Below is where a user is able to logging in but i want to give the option to a user if they have forgotten their password by matching their username and email.
login.php
<?php
if (!loggedin()) {
if($_POST['submitID'] == 1){
/* Connect to database */
if($connectDatabase == TRUE){$action=TRUE;include('connect.php');}
/* sanitise and check the info */
$userName = mysql_real_escape_string($_POST['userName'],$db);
$password = mysql_real_escape_string($_POST['password'],$db);
if($userName == NULL) { $message = 'Please enter username.';}
if($message == NULL && $password == NULL){ $message = 'Please enter password.';}
if($message == NULL)
{
$HashPass = md5($password);
$userQuery = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM " . $datauser .
" WHERE `" . $userNameField . "`='$userName' AND `" . $userPasswordField . "`='$HashPass'"));
/* If usercount is more than 0 -> ok */
if($userQuery[0] > 0){
if($connectDatabase == TRUE){$action=FALSE;include('connect.php');}
$_SESSION['isLoged'] = 'yes';
$_SESSION['userName'] = $userName;
header("Location: $loginPage");
exit();
} else {
$message = 'Invalid username and/or password!';
}
}
if($connectDatabase == TRUE){$action=FALSE;include('connect.php');}
}
?>
<?php
?><h1><? echo $_SESSION['userName'];?></h1><?
/* Display error messages */
if($message != NULL){?>
<?php } ?>
how will i be able to check the username from the database and allow the user to create a new password and update the database
