Web Appliacation Recipes (Send_password Page)

I have been working on the send password page for the book web application recipes.
I have completed the Send_password page using PHP It sends a password and username to the submitted email. However, it sends the same password and usersname every time. Any help would be greatly appreciated.
===========================code====================
<?php require_once('Connections/newsfeed.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$EmailParam_LostPassword = "webmaster@sk8photos.com";
if (isset($_POST['EmailAddress'])) {
$EmailParam_LostPassword = $_POST['EmailAddress'];
}
mysql_select_db($database_newsfeed, $newsfeed);
$query_LostPassword = sprintf("SELECT UserName, UserPassword FROM users WHERE UserEmail = %s", GetSQLValueString($EmailParam_LostPassword, "int"));
$LostPassword = mysql_query($query_LostPassword, $newsfeed) or die(mysql_error());
$row_LostPassword = mysql_fetch_assoc($LostPassword);
$totalRows_LostPassword = mysql_num_rows($LostPassword);
?>
<?php
$ConfirmMessage = "";
if ($totalRows_LostPassword > 0) {
$to = $_POST['EmailAddress'];
$from = 'From:webmaster@sk8photos.com <webmaster@sk8photos.com>\r\n';
$subject = "RE: Your sk8photos Login Information";
$body = "UserName: " . $row_LostPassword['UserName'] . "\rPassword: " . $row_LostPassword['UserPassword'];
@mail($to,$subject,$body,$from);
$ConfirmMessage = "Your login information has been sent to: " . $_POST['EmailAddress'];
}
?>
<html>
<head>
<title>Sk8photos.com | Send Password</title>
<link rel="stylesheet" href="style.css" type="text/css">
<meta name="description" content="">
<meta name="keywords" content="keywords">
</head>
<body>
<div align="center">
<div id="container_big">
<div id="container">
<div id="header">
<div id="banner"></div>
<div id="logo">
<a href="#" title="Homepage &raquo;">Sk8photos.com</a></div>
<div id="slogan"><marquee behavior="slide" direction="left">Roll ......Click......Roll click</marquee></div>
<div id="menu">
<a href="#">HOME</a>
<a href="#">NEWS</a>
<a href="#">PHOTOS</a>
<a href="#">VIDEOS</a>
<a href="#">CONTACT US</a>
</div>

</div>




<!-- content begin -->
<div id="content">

<div id="right">
<div style="margin-left: 8px;">
<img src="images/i1.jpg" vspace="3"><br />
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis.<br>
<img src="images/i2.jpg" vspace="4">
</div>
</div>

<div id="main">
<table width="100%" border="0" cellspacing="1" cellpadding="1">
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="40"><table width="100%" class="layoutTable" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="200" align="center" valign="bottom" bgcolor="#F82474" class="pageHeader">SEND
PASSWORD </td>
<td bgcolor="#E9BE15">&nbsp;</td>
</tr>
</table></td>
</tr>
<tr>
<td><form name="SendPassword" method="post" action="">
<table width="100%" border="0" cellspacing="0" cellpadding="6">
<tr>
<td width="25">&nbsp;</td>
<td colspan="2">&nbsp;</td>
</tr>
<tr>
<td width="25">&nbsp;</td>
<td colspan="2" class="plaintext">If you have forgotten your
password, please enter the email address you used to register
in the text box below. Your user name and password information
will be e-mailed to that email address. </td>
</tr>
<tr>
<td>&nbsp;</td>
<td colspan="2"><?php echo $ConfirmMessage; ?> </td>
</tr>
<tr>
<td width="25">&nbsp;</td>
<td class="formTitle">Email Address</td>
<td class="formField"><input name="EmailAddress" type="text" id="EmailAddress" size="40"></td>
</tr>
<tr>
<td width="25">&nbsp;</td>
<td class="formTitle">&nbsp;</td>
<td class="formField"><input name="SendPWD" type="submit" id="SendPWD" value="Send Login Info"></td>
</tr>
</table>
</form> </td>
</tr>
</table>
</td>
</tr>
</table>
<h1><br clear="all">
</h1>
</div>

<br clear="all">
</div>
</div>
<!-- content end -->
<div id="footer">
&copy; 2007 <a href="#"><strong>Celebrere.com</strong>

</div>
</div>

</div>
</div>
</div>
</body></html>
<?php
mysql_free_result($LostPassword);
?>
============================end code==============================

The code looks correct, so I would suspect the Data in the database.


add the following code to the send password page just after the body tag:

<?php

echo($query_LostPassword);

?>

this will write the SQL Query that is being used to the page.

copy this query and run it directly against the database using the mySQL GUI Tools Query Browser or which ever tool you use for managing your database.

Ok I will give it a try!

This was the output from that Sql Statement: SELECT UserName, UserPassword FROM users WHERE UserEmail = 0
Here are the results screenshot.jpg

In the recordset the EmailParam parameter is set to be numeric.


double click the LostPassword recordset in the server behaviors list.

Edit the EmailParam parameter and set the data type to text.

still getting this Info
UserName: sbyerly
Password: danger

It seems to be just sending the first username and password in the table. Because I deleted the one I mentioned earlier so now it just sends the next one inline.

what are the results you are getting from :
<?php
echo($query_LostPassword);
?>


in the page?

What happens when run that SQL Directly on the database using the MySWQL Query browser?

SELECT UserName, UserPassword FROM users WHERE UserEmail = 0

send_password.php

register.php

I just registered a new user using the username jbyrnes

The email I recieved was:

RE: Your sk8photos Login Information

UserName: jbyrnes
Password:



It pulled the correct record, not sure why the password was not included, most likely, it is a problem with the registration page.

You should check the database directly to make sure passwords are being stored in the UserPassword column.


One thing I notice from your origianl code is that the EmailParam of the LostPassword recordset has a deffault value of "webmaster@sk8photos.com";

the default value should be something that does not appear in the database like "-1". that way the recordset will be empty when the page first opens and no email will be sent.

Setting the default value to webmaster@sk8photos.com means that webmaster@sk8photos.com will be emailed every time that page opens.