samedi 1 avril 2017

How to stop "if(isset($_POST['form-submit']))" from redirecting after clicking Submit?

I have a serious problem about Password Recovery Program these days. While I was programing an if(isset($_POST['pass-submit'])) on reset.php?recoverykey=6602f445b4736ef3363a31e05750022d. When someone clicks Submit button of the form, it should stay at the same page for processing, i.e. on reset.php?recoverykey=6602f445b4736ef3363a31e05750022d. But instead it takes us to reset.php where no code would work because the variable recoverykey is empty. I want it to stay where it was even after clicking the Submit button so that PHP can check whether the Password and Confirm Password fields where same or incorrect according to the program.

Here's all my code in reset.php:

<?php
    ob_start();
    session_start();
?>
<!DOCTYPE html>
            <head>
                <meta name="robots" content="noindex" />
                <link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
                <title>Reset Password</title>
            </head>
<?php
    include('db-config.php');
    function show_change_pass_form(){
        ?>
                <form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
                    <h3>Change your Password</h3>
                    <label><span class="text-danger"><?php echo $passError ?></span><input type="password" placeholder="New Password" name="new-pass" required /></label>
                    <label><span class="text-danger"><?php echo $Con_passError; ?></span><input type="password" placeholder="Confirm Password" name="confirm-new-pass" required /></label>
                    <input type="submit" value="Change Password" name="pass-submit" />
                </form>
        <?php
    }
    $recovery_code = $_GET['recoverykey'];
    if(empty($recovery_code)){
        echo 'Looks like you landed elsewhere.';
    }
    $sql = "SELECT * FROM RegisteredMembers WHERE RecoveryCode='$recovery_code'";
    $result = mysql_query($sql);
    if($result){
        $count = mysql_num_rows($result);
        if($count==1){

            if( isset($_POST['pass-submit']) ){

                $pass = $_POST['new-pass'];
                $Con_pass = $_POST['confirm-new-pass'];

                    // Confirmation
                        if($pass==$Con_pass){
                            $sql1 = "UPDATE RegisteredMembers SET password = '$pass' WHERE RecoveryCode = '$recovery_code'";
                            $output = mysql_query($sql1);
                            echo $output;
                            $error = false;
                            $passError = "Password successfully changed. Feel free to Log In.";
                        } else if(!($pass==$Con_pass)){
                            $error = true;
                            $Con_passError = "The Password isn't matching. Be sure you remember the New Password.";
                        } else if(empty($pass)){
                            $error = true;
                            $passError = "Please do not keep the password empty.";
                        } else if(empty($Con_pass)){
                            $error = true;
                            $Con_passError = "Please do not keep this field empty.";
                        }
            }
            show_change_pass_form();

        } else if($count==0) {
            echo "No such recovery code, please don't try Spamming around!";
        }
    }
?>
<?php ob_end_flush(); ?>

Here's my code in forget.php (I added it though its not much necessary):

<?php

    ob_start();
    session_start();
    include('db-config.php');

    if(isset($_POST['forgot-submit'])){
        $recovery_user = $_POST['forgot-email'];
        $query = "SELECT * FROM RegisteredMembers WHERE userEmail='$recovery_user'";
        $output = mysql_query($query);
        $count = mysql_num_rows($output);
        $row = mysql_fetch_array($output);
        if($count==1){
            $error = false;

            // Mail the Recovery link
            $recovery_code = md5(uniqid(rand()));
            $mTo = $recovery_user;
            $mFrom = 'From: '.$website_details['name'].' Team '.'<'.$website_details['email'].'>';
            $mSubject = $website_details['name']." Account recovery Mail";
                // Message
                $mMsg[0] = "Hi ".$row['fname'].", \r\n";
                $mMsg[1] = "This is the password recovery email which you have requested just few minutes before. <b>(If you havn't requested, you may kindly ingnore this Email)</b>";
                $mMsg[2] = "Here's your <a href='$web_path/reset.php?recoverykey=$recovery_code'>Password Recovery Link</a>. Clicking it would allow you to change your existing password into a new one.";
                $mFinMsg = $mMsg[0].$mMsg[1].$mMsg[2];
            $sendRecMail = mail( $mTo , $mSubject , $mFinMsg , $mFrom );

            // Add recovery code to Database
            $mysql = "UPDATE RegisteredMembers SET RecoveryCode='$recovery_code' WHERE userEmail='$recovery_user'";
            $result = mysql_query($mysql);
            if($result){
                $error = false;
                $forgotEmailMsg = "Thanks, Check your Email for recovering your password.";
            } else{
                echo "Looks like there's a Disturbance and Load on server. Try again later.";
            }
        } else if(strlen($recovery_user)==0){
            $error = true;
            $forgotEmailMsg = "Please do not leave this field empty.";
        } else{
            $error = true;
            $forgotEmailMsg = "No such Email found in Database.";
        }
    }

?>
<!DOCTYPE html>
<html>
    <head>
        <meta name="robots" content="noindex" />
        <link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
        <title>Password Recovery</title>
    </head>
    <body>
        <form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
            <h3>Password Recovery</h3>
            <label><span class="text-danger"><?php echo $forgotEmailMsg; ?></span><input type="email" placeholder="Your registered Email" name="forgot-email" required /></label>
            <input type="submit" value="Next" name="forgot-submit" />
        </form>
    </body>
</html>
<?php ob_end_flush(); ?>

Forget.php is all okay but may be you can refer something from it.

Thanks in advance to the Stack Community. Hats off to everyone.

Aucun commentaire:

Enregistrer un commentaire