D

         ?>
            <h1>&nbsp;</h1>
            <p>
            Thanks! Your new password has been sent.
            </p>
            <br />
        <?

    } else if ($_GET['err'] == '0') { // otherwise print email form 
       ?>


            <? echo $html_form; ?>    


        <? 
    }

    ?>

then we link to sendpassword.php:

<?php

/**
 * ShuttleCMS - A basic CMS coded in PHP.
 * Password Reset - Used for allowing a user to reset password
 * 
 * @author Dan <dan@danbriant.com>
 * @version 0.0.1
 * @package ShuttleCMS
 */
define('IN_SCRIPT', true);
// Start a session
session_start();

//Connect to the MySQL Database
include 'includes/_config/connection.php';


/*
 * Checks form field for email  
 */

if ($_POST['forgotpassword']=='') {
        header('Location: http://localhost/ptb1/recover_password.php?err=1');
}
if(get_magic_quotes_gpc()) {
        $forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
} 
else {
        $forgotpassword = htmlspecialchars($_POST['forgotpassword']);

}


/*
 * Checks if the email exists
 */

$sql = "SELECT COUNT(*) FROM ptb_users WHERE email = '$forgotpassword'";
$result = mysql_query($sql)or die('Could not find member: ' . mysql_error());

if (!mysql_result($result,0,0)>0) {
    header('Location: http://localhost/ptb1/recover_password.php?err=2');
}

Answer 1

You're looking for something like this:

if(mysql_num_rows($result)) {
    // user found
} else {
    // no user found
}

Keep in mind your code is open to sql injection and you shouldn't be using the mysql_ extension. Use PDO instead.