Forgot password connect to email successfully

Question

I want to connect my forgot password on client email address and I'd try it, it's doesn't work. Please help on this, maybe I got a problem on its code.

Here's my PHP code:

forgotpassform.php

 <?php
    session_start();
    require_once('config.php');

$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
      mysql_select_db($mysql_database, $bd) or die("Could not select database");

$email=$_POST['email'];
$username=$_POST['username'];

$sql = mysql_query("SELECT email, fname, lname, password, minitial, username FROM reg_form_students where username='$username'") 
or die(mysql_error());  
$row = mysql_fetch_array($sql);
$rownum = mysql_num_rows($sql);

 $to= $row['email']; 
 $subject= "Online Library System Password Retrieval MESSAGE"; 
if(!$rownum  ) {
echo "We can not find your email";
}
if($rownum ==1  ){

$message   .= "Your account details:" . "\n\n";

$message   .= "Username:". "   " . $row['username']. "\n\n";

$message   .= "Name:". "   " . $row['lname'] . ", ". $row['fname'] . ", ". $row['minitial'] . "\n\n";

$message   .= "Password:". "   " . $row['password']. "\n\n";

 $header = "";    

 $sent =  mail($to,$subject,$message,$header);


if($sent)
{
print "Your password has been sent to your e-mail address </br>" ;

}

}
?>

and my HTML:

forgotpass.php

<!doctype html>
 <html>
  <head id="headm">
   <meta charset="utf-8">
<link rel="shortcut icon" href="images/logo.png">
<link rel="stylesheet" type="text/css" href="Styles/Master.css"  />
<link rel="stylesheet" type="text/css" href="Styles/menu.css"  />
<link href="Styles/demo7.css" type="text/css" rel="stylesheet" />
<script src="Scripts/jquery.slides.min.js" type="text/javascript"></script>
<script src="Scripts/jquery-2.1.0.min.js" type="text/javascript"></script>
<script type="text/javascript" src="Scripts/jquery.js"></script>
<script type="text/javascript" src="Scripts/menu.js"></script>


<title>Saint Francis of Assisi College Online Library System</title>

<style type="text/css">

html { background:#000; }
div#menu { margin:65px 0 0 40px; }
</style>
<script>
              $(function () {
            $(document).scroll(function () {
                if ($(this).scrollTop() != 0) {
                    $('#toTop').fadeIn();
                } else {
                    $('#toTop').fadeOut();
                }
            });

            $('#toTop').click(function () {
                $('body,html').animate({ scrollTop: 0 }, 800);
            });
        });

</script>
</head>


<body>
<div id="toTop">Back to Top</div>

<div class="Master">

        <div class="Header">
            <div class="HeaderContent">
                        <div class="quicklinks">
                        <ul class="qlinks" style="margin-right: 0px;">
                        <li><a href="libsystem.php" target="_blank" onclick="_gaq.push(['_trackEvent', 'Header', 'Library']);
">Our Library</a></li>
                        <li class="divider">|</li>
                        <li class="drop" style="width:auto;">About Library System

                            <div class="down">
                                <div>
                                <a href="TeamPaper.html" title="TeamPaper">Developers</a>
                                <a href="Advice.html" title="User Friendly">For Users</a>
                                 <a href="mvision.html" title="Mission and Vision">Mission and Vision</a>

                                </div>
                            </div>
                        </li>

                        <li class="divider">|</li>
                        <li class="drop">OtherLinks

                            <div class="down">
                                <div>
                                <a href="http://www.stfrancis.edu.ph/" target="_blank" onclick="_gaq.push(['_trackEvent', 'Header', 'SFAC Main']);
">SFAC Main Website</a>

                                <a href="http://stfrancisbacoor.site40.net/" target="_blank" onclick="_gaq.push(['_trackEvent', 'Header', 'SFAC Bayanan']);
">SFAC Bayanan</a>


                                </div>
                            </div>
                        </li>
                        <li class="divider">|</li>
                        <li><a href="myprofile.php" target="_blank" onclick="_gaq.push(['_trackEvent', 'Header', 'MyProfile']);
">MyProfile</a></li>
                        <li class="divider">|</li>
                        <li><a href="https://hotmail.com/" target="_blank" onclick="_gaq.push(['_trackEvent', 'Header', 'myE-Mail']);
">MyE-Mail</a></li>
                    </ul>
                </div>
            </div>
        </div>
      </div>


      <div class="main"> 
            <div class="banner">
<table width="1160" height="858" border="0">
  <tr>
  <div class = "header">
    <td width="229" height="146" align="center"><a href = "index.html" title = "SFAC Homepage"><img src="images/SFAC.png" width="147" height="142"></a></td>
    <td width="1015">&nbsp;<img src = "images2/banner4.jpg" width="900"></td>

    </div>
  </tr>
  <tr>
    <td align="left" valign="top"><table width="160" height="170" border="0">
    <tr>
     <div id="menu">
    <ul class="menu">
        <li><a href="index.html"><span>Home</span></a></li>
        <li><a href="gallery.php"><span>Gallery</span></a></li>
        <li><a href="search.php"><span>Search Books</span></a></li>
        <li class="last"><a href="aboutus.php" class="parent"><span>About</span></a>
        <div><ul>
                <li><a href="mvision.html"><span>Mission and Vision</span></a></li>
                <li><a href="libsystem.php"><span>Our Library</span></a></li>
                <li><a href="TeamPaper.html"><span>Developers</span></a></li>
                <li><a href="Advice.html"><span>For Users</span></a></li>
            </ul></div>
        </li>
    </ul>
</div>

</tr>
<tr>
<td>
</tr>
    </table>
      </td>
    <td align="left"><table width="900" height="117" border="0">
      <tr align="left">
        <td>&nbsp;

        <center>
        <h4 style="margin-left: 280px">Online Library System Password Retrieval</h4>
        <form action="<?php $_SERVER['PHP_SELF'];?>" method="POST" style="margin: 0px" >
        <fieldset>
        <p style="font-weight: bold; text-align:center">Please enter your username:</p><p style="text-align:center"><label for="username"><input name="username" type="text" /></label></p>
        <p style="text-align:center"><input name="submit" type="submit" value="Submit" /></p>
        </fieldset>
        </center>
        </form>

</td>
      </tr>
    </table>
      <div align="right"><br>
        <table width="213" height="419" border="0">
          <tr>

            <th width="267" align="center" valign="top" scope="col">&nbsp;
         </th>
          </tr>
        </table>
      </div>
      <p>&nbsp;</p>
    </td>
  </tr>
</table>
</div>
</div>
<div class = "area">
<div id = "footer">
<font color="#FF0000">Copyright &copy; TeamPaper 2013  </font>|<a href="#" title="Terms of Use "font-family: Arial;"> Terms of use</a>
</div>
</div>

</div>
</map>
</body>
</html>

Answer 1

Here's my update, I still working on it and it worked but it show "We can not find your email".

<?php
    session_start();
    require_once('config.php');

$username=$_POST['fp'];

$sql = mysql_query("SELECT * FROM reg_form_students where User_Name='".$username."'") 
or die(mysql_error());  
$row = mysql_fetch_array($sql);
$rownum = mysql_num_rows($sql);

if($rownum > 0)
{
$to= $row['E_Mail']; 

$subject= "SFAC-OPAC Password Retrieval MESSAGE";

$message   .= "Your account details:" . "\n\n";

$message   .= "Username:". "   " . $row['User_Name']. "\n\n";

$message   .= "Name:". "   " . $row['Last_Name'] . ", ". $row['Name'] . ", ". $row['Middle_Name'] . "\n\n";

$message   .= "Password:". "   " . $row['Password']. "\n\n";

$from = "From: admin@teampaper.com";    

mail($to,$subject,$message,$from);

echo "Your password has been sent to your e-mail </br>" ;

}

else
{
echo "We can not find your email";
}
?>

Answer 2

Please make sure, if you run the code in Local please set your SMTP authentication & host configuration in PHP.ini file.

Your code

if(!$rownum  ) {
echo "We can not find your email";
}
if($rownum ==1  ){

Change to :

if(!$rownum  ) {
echo "We can not find your email";
}
else
{
$to= $row['email']; 
$subject= "Online Library System Password Retrieval MESSAGE";

Based on your information :

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: YES) in /home/a4664463/public_html/forgotpass.php on line 144

The problem seems from your authentication to connecting to DB. Make sure you correctly type your username & password.

Try this update:

if($rownum > 0)
{
$to= $row['email']; 
$subject= "Online Library System Password Retrieval MESSAGE";
}
else
{
echo "We can not find your email";
}

Answer 3

Emailing the password to the user is not a good way instead let the user reset the password by sending a link to the email address provided.

Below is the mysqli prepared version of the better approach.

create a table called "lost_password" with columns, id, user_id, token.

The below script might need a little fix but it is a better way than sending the password directly and one thing, since you are sending password to the user that means your are saving the plain password in db which is not recommended. Rather you should save the hash and if you want to do that you need to follow the below approach.

request_password.php

<?php
$db = new mysqli("localhost", "root", "password", "database_name");
if(isset($_POST['submit'])){
    $email = $_POST['email'];
    $stmt = $db->prepare("SELECT * FROM `users` where `email` = ?");
    $stmt->bind_param('s', $email);
    $stmt->execute();
    $res = $stmt->get_result();
    if($res->num_rows < 1){
        echo "No such email has been found";
    }
    else{
    $fetch = $res->fetch_assoc();
    $userid = $fetch['id'];
    $token = bin2hex(openssl_random_pseudo_bytes(45));
    $url = 'http://yourwebsite.com/passwordreset.php?token='.$token;

    if(mail($email, $url, $from)){
    $stmt = $db->prepare("INSERT INTO `lost_password`(user_id, token) values(?,?)");
    $stmt->bind_param('is', $userid, $token);
    $stmt->execute();
    if($stmt->affected_rows == 1){
       echo "We have emailed you instructions on how to reset your password";
     } 
    else{
     echo "there was an error";
     }
   }
  }
}
?>
<form action="" method="post">
<<input type="email" name="email">
input type="submit" name="submit">
</form>

reset_password.php

if($_GET['token']){
 $display_form = 0;
$stmt = $db->prepare("select * from `lost_password` where token = ? and `time` >= DATE_SUB(NOW(), INTERVAL 1 DAY");
 $stmt->bind_param('s', $_GET['token']);
 $stmt->execute();
 $result = $stmt->get_result();
 if($result->num_rows < 1){
    echo "link has expired or token doesn't match the one we have on record";
 }
 else{
     $display_form =1;
     if(isset($_POST['submit'])){
     $fetch = $res->fetch_assoc();
     $id = $fetch['id'];
     $hash = password_hash($newpass, PASSWORD_BCRYPT, array('cost' => 10));
     $stmt = $db->prepare("update `users` set `password` = ? where `id` = ?");
     $stmt->bind_param('ss', $hash, $id);
     $stmt->execute();
     if($stmt->affected_rows ==1){
        echo "you have reset your password successfully";
      }
   }
 }
}
if($display_form == 1){?>
    <form action="" method="post">
    <input type="text" name="newpass">
    <input type="submit" name="submit">
    </form>
<?php } ?>