1

My form isn't processing. Once I've entered details or even if not, I'm getting the else statement echo "Your password reset key is invalid" on line 95. The key is correct but...

I think there's an issue with the if statement on lines 160-164 for the value of the input tag. I think it needs wrapping in a php tag, but am not sure what's wrong...?

Hope someone can help. Thanks.

<?php

$objForm = new Form();
$objValid = new Validation($objForm);
$objUser = new User();


// Was the form submitted?
if (isset($_POST["ResetPasswordForm"]))
{

        // Form Fields Check
        if ($objForm->isPost('email')) {

            $objValid->_expected = array(
            'email',
            'password',
            'confirm_password'

            );

            $objValid->_required = array(
                'email',
                'password',
                'confirm_password'

                );


            $objValid->_special = array(
                'email' => 'email'
                );


            $objValid->_post_remove = array(
                'confirm_password'
                );


            $objValid->_post_format = array(
                'password' => 'password'
                );

            $email = $objForm->getPost('email');
            $user = $objUser->getByEmail($email);

            if (empty($user)) {
                $objValid->add2Errors('e-mail_not_found');
            }

        }


    // Gather the post data
        $email = $_POST["email"];
        $password = $_POST["password"];
        $confirmpassword = $_POST["confirmpassword"];
        $hash = $_POST["q"];    


    // validate password
    $password = $objForm->getPost('password');
    $confirmpassword = $objForm->getPost('confirmpassword');

    if (!empty($password) && !empty($confirmpassword) && $password != $confirmpassword) {
        $objValid->add2Errors('password_mismatch');
    }

    // Use the same salt from the forgot_password.php file
    $salt = "---blank for demo---";

    // Generate the reset key
    $resetkey = hash('sha512', $salt.$email);

    // Does the new reset key match the old one?
    if ($resetkey == $hash)
    {
        if ($password == $confirmpassword)
        {
            //hash and secure the password
            $password = hash('sha512', $password);

            // Update the user's password
                $query = $conn->prepare('UPDATE clients SET password = :password WHERE email = :email');
                $query->bindParam(':password', $password);
                $query->bindParam(':email', $email);
                $query->execute();
                $conn = null;
            Helper::redirect('/?page=password_changed');
        }
        else
            $objValid->add2Errors('password_mismatch');
    }
    else
        echo "Your password reset key is invalid.";
}


require_once('_header.php'); ?>

<div id="cat_prod"><h1>- CHANGE PASSWORD -</h1></div>

    <br /><br />


    <form action="" method="POST">

        <table cellpadding="0" cellspacing="0" border="0" class="tbl_insert">

            <tr>

                <th>
                    <label for="email">E-mail : *</label>
                </th>

                <td>
                    <?php echo $objValid->validate('e-mail_not_found'); ?>
                    <input type="text" name="email" id="login_email" class="fld" 
                    value="<?php echo $objForm->stickyText('e-mail_not_found'); ?>" /> 
                </td>

            </tr>

            <tr>

                <th>
                    <label for="password">Password : *</label>      
                </th>

                <td>
                    <?php echo $objValid->validate('password'); ?>
                    <?php echo $objValid->validate('password_mismatch'); ?>
                    <input type="password" name="password" id="password" class="fld" value="" />
                </td>

            </tr>

            <tr>

                <th>
                    <label for="confirm_password">Confirm Password : *</label>      
                </th>

                <td>
                    <?php echo $objValid->validate('confirm_password'); ?>
                    <input type="password" name="confirmpassword" id="comfirm_password" class="fld" value="" />
                </td>

            </tr>


            <tr>

                <th>
                     
                </th>

                <td>
                    <label for="change_pass" class="sbm_blue fl_l">
                    <input type="hidden" name="q" value="';
                                if (isset($_GET["q"])) {                        
                                echo $_GET["q"];                            
                            }                           
                                echo '" />
                    <input type="submit" name="ResetPasswordForm" id="btn_login" class="btn" value=" Reset Password " />
                    </label>
                </td>

            </tr>


        </table>

    </form>


<?php require_once('_footer.php'); ?>
Improve this question
12
  • Do you have error reporting turned on for your code? Are you getting any error messages? stackoverflow.com/questions/845021/… Commented Sep 11, 2015 at 20:13
  • Are you sure the values are getting passed from one part of the page to another ? Commented Sep 11, 2015 at 20:13
  • 2
    How do you know the values are the same? It looks like the q will have raw PHP in it. That should be in php blocks. value="'; if (isset($_GET["q"])) { echo $_GET["q"]; } echo '" /> Commented Sep 11, 2015 at 20:17
  • I added error_reporting(-1); ini_set('display_errors', 'On'); to the top of my page but don't get anything showing. Commented Sep 11, 2015 at 20:17
  • 1
    Please update your code. Where is $conn defined? Commented Sep 11, 2015 at 20:53

1 Answer 1

Reset to default
2

probably you have some typo. Try it like this.

<input type="hidden" name="q" value="<?php echo isset($_GET["q"]) ? $_GET["q"]: '' ;?>"/>
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

She'll have to escape those double quotes.
I know the if statement is correct as it previously worked when I wrapped the form, so yes maybe something is up...? Doing it your way I just get a fatal error... Notice: Undefined variable: conn in /reset_password.php on line 84 Fatal error: Call to a member function prepare() on a non-object in /reset_password.php on line 84 Btw, I'm Male :) Blame the parents... Lol
Escaping the quotes renders the page blank.
can you do echo print_r($conn, true); before line $query = $conn->prepare(.... just to see if there is an object
so you have no connection, check the code where you creating the connection, It could be that the server is down
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.