I apologise if the title is confusing, but when I run the page with the code below and enter an email not found in the database, on the webpage I get Notice: Trying to get property of non-object in C:\xampp\htdocs\Testing\login.php on line 72. Instead of it saying this, I want it to give an error that the email is not registered.
<?php
session_start();//session starts here
if(isset($_SESSION['adminName'])||isset($_SESSION['email'])){
header("Location: welcome.php");//redirect to login page to secure the welcome page without login access.
}
?>
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
$query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'");
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
?>
This is the code found in my login.php file. The php code within the comment isn't part of the web page, I will be removing it later.
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
if ($query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'") == false) {
echo "The email doesn't exist in the DB";
} else {
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
}
?>
I've added an if statement that checks if the query is false, if it's false it will echo that the email doesn't exist in the database, as you wanted, but if it exist, then you're fetched the password exactly as you want.
I used an if statement for the code: $query->num_rows() (credit to #MasterOdin for that) and if the number of rows equaled 0, then I echoed that you typed in an invalid email.
Ex.
if ($query->num_rows==0){
echo "You typed an invalid email!";
}else{
I further verified information here...
}
Related
I am currently working on a little website and I came across the problem that, whenever I go on the site the error message is there.
How can I make it that it only appears after the form is submitted and the values are wrong?
Thats the code:
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if($_POST['username'] and $_POST['userpasswd'])
{
require './classes/_connection.php';
require './classes/_account.php';
$account = new Account();
$username = $_POST['username'];
$password = $_POST['userpasswd'];
$username = trim($username);
$password = trim($password);
$_SESSION["username"] = $username;
try
{
$login = $account->loginWebsite($username, $password);
}
catch (Exception $e)
{
echo $e->getMessage();
die();
}
if ($login)
{
header ("LOCATION: ./dashboard.php");
}
else
{
// show the alert message here
}
}
}
else
{
}
?>
<html lang="en">
<head>
<title>my site</title>
<!--- META -->
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!--- CSS --->
<link rel="stylesheet" href="./css/style.css">
<link rel="stylesheet" href="./css/bootstrap.css">
<link rel="stylesheet" href="./css/messagebox.css">
</head>
<body>
<div class="vertical-center">
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12 d-flex align-items-center justify-content-center">
<div class="d-flex align-items-center justify-content-center text-center loginArea">
<div class="container">
<form action="" method="post">
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
Wrong username or password
</div>
<div class="col-xs-12 col-sm-12 col-md-12">
<input class="inputrow" required type="text" size="40" maxlength="250" name="username" placeholder="Username" autofocus>
</div>
<div class="col-xs-12 col-sm-12 col-md-12">
<input class="inputrow" required type="password" size="40" maxlength="250" name="userpasswd" placeholder="Password">
</div>
<div class="col-xs-12 col-sm-12 col-md-12">
<input class="inputbutton" type="submit" value="Login">
</div>
</form>
</div>
</div>
</div>
</div>
</div>
It is about the:
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
Wrong username or password
</div>
How can I make it that it only appears after the php if statement is false?
You must write this at the end of your code:
<?php } ?>
and modify your last else to:
else {
Full snippet: https://pastebin.com/raw/yCK6M2v8
You can modify your code like below
else
{
// show the alert message here
?>
<div class="alert">
<span class="closebtn" onclick="this.parentElement.style.display='none';">
×</span> Wrong username or password
</div>
<?php
}
I am very new at php and I'm trying to create a login div on the right side bar. Well it's seems to work but when I login it shows me:
user name [ textbox ]
password [ textbox ]
[ login button ]
welcome new2
Obviously, I'm not intrested of showing the textboxing and the login button because the user is already login.
Here is the code of the home page (templat.php):
<?php
session_start();
$db=mysqli_connect("localhost","root","","mydb");
?>
<!DOCTYPE html>
<html lang="he">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="Styles/Stylesheet2.css" />
</head>
<body dir="rtl">
<div id="wrapper">
<div id="banner">
</div>
<nav id="navigation" dir="rtl">
<ul id="nav">
<li>home</li>
<li>topics</li>
<li>on us</li>
</ul>
</nav>
<!--
<div id="content_area">
<?php
//echo $content; ?>
</div>
-->
<div id="sidebar">
<div id="main-wrapper">
<center><h2>Login Form</h2></center>
<div class="imgcontainer">
<center>
<img src="images/avatar.png" width='60' height='60' alt="Avatar" class="avatar">
</center>
</div>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login</button>
</div>
</form>
<?php
if(isset($_POST['login']))
{
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password=md5($password); //Remember we hashed password before storing last time
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($db,$sql);
$row = mysqli_fetch_array($result);
$num = mysqli_num_rows($result);
if($num==1)
{
$_SESSION['message']="You are now Loggged In";
$_SESSION['username']=$username;
$id=$row['id'];
$_SESSION['id']=$id;
?>
<div id="main-wrapper">
<center><h3>Welcome <?php echo $_SESSION['username']; ?></h3></center>
<form action="Template.php" method="post">
<div class="imgcontainer">
<img src="images/avatar.png" alt="Avatar" width='60' height='60' class="avatar">
</div>
<div class="inner_container">
<button class="logout_button" type="submit">Log Out</button>
</div>
</form>
</div>
<?php
}
else
{
$_SESSION['message']="Username and Password combiation incorrect";
}
}
?>
</br>
</div>
</div>
<footer>
<p>aaa</p>
</footer>
</div>
</body>
</html>
update : logout.php:
<?php
session_start();
session_destroy();
unset($_SESSION['username']);
$_SESSION['message']="You are now logged out";
header("Location:login.php");
?>
You need to check if user is already logged in. You can check if $_SESSION['username'] is empty or not.
Update your login form like that:
<?php if(!isset($_SESSION['username'])) { ?>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login
</button>
</div>
</form>
<?php }; ?>
Okay, So I have this log in page here all I want it to do is log me in and send me too "index.php". I know my email is correct and the password and everything is good. it all works it just stays on the same page though instead of actually sending me to "index.php". Im new to php and it is probably something stupid but any help would be greatly appreciated. Please and Thank you! :)
<link rel="stylesheet" href="styles.css" />
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: index.php");
}
include_once 'dbconnect.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
header("Location: index.php");
$successmsg = "SWEET YOU'RE IN!";
//echo "success";
} else {
$errormsg = "Incorrect Email or Password!!!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP Login Script</title>
<meta content="width=device-width, initial-scale=1.0" name="viewport" >
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
</head>
<body>
<div class="container-fluid">
<!-- add header -->
<div class="navbar-header">
</div>
<!-- menu items -->
<div class="collapse navbar-collapse" id="navbar1">
<ul class="navbar">
<li class="active">Login</li>
<li>Sign Up</li>
</ul>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4 well">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="name">Email</label>
<input type="text" name="email" placeholder="Your Email" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" value="Login" class="btn btn-primary" />
</div>
</fieldset>
</form>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>
<span class="text-success"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
</div>
</div>
</div>
</body>
</html>
Where you have this:
if(isset($_SESSION['usr_id'])!="") {
You want this:
if(isset($_SESSION['usr_id']) && $_SESSION['usr_id'] != "") {
Note that what's in $_SESSION['usr_id'] will be the id column from your database. It's not clear from context if such a column exists, so perhaps double check that there really is a value there before the initial redirect (i.e., just after checking the credentials).
Side note: don't use MD5() to hash passwords. MD5 isn't as secure as you'd want a password hash to be.
I have 2 projects 1 is just for checking username and password if they exist in the database,which has the function password_verify() working , and the other u can sign up and then log in, but in this 1 the function password_verify is always returning false even thought i have the same code written in both but changed the table name i will post the project, so if anyone can help me please.
I did check that it is connecting to the database normally and returning the email result correct but when it comes to comparing hashed pass with the one entered it's always false.
Index.php is the main page and contains only two php lines:
include("signup.php");
include("login.php");
Connection.php
<?php
$server="localhost";
$db_username="myusername";
$db_password="mypassword";
$db="test_db";
$conn=mysqli_connect($server,$db_username,$db_password,$db);
if(!$conn)
die ("Connection Failed: ".mysqli_connect_error());
?>
signup.php
<?php
session_start();
if(isset($_POST['signup']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$email=validateFormData($_POST['email']);
$password=validateFormData($_POST['password']);
if(!$_POST['email'])
$error.="Please enter an email<br>";
else if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL))
{
$error.="Please enter a valid email<br>";
}
if(!$_POST['password'])
$error.="Please enter a password<br>";
else
{
if(strlen($_POST['password'])<8)
$error.="Password must contain at least 8 characters<br>";
if(!preg_match('`[A-Z]`',$_POST['password']))
$error.="Password must contain at least one capital letter<br>";
}
if($error)
{
echo "<div class='alert alert-danger text-center lead'><a class='close red' data-dismiss='alert'>×</a>".$error."</div>";
}
else
{
include('connection.php');
$query="SELECT * FROM `diary` WHERE email='".mysqli_real_escape_string($conn,$email)."'";
$result=mysqli_query($conn,$query);
$results=mysqli_num_rows($result);
if($results)
echo "<div class='alert alert-danger text-center lead'>This email already exists, do you want to log in?<a class='close red' data-dismiss='alert'>×</a></div>";
else
{
$selectUser=mysqli_real_escape_string($conn,$email);
$hashedPass=password_hash($password,PASSWORD_DEFAULT);
$query="INSERT INTO `diary`(`email`, `password`) VALUES ('$selectUser','$hashedPass')";
mysqli_query($conn,$query);
echo "<div class='alert alert-success text-center lead'>You've been signed up!<a class='close green' data-dismiss='alert'>×</a></div>";
$_SESSION['id']=mysqli_insert_id($conn);
}
}
}
?>
login.php
<?php
if(isset($_POST['login']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
echo $newPass;
include("connection.php");
$query="Select * from diary where email='$formEmail' ";
$result=mysqli_query($conn,$query);
if(mysqli_num_rows($result)>0)
{
while($row=mysqli_fetch_assoc($result))
{
$LogEmail= $row['email'];
$LogPass= $row['password'];
echo "<br>".$LogPass;
}
if(password_verify($newPass,$LogPass))
{
echo "<br>Correct Password";
}
else
echo "<br>Not Correct";
}
}
?>
output of $newPass is :"$2y$10$dw0AtEExMc41p4nUB3W9kOOWTcNZmQev9jM4emNn7oQNODfu6Ld.q"
output of $LogPass is : "$2y$10$biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK"
Index
<?php
include("signup.php");
include("login.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<title>Secret Diary</title>
<link rel="stylesheet" href="css/Normalize.css">
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="css/style.css">
<!--[if IE]>
<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Sign Up</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="email" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="email" placeholder="Enter Email" name="email" value="<?php echo addslashes($_POST['email']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="pwd">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="pwd" placeholder="Password" name="password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="signup">Sign Up</button>
</div>
</div>
</form><!--SIGN UP-->
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Log In</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInEmail" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="LogInEmail" placeholder="Enter Email" name="loginEmail" value="<?php echo addslashes($_POST['loginEmail']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInPassword">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="LogInPassword" placeholder="Password" name="loginPassword">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="login">Log In</button>
</div>
</div>
</form><!--LOG IN-->
</div>
<script src="js/JQuery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script src="js/script.js" type="text/javascript"></script>
</body>
</html>
You overwrite your $password when you include your dbconnection.
include('connection.php');
has:
$password="mypassword";
Previously you set:
$password=validateFormData($_POST['password']);
so your hashed password is not the user's password, but your DB password.
I would prefix all DB credentials variables with db_. So your database password variable would then be $db_password. This will allow you to have distinct variables throughout your project (I'd think).
Additionally you should be using $formPass, not $newpass. The $newpass is going to be double hashed at the verify function.
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
so change:
if(password_verify($newPass,$LogPass))
to:
if(password_verify($formPass, $LogPass))
password_verify expects the cleartext password as its first argument. To fix your code, remove this line:
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
And change this line:
if(password_verify($newPass,$LogPass))
To the following:
if(password_verify($formPass,$LogPass))
I am redirecting a user to a page named "forgot_pass" in such a way
"forgot_pass.php?code='$code'&username='$hidden_username'>".
But when user clicks on link for redirection the url seems like this
http://localhost/Validation/forgot_pass.php?code=
and there is no any page displayed.
The variables passed in url have values as i have already checked it. But they are not displaying when sent in url.
Help me in solving this issue.
reset.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
$pass = $_POST['pass'];
$pass1 = $_POST['pass1'];
$code = $_GET['code'];
$hidden_username = $_POST['username'];
if($pass == $pass1)
{
echo 'Password Changed !';
}
else
{
echo "Passowrd must match
<a href='forgot_pass.php?code='$code'&username='$hidden_username'>Try Again</a>
";
}
forgot_pass.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
if(isset($_GET['code']))
{
$get_code = (isset($_GET['code'])? $_GET['code'] : null);
$get_username =(isset($_GET['username']) ? $_GET['username'] : null);
$match_code = mysqli_query($link, "select * from signup where username='$get_username'");
if(mysqli_num_rows($match_code) > 0)
{
while($row = mysqli_fetch_assoc($match_code))
{
$db_username = $row['username'];
$db_code = $row['paareset'];
}
}
if($get_username == $db_username && $get_code == $db_code)
{ ?>
<html>
<head>
<meta charset="UTF-8">
<title>Change Password</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-body">
<div class="text-center">
<h3><i class="fa fa-pencil fa-4x"></i></h3>
<h2 class="text-center">New Password?</h2>
<div class="panel-body">
<form class="form" method="post"
action= "reset_pass.php?code=<?php echo $get_code ?>"
<fieldset>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass" placeholder="New Password" class="form-control" type="password" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass1" placeholder="Re-type Password" class="form-control" type="password" required="">
<input type="hidden" name="username" value="<?php echo $db_username ?>">
</div>
</div>
<div class="form-group">
<input class="btn btn-lg btn-primary btn-block" name="send" value="Change Password" type="submit">
</div>
<div class="form-group">
<span style="color: red"><?php if(isset($message['mail'])) {echo $message['mail']; } ?></span>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
}
} // End if (isset['code'])
if(!isset($_GET['code']))
{
?>
<html>
<head>
</head>
<body>
// Here i am displaying another form that gets email address and sends email
</body>
</html>
<?php
}
Remove single-quotes around the arguments, you are using them to delimit the URL so don't use them inside the URL (or at least escape them) :
echo "Password must match <a href='forgot_pass.php?code=$code&username=$hidden_username'>Try Again</a>";
Try with this way
echo "Passowrd must match
Try Again"
you have mismatch in columns
try to change your code to
echo "Passowrd must match
<a href='forgot_pass.php?code=".$code."&username=".$hidden_username".'>Try Again</a>
"
Please check if your filenames are correct.
You named: reset.php and forgot_pass.php
In forgot_pass.php your action goes towards reset_pass.php
remove single quote
"forgot_pass.php?code=$code&username=$hidden_username>"