Mauvaise syntaxe dans la Requête
Bonjour, la syntaxe est mauvaise à la ligne 24, sur cette page (lost2.php), qui sert en fait à redonner le mot de passe à un utilisateur de mon site.
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
| <?php
session_start();
require_once('config.php');
$page_name='password forgotten';
include_once('top.php');
//récupération du formulaire
$email=formulaires($_POST['email']);
$username=formulaires($_POST['username']);
if(!$email)
{
echo"E-mail inexisant.<br /><a href='#' onClick='history.back()'>back</a></center>";
include_once('bottom.php');
return FALSE;
}
if(!$username)
{
echo"username inexisant.<br /><a href='#' onClick='history.back()'>back</a></center>";
include_once('bottom.php');
return FALSE;
}
$reponse_username=mysql_query("SELECT username FROM RE username='$username'") or die ('error : '.mysql_error());
$count_username=mysql_num_rows($reponse_username);
if($count_username == 0)
{
echo"username non valide.<br /><a href='#' onClick='history.back()'>back</a>";
include_once('bottom.php');
return FALSE;
}
$reponse_email=mysql_query("SELECT email FROM user WHERE email='$email'") or die ('error : '.mysql_error());
$count_email=mysql_num_rows($reponse_email);
if($count_email == 0)
{
echo"E-mail non valide.<br /><a href='#' onClick='history.back()'>Back</a>";
include_once('bottom.php');
return FALSE;
}
$existe=mysql_query("SELECT email FROM user WHERE email='$email' AND username='$username'") or die ('error : '.mysql_error());
$test=mysql_num_rows($existe);
if($test == 0)
{
echo"E-mail and Username don't match.<br /><a href='#' onClick='history.back()'>back</a>";
include_once('bottom.php');
return FALSE;
}
for ($ligne=0;$ligne<10;$ligne++) //Création d'un mot de passe aléatoire
{
@$passwd.=substr('0123456789AZERTYUIOPMLKJHGFDSQWXCVBN',(rand()%(strlen('0123456789AZERTYUIOPMLKJHGFDSQWXCVBN'))),1);
}
mail("$email", "".$website_name." - Forgotten password" , "Hello, this is your new password : ".$passwd."", "From: ".$oursong_email."");
$passwd=md5($passwd);
mysql_query("UPDATE user SET pass='$passwd' WHERE email='$email'") or die ('error : '.mysql_error());
echo 'An E-mail has been sent to your mailbox with your new password';
?> |
Une idée? :)