Problem with password_forgotten.php

[EliteViper]

Hi everyone, hopefully someone would know the simple answer to this... basically, the way this is set up is that when a client creates an account rather then have them create a secret question / answer combo I just made their secret answer their last name. the whole thing works perfectly IF they put in a correct email address, for some reason if they enter an incorrect email or just any random number of characters then it says the email address is invalid BUT moves on to the next page :S the captcha works perfectly and regardless if the email is wrong or not, you can see it in action here on my test site area.

 

Link to http://kemcardscanada.ca/password_forgotten.php

 

If anyone can shed some light on this which should be a simple thing please HELP!!! :)

 

<?php
/*
 $Id: password_forgotten.php 1739 2007-12-20 00:52:16Z hpdl $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

// BOF Anti Robot Registration v3.0
 if (ACCOUNT_VALIDATION == 'true' && ACCOUNT_PASSWORD_FORGOTTEN_VALIDATION == 'true') {
   require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_VALIDATION);
   include_once('includes/functions/' . FILENAME_ACCOUNT_VALIDATION);
   $antirobotreg = tep_db_prepare_input($HTTP_POST_VARS['antirobotreg']);
   }
// EOF Anti Robot Registration v3.0

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN);
 $error = false;

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
// BOF Anti Robotic Registration v3.0
   if (ACCOUNT_VALIDATION == 'true' && ACCOUNT_PASSWORD_FORGOTTEN_VALIDATION == 'true') {
     include(DIR_WS_MODULES . FILENAME_CHECK_VALIDATION);
     if ($entry_antirobotreg_error == true) $messageStack->add('password_forgotten', $text_antirobotreg_error);
   }

if (!$entry_antirobotreg_error) {

// EOF Anti Robotic Registration v3.0	
   $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
   $secret_question_visible = tep_db_prepare_input($HTTP_POST_VARS['secret_question_visible']);
   $secret_answer = tep_db_prepare_input($HTTP_POST_VARS['secret_answer']);

// Check if email exists
   $check_customer_query = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
   if (!tep_db_num_rows($check_customer_query)) {
     $error = true;
     $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
   } else {
// See if the secret question exists - no need to check answer if not
     $check_customer = tep_db_fetch_array($check_customer_query);
     if ($secret_question_visible == 'true') {
// Check that secret answer is good
       if (!tep_validate_password($secret_answer, $check_customer['secret_answer'])) {
         $error = true;
         $messageStack->add('password_forgotten', TEXT_SECRET_ANSWER_ERROR);
       } elseif(strlen($secret_answer) < 1) {
// No secret answer after process action
         $error = true;
         $messageStack->add('password_forgotten', ENTRY_SECRET_ANSWER_ERROR_EMPTY);
       } else {
// Create random password for temp use - don't want to leave it blank
     $new_password = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
     $crypted_password = tep_encrypt_password($new_password);

     tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . tep_db_input($crypted_password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");
         if (SESSION_RECREATE == 'True') {
           tep_session_recreate();
         }
         $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");
         $check_country = tep_db_fetch_array($check_country_query);

         $customer_id = $check_customer['customers_id'];
         $customer_default_address_id = $check_customer['customers_default_address_id'];
         $customer_first_name = $check_customer['customers_firstname'];
         $customer_country_id = $check_country['entry_country_id'];
         $customer_zone_id = $check_country['entry_zone_id'];
         $customer_reset = $new_password;
         tep_session_register('customer_id');
         tep_session_register('customer_default_address_id');
         tep_session_register('customer_first_name');
         tep_session_register('customer_country_id');
         tep_session_register('customer_zone_id');
         tep_session_register('customer_reset');

         tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");

         // restore cart contents
         $cart->restore_contents();
/*
         if (sizeof($navigation->snapshot) > 0) {
           $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);
           $navigation->clear_snapshot();
           tep_redirect($origin_href);
         } else {
*/
//            $messageStack->add('account_password', TEXT_SECRET_NEW_PASSWORD);
           tep_redirect(tep_href_link(FILENAME_ACCOUNT_PASSWORD));
//          }
       }
     } else {
// now show secret fields
       $secret_question = $check_customer['secret_question'];
     }
   }
 }

 if ($error == true) {
   $messageStack->add('login', TEXT_LOGIN_ERROR);
 }

//================================ DELETE BELOW WHEN FINISHED ====================================
/*

     tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

     $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');

     tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
   } else {
     $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
   }
 }

*/

// BOF Anti Robotic Registration v2.5	
}
header('cache-control: no-store, no-cache, must-revalidate');
 header("Pragma: no-cache");
// EOF Anti Robotic Registration v2.5

 $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL'));
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><?php echo tep_draw_form('password_forgotten', tep_href_link(FILENAME_PASSWORD_FORGOTTEN, 'action=process', 'SSL')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
           <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_password_forgotten.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 if ($messageStack->size('password_forgotten') > 0) {
?>
     <tr>
       <td><?php echo $messageStack->output('password_forgotten'); ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 }
?>
     <tr>
       <td><table border="0" width="100%" height="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" height="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="main" colspan="2">

<?php
if(strlen($email_address) > 1) {
 echo TEXT_MAIN_2;
} else {
 echo TEXT_MAIN;
}
?>
               </td>
             </tr>
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
             <tr>
               <td class="main">
<?php
 if(strlen($email_address) > 1) {
   echo tep_draw_hidden_field('email_address', $email_address);
 } else {
   echo '<b>' . ENTRY_EMAIL_ADDRESS . '</b> ' . tep_draw_input_field('email_address');
 }
?>
               </td>
             </tr>
<?php
 if(strlen($email_address) > 1) {
?>
             <tr>
               <td class="main"><?php echo $secret_question . tep_draw_hidden_field('secret_question_visible', 'true'); ?></td>
             </tr> 
             <tr> 
               <td class="main"><?php echo ENTRY_SECRET_QUESTION_CONFIRMATION . ' ' . tep_draw_input_field('secret_answer'); // . ' ' . ENTRY_SECRET_QUESTION_CONFIRMATION_TEXT; ?></td>
             </tr>
<?php
 }
?>
             <tr>
               <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<!-- // BOF Anti Robot Registration v3.0-->
<?php
   if (ACCOUNT_VALIDATION == 'true' && strstr($PHP_SELF,'password_forgotten') &&  ACCOUNT_PASSWORD_FORGOTTEN_VALIDATION == 'true') include(DIR_WS_MODULES . FILENAME_DISPLAY_VALIDATION); ?>

<!-- // EOF Anti Robot Registration v3.0-->	
     <tr>
       <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td><?php echo '<a href="' . tep_href_link(FILENAME_LOGIN, '', 'SSL') . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>
               <td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
   </table></form></td>
<!-- body_text_eof //-->
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>