Jump to content

White_Lily

Members
  • Content Count

    531
  • Joined

  • Last visited

  • Days Won

    1

White_Lily last won the day on November 1 2012

White_Lily had the most liked content!

Community Reputation

16 Neutral

About White_Lily

  • Rank
    Prolific Member
  • Birthday 12/28/1991

Profile Information

  • Gender
    Female
  1. I know the security risks of this script, however it is just what he wanted. Also, your answer still doesn't explain why the update code does not update the database. You mentioned sanitizing the inputs - which I am doing...: function testStr($type, $string){ switch($type){ case "empty": if(strlen($string) == 0 || $string == NULL){return false;} else{return true;} break; case "clean": $string = strip_tags($string); $string = mysql_real_escape_string($string); return $string; break; } } Now, in any of the code that is posted, is there anything there that would be the cause of the database not being updated?
  2. Remember the issue is that it doesn't update the database... but returns no errors? Thanks for all your help!
  3. Here is the PHP code that processing the password recovery... <?php include("../../config.php"); if(isset($_POST)){ $error = array(); if(testStr("empty", $_POST["email"])){ $email = testStr("clean", $_POST["email"]); $check = mysql_select("users", "", "email = '{$email}'", NULL, 1); if(!mysql_num_rows($check)){$error[] = "That email address does not exist.";} }else{$error[] = "Please enter your email address.";} if(count($error) == 0){ $headers = "From: ".config('email/name')." ".config('email/address')."\r\n"; $headers.= "MIME-Version: 1.0\r\n"; $headers.= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $pass = makePassword(15); $salt = salt(); $password = encrypt($pass, $salt); $htmlMessage = " <html> <body> <h2>Password Recovery for Ed's Login System</h2> <p>Hi, you requested a password change. Below you will find your new password.<br /> Once you have logged in, you will be prompted to change it again, this time - remember it!</p> <p><strong>Your New Password:</strong> {$pass}</p> </body> </html> "; if(mail($email, "Password Recovery", $htmlMessage, $headers)){ $update = mysql_update("users", array("password", "salt", "p_prompt"), array($password, $salt, 1), "email = '".$_POST["email"]."'"); if($update && count($error) == 0){ echo json_encode(array("success" => true, "message" => "Password has been changed successfully, check your email for your new password.")); }else{$error[] = "Failed to update password.";} }else{$error[] = "Something went wrong creating your password.";} } if(count($error) > 0){ echo json_encode(array("success" => false,"error" => $error)); } } ?>
  4. Here is the ajax code... jQuery(function($){ $("button#recovery").on("click", function(){ $.post("javascript/ajax/recovery.php", $("form").serializeArray(), function(data){ console.log(data); if(data.success){ $("div#error").addClass("pass").html("<p>" + data.message + "</p><br /><a href='login.php'>Login</a>"); }else{ var errorMsg = ""; for(i=0;i<data.error.length;i++){ errorMsg += "<p>" + data.error[i] + "</p>"; } $("div#error").addClass("fail").html(errorMsg); } }, "json"); }); });
  5. Hi, I have been asked by a friend to create a login system for him to use and it requires a password recovery page, and to have all the PHP processing code to be done with AJAX to avoid page 'refreshes', which is fine... However, on the password recovery page, you enter your email address... and nothing happens, it checks the email address is there and that it is a registered email address, but when it comes to updating the database with a new password... it comes up with nothing, no PHP errors, no MySQL errors, and no javascript errors... Here is the update function (no comments on the mysql method... I know it is deprecated, just his choice!)... function mysql_update($table, $columns, $values, $where) { $set = array(); for($up=0;$up<count($columns);$up++){ $set[] = "{$columns[$up]} = '{$values[$up]}'"; } $query = "UPDATE {$table} SET ".implode(",", $set)." WHERE {$where}"; return mysql_query($query); }
  6. is the search terms stored in a session or is the whole ting powered by javascript?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.