php forgot password page

I got this code from a website and I have been altering it to fit my needs. The problem that I am facing is that the password reset page is not firing a new password off by php mail but instead it is refreshing the page and the user is stuck on a php include file and not the site.

I know some php but this seems to be beyond me. After 12+hrs of trying different things I am asking for help :)

I hope its 开发者_Python百科an easy fix. Thanks in advance for your help and code snippets.

<?php 
include 'dbc.php';
/******************* ACTIVATION BY FORM**************************/
if ($_POST['doReset']=='Reset')
{
$err = array();
$msg = array();

foreach($_POST as $key => $value) {
    $data[$key] = filter($value);
}
if(!isEmail($data['user_email'])) {
$err[] = "ERROR - Please enter a valid email"; 
    header("Location: index.html?p=unknownuser");
}

$user_email = $data['user_email'];

//check if activ code and user is valid as precaution
$rs_check = mysql_query("select id from users where user_email='$user_email'") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num <= 0 ) { 
    $err[] = "Error - Sorry no such account exists or registered.";
    header("Location: index.html?p=unknownuser");
    //exit();
    }


if(empty($err)) {

$new_pwd = GenPwd();
$pwd_reset = PwdHash($new_pwd);
//$sha1_new = sha1($new);   
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE 
                         user_email='$user_email'") or die(mysql_error());

$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);                         

//send email

$message = 
"Here are your new password details ...\n
User Email: $user_email \n
Passwd: $new_pwd \n

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

    mail($user_email, "Reset Password", $message,
    "From: \"Client Password Reset\" <clientservices@example.com>\r\n" .
     "X-Mailer: PHP/" . phpversion());

  header("Location: index.html?p=newpassword");  
  exit();

     } 
 }  


/*
    mail($user_email, "Reset Password", $message,
    "From: \"Client Registration\" <clientservices@example.com>\r\n" .
     "X-Mailer: PHP/" . phpversion());                       

$msg[] = "Your account password has been reset and a new password has been sent to your email address.";                        
//header("Location: index.html?p=newpassword");                      
//$msg = urlencode();
//header("Location: forgot.php?msg=$msg");                       
//exit();
 }
}
 */
?>
<script language="JavaScript" type="text/javascript" src="jquery/jquery-1.6.4.min.js"></script>
<script language="JavaScript" type="text/javascript" src="jquery/jquery.validate.js"></script>
  <script>
  $(document).ready(function(){
    $("#actForm").validate();
  });
  </script>
        <?php
      /******************** ERROR MESSAGES*************************************************
      This code is to show error messages 
      **************************************************************************/
    if(!empty($err))  {
       echo "<div class=\"msg\">";
      foreach ($err as $e) {
        echo "* $e <br>";
        }
      echo "</div>";    
       }
       if(!empty($msg))  {
        echo "<div class=\"msg\">" . $msg[0] . "</div>";

       }
      /******************************* END ********************************/      
      ?><div id="clientLogin">You are about to request a reset of your client account password | <a href="?p=login" class="clientLogin">Login</a><br>
      <form action="forgot.php" method="post" name="actForm" id="actForm" style="margin-top:5px;">
       Your Email <input name="user_email" type="text" class="required email" id="txtboxn" size="25"><input name="doReset" type="submit" id="doLogin3" value="Submit" class="button"></form></div>

---

You have:

mail($usr_email, "Reset Password", $message...);

When it looks like you should have

mail($user_email, "Reset Password", $message...);

Notice you used $usr_email instead of $user_email.

That is why no email is being sent. Then it looks like the user is redirected to index.html?p=newpassword so depending on what that page is it may appear to just be reloading the same page.

UPDATE:

Also, you have the element doReset with a value of Submit and in your PHP code you are checking to see that $_POST['doReset'] == Reset instead of Submit.

<input name="doReset" type="submit" id="doLogin3" value="Submit" class="button">

Change if ($_POST['doReset']=='Reset') to if ($_POST['doReset']=='Submit')