SalientAnimal

Thanks.

Ok, I see what you've been saying and yes it makes a lot of sense. Thanks for this. I really do appreciate it. So one question here: Why is your code different on the "onchange" You have onchange=\ "reload(this.form)\"> on the second two selects but on the first you have onchange="reload(this.form)">

I was thinking checkboxes / radio buttons because there would be multiple users working the same shifts. Was also thinking that having a dropdown menu next to each used might look cluttered, and it makes it a little teadious when you have a list of 20+ users and you have to select a drop-down option for each. I actually later realised that he best way would be to rather create a new entry for each user, but this would mean that there would be multiple submits when hitting the submit button?

Hi All, I want to create a form that will have a drop-down list where you would select various timeslots. The drop-down will have options such as: 08:00 - 17:00 09:00 - 18:00 10:00 - 19:00 11:00 - 20:00 12:00 - 21:00 etc. When selecting either one of these options in the drop-down I need my database to be queried and to return a list of names (Users scheduled to work). Next to each name I would like it to have a check box, which the person accessing the form can then tick indicating if a user is present / absent. For all present users, their names need to be written to a new table, separated by only a comma, e.g. user1, user2, user3, etc. On the same row of the table, but in a new column the same has to apply or users who are absent And a third column for users who are late. So my quests are as follows: 1. Can this be done? 2. How do I retrieve the correct info from the table based on the drop down 3. What is the best way to name my check boxes? Would it be (Present1, Absent1, Late1, Present2, Absent2, Late2, etc)? I haven't started building the page as yet, but do have a table where a schedule is loaded with the shifts as indicated. Any suggestions will be most welcome.

Thanks, that made more sense. I ended up using the code you provided to create the dynamic drop-downs.

I'm not sure how to explain it. But to answer your question on the onchange event, I did not create another event no. I Took the script exactly as you supplied it. Only difference being that I didn't have the entire form in the code I posted. Would you like to see the entire code? I do admit that my DB structure isn't perfect, but what exactly am I doing wrong? Should I have separate tables for each menu item? What do you suggest to improve this structure? And what other information can I give you to help you in assisting me? Thanks though for all the help you have given me thus far.

Could I ask how you constructed your test database? I have this set of options in one table. So yes, the dynamic list works exactly as expected in what you gave me here. The problem on exists when I want to add another multi tier list. So as and example on the form, first dynamic list will focus on 3 tiers. These options are all dependent on each other. I then want to add another dynamic list, with 2 tiers, but on the same form. What then happens, is when I select an option in the first item of the second list, the previous three get reset, because they do not impact on each other. The other problem that exists is that all other form data that has been captured also gets cleared due to the onchange="reload(this.form) function. I'm not sure how database structure would effect this?

Of so I understand the logic you gave, the only problem that does seem to be happening, because the second list is not dependent on the first list. So the onChange causes all previous values to be reset if they are not part of the list. I'm not sure if I am explaining this correctly?

Hi there, Sorry I need to complicate things a bit here.... So the first set of Multiple drop-downs works, however I need to incorporate a second set of drop-downs, which will be dependent on each other, but not on the first lot of drop-downs. How do I go about adding the next set? There are three additional sets I need to add. One set will only have two drop-downs Second set will also have 3 drop downs Third will only have one option. All the drop downs reference to different tables in my database. Thanks again.

Got it all working, I just have to clean out the confidential items then I will share the script here.

Hi there, Thanks this really helped me a lot. I have to admit that I am a newbie at coding and every bit of help I get helps me just understand things a bit better.

Hi All, I have the following code that I am using to create dynamic drop-down lists from my MySQL database. However, my third list isn't generating at all. Could someone please take a look and let me know what I might be missing? Also, is this the best method to do a list like this? ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <title>Demo of Three Multiple drop down list box from plus2net</title> <meta name="GENERATOR" content="Arachnophilia 4.0"> <meta name="FORMATTER" content="Arachnophilia 4.0"> <SCRIPT language=JavaScript> function reload(form) { var val=form.primary_category.options[form.primary_category.options.selectedIndex].value; self.location='dd3.php?primary_category=' + val ; } function reload2(form) { var val=form.primary_category.options[form.primary_category.options.selectedIndex].value; var val2=form.secondary_category.options[form.secondary_category.options.selectedIndex].value; self.location='dd3.php?primary_category=' + val + '&secondary_category=' + val2 ; } function reload3(form) { var val=form.primary_category.options[form.primary_category.options.selectedIndex].value; var val2=form.secondary_category.options[form.secondary_category.options.selectedIndex].value; var val3=form.tertiary_category.options[form.tertiary_category.options.selectedIndex].value; self.location='dd3.php?primary_category=' + val + '&secondary_category=' + val2 + '&tertiary_category=' + val3 ; } </script> </head> <body> <?php ///////// Getting the data from Mysql table for first list box////////// $quer2=" SELECT DISTINCT primary_category , category_id FROM category_query ORDER BY primary_category "; ///////////// End of query for first list box//////////// /////// for second drop down list we will check if category is selected else we will display all the subcategory///// $cat=$_GET['primary_category']; // This line is added to take care if your global variable is off if(isset($cat) and strlen($cat) > 0){ $quer=" SELECT DISTINCT secondary_category , secondary_id FROM category_query WHERE category_id = $cat ORDER BY secondary_category "; } ////////// end of query for second subcategory drop down list box /////////////////////////// /////// for Third drop down list we will check if sub category is selected else we will display all the subcategory3///// $cat2=$_GET['secondary_category']; // This line is added to take care if your global variable is off if(isset($cat2) and strlen($cat2) > 0){ $quer3=" SELECT DISTINCT tertiary_catergory , tertiary_id FROM category_query WHERE secondary_id = $cat2 ORDER BY tertiary_catergory "; }else{$quer3="SELECT DISTINCT subcat2 FROM subcategory2 order by subcat2"; } ////////// end of query for third subcategory drop down list box /////////////////////////// echo "<form method=post name=f1 action='dd3ck.php'>"; ////////// Starting of first drop downlist ///////// echo "<select name='primary_category' onchange=\"reload(this.form)\"><option value=''>Select one</option>"; foreach ($dbo->query($quer2) as $notice2) { if($notice2['category_id']==@$cat){echo "<option selected value='$notice2[category_id]'>$notice2[primary_category]</option>"."<BR>";} else{echo "<option value='$notice2[category_id]'>$notice2[primary_category]</option>";} } echo "</select>"; ////////////////// This will end the first drop down list /////////// ////////// Starting of second drop downlist ///////// echo "<select name='secondary_category' onchange=\"reload2(this.form)\"><option value=''>Select one</option>"; foreach ($dbo->query($quer) as $notice) { if($notice['secondary_id']==@$cat2){echo "<option selected value='$notice[secondary_id]'>$notice[secondary_category]</option>"."<BR>";} else{echo "<option value='$notice[secondary_id]'>$notice[secondary_category]</option>";} } echo "</select>"; ////////////////// This will end the second drop down list /////////// ////////// Starting of third drop downlist ///////// echo "<select name='tertiary_category' onchange=\"reload3(this.form)\"><option value=''>Select one</option>"; foreach ($dbo->query($quer3) as $notice) { if($notice['tertiary_id']==@$cat3){echo "<option selected value='$notice[tertiary_id]'>$notice[tertiary_category]</option>"."<BR>";} else{echo "<option value='$notice[tertiary_id]'>$notice[tertiary_category]</option>";} } echo "</select>"; ////////////////// This will end the third drop down list /////////// echo "<input type=submit value='Submit the form data'></form>"; ?> <br><br> <a href=dd3.php>Reset and Try again</a> <br><br> </body> </html> Thanks

Hi All, I have two questions, and I am looking for some guidance. I have a form where I would like users to add an attachment. The question I have is: 1. What would you recommend (Adding the attachments to the MySQL database / to a file system) and what is the benefits of each? 2. If uploading the files to the database how do I accept multiple file formats i.e. image, wav, etc. Thanks.

Ok, first I just wanted to make sure that it wasn't a limitation thing. So here's what happens. When I have 5 Events or less the events display correctly in my calendar (array result set displays data). However as soon as I start adding more events to the calendar, my array result set is empty. I make no changes to the code at all, the only thing I am doing is adding data to my database. My table structure is as follows: id (auto increment int) title (varchar) agent_id (int) agent (varchar) start (datetime) end (datetime) url (varchar) allDay (varchar) Here this is my page that gathers the array from my table (The var_dump was just used to check my array set): <?php include_once '../includes/db_connect.php'; include_once '../includes/functions.php'; include_once '../includes/session_management.php'; $username = $_SESSION['username']; $email = $_SESSION['email']; $level = $_SESSION['level']; $user_id = $_SESSION['user_id']; // get the records from the database if ($result = $mysqli->query(" SELECT id , title , start , end , url , allDay FROM schedule WHERE agent_id = $user_id OR agent_id = 0 ORDER BY id ")); var_dump($_POST);exit; $arr = array(); while($row = mysqli_fetch_assoc($result)) { $arr[] = $row; } if($arr) { echo json_encode($arr); } else{ // here echo whatever you want to signify there were no results. } ?> This is the calendar itself: <!doctype html> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <html> <head> <link href='../events/fullcalendar/jquery-ui.min.css' rel='stylesheet' /> <link href='../events/fullcalendar/fullcalendar.css' rel='stylesheet' /> <link href='../events/fullcalendar/fullcalendar.print.css' rel='stylesheet' media='print' /> <script src='../events/lib/jquery.min.js'></script> <script src='../events/lib/jquery-ui.custom.min.js'></script> <script src='../events/fullcalendar/fullcalendar.min.js'></script> <script> $(document).ready(function() { var date = new Date(); var d = date.getDate(); var m = date.getMonth(); var y = date.getFullYear(); $('#calendar').fullCalendar({ theme: true, editable: true, header: { left: 'prev,next today', center: 'title', right: 'month,agendaWeek,agendaDay' }, events: '../events/events.unstripped.php', // Convert the allDay from string to boolean eventRender: function(event, element, view) { if (event.allDay === 'true') { event.allDay = true; } else { event.allDay = false; } }, selectable: true, selectHelper: true, select: function(start, end, allDay) { var title = prompt('Event Title:'); var url = prompt('Type Event url, if exits:'); if (title) { start = $.fullCalendar.formatDate(start, "yyyy-MM-dd HH:mm:ss"); end = $.fullCalendar.formatDate(end, "yyyy-MM-dd HH:mm:ss"); $.ajax({ url: '../events/add_events.php', data: 'title='+ title+'&start='+ start +'&end='+ end +'&url='+ url , type: "POST", success: function(json) { alert('Added Successfully'); location.reload(); } }); calendar.fullCalendar('renderEvent', { title: title, start: start, end: end, allDay: allDay }, true ); } calendar.fullCalendar('unselect'); }, editable: true, eventDrop: function(event, delta) { start = $.fullCalendar.formatDate(event.start, "yyyy-MM-dd HH:mm:ss"); end = $.fullCalendar.formatDate(event.end, "yyyy-MM-dd HH:mm:ss"); $.ajax({ url: '../calender/update_events.php', data: 'title='+ event.title+'&start='+ start +'&end='+ end +'&id='+ event.id , type: "POST", success: function(json) { alert("Updated Successfully"); } }); }, eventResize: function(event) { start = $.fullCalendar.formatDate(event.start, "yyyy-MM-dd HH:mm:ss"); end = $.fullCalendar.formatDate(event.end, "yyyy-MM-dd HH:mm:ss"); $.ajax({ url: '../events/update_events.php', data: 'title='+ event.title+'&start='+ start +'&end='+ end +'&id='+ event.id , type: "POST", success: function(json) { alert("Updated Successfully"); } }); } }); }); </script> <style> #calendar { width: 680px; margin: 0 auto; } </style> </head> <body> <div id='calendar'></div> </body> </html> If you could maybe give me some guidance where to do some additional trouble shooting.

Is there a limit on the number of "events" that a JSON array can hold? I have Calendar that displays events, and it works up until the point when I have 6 or more events in my calendar. The events are selected from a database table.

Awesome, my reset form is now resetting the password and I am able to login with the new password. There is just one notice that I am now getting, but I can try and work on getting rid of that notice. Thanks so much for all the help. Especially to you paddyfields.

I tried my example posted, but that didn't work. Will try what you just suggested and give feedback.

Sorry Guys I wasn't online at all yesterday. Here is the resetformhash script: function resetformhash(form, password, conf) { // CHECK TO ENSURE THAT ALL FIELDS ON THE FORM HAVE BEEN COMPLETED. if ( password.value == '' || conf.value == '') { alert('Please complete all details to reset your password'); return false; } // CHECK TO ENSURE THAT THE PASSWORD IS AT LEAST 6 CHARACTERS IN LENGTH - A MORE DETAILED CHECK CAN ALSO BE DONE. if (password.value.length < 6) { alert('Passwords must be at least 6 characters long. Please try again'); form.password.focus(); return false; } // COMPARE TWO PASSWORDS AND ENSURE THAT THEY MATCH. if (password.value != conf.value) { alert('Your password and confirmation do not match. Please try again'); form.password.focus(); return false; } // CREATES A NEW ELEMENT TO HASH THE PASSWORD FIELD. var p = document.createElement("input"); // ADD THE NEWLY CREATED ELEMENT TO THE FORM form.appendChild(p); p.name = "p"; p.type = "hidden"; p.value = hex_sha512(password.value); // ENSURE THAT THE PLAINTEXT PASSWORD ISN'T SENT OVER THE SERVER. password.value = ""; conf.value = ""; // SUBMIT THE COMPLETED FORM form.submit(); return true; } So reading what you guys wrote in my absence yesterday, I recall you saying to look out for the "p" as apposed to "password" in the previous thread, however when I did that I was questioned why I did it and eventually changed it back (Unless I changed this in the wrong place. So just to be sure, where in my form am I meant to change "password" to "p"? Would this just be in the check, i.e. case 3: //we are submitting a new password (only for encrypted) if ($_POST['user_id'] == '' || $_POST['security_key'] == '') header("location: ../login.php"); if (strcmp($_POST['p'],$_POST['confirmpwd']) != 0 || trim($_POST['p']) == '') { $error = true; $show = 'recoverForm'; var_dump($_POST);exit; } else { $error = false; $show = 'recoverSuccess'; updateUserPassword($_POST['user_id'],$_POST['password'],$_POST['security_key']); } break;

This is the form where the user would enter their "new" password, keep in mind some of the functions / checks are done at the top of the code. case 'recoverForm': ?> <h2>Password Recovery</h2> <p>Welcome back, <?= getUserName($securityUser=='' ? $_POST['user_id'] : $securityUser); ?>.</p> <p>In the fields below, enter your new password.</p> <?php if ($error == true) { ?><span class="error">The new passwords must match and must not be empty.</span><?php } ?> <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post"> <div class="fieldGroup"><label for="password">New Password</label><div class="field"><input type="password" class="input" name="password" id="password" value="" maxlength="20"></div></div> <div class="fieldGroup"><label for="confirmpwd">Confirm Password</label><div class="field"><input type="password" class="input" name="confirmpwd" id="confirmpwd" value="" maxlength="20"></div></div> <input type="hidden" name="subStep" value="3" /> <input type="hidden" name="user_id" value="<?= $securityUser=='' ? $_POST['user_id'] : $securityUser; ?>" /> <input type="hidden" name="security_key" value="<?= $_GET['email']=='' ? $_POST['security_key'] : $_GET['email']; ?>" /> <input class="bt_login" type="button" value="Reset" onClick="return resetformhash(this.form,this.form.password,this.form.confirmpwd);" style="margin-left: 150px;"/> <div class="clear"></div> </form> Is there anything else you need to see?

I acknowledge that from what I have posted, it appears that the array(6) { ["password"]=> string(0) "" ["confirmpwd"]=> string(0) fields are blank as the string length is coming up as 0. However, I know that I have filled in both the fields and these are the fields being populated in my form

mac_gyver, if you recall I have been looking at this problem for almost two weeks now. I have tried various solutions, and closed off a previous thread on the advice of another forum member. I had gone all the way back to starting over with the original source code and cleaning out the notices / errors piece by piece. The last time I had gotten this far in my code my table was being updated, but the information that was being submitted did not work for logging in and the account would end up being corrupted. I just don't want to go back to a point where I need to restart because of all the changes.

The problem with the above though it that the password is hashed, so I don't think these will match?

I did a var_dump($_POST);exit; here are the results of that. array(6) { ["password"]=> string(0) "" ["confirmpwd"]=> string(0) "" ["subStep"]=> string(1) "3" ["user_id"]=> string(2) "40" ["security_key"]=> string(128) "0cb130754bf129d2618c95e521c974c8d6fb696447b67f6144ef58687dbc7d9b02ac877bf1e70baf6f9d7c6e8139889bd19a27f718432e44841f68e7cea424c5" ["p"]=> string(128) "e13efc991a9bf44bbb4da87cdbb725240184585ccaf270523170e008cf2a3b85f45f86c3da647f69780fb9e971caf5437b3d06d418355a68c9760c70a31d05c7" } This is where I did the check: case 3: //we are submitting a new password (only for encrypted) if ($_POST['user_id'] == '' || $_POST['security_key'] == '') header("location: ../login.php"); if (strcmp($_POST['password'],$_POST['confirmpwd']) != 0 || trim($_POST['password']) == '') { $error = true; $show = 'recoverForm'; var_dump($_POST);exit; } else { $error = false; $show = 'recoverSuccess'; updateUserPassword($_POST['user_id'],$_POST['password'],$_POST['security_key']); } break;

Hi All, So I have basically started this form from the initial source code again as I was running into just too many problems and trying to fix them all at once just wasn't working. I have now worked through all the other error / notice messages I was getting, and am now on the part of submitting the new password to the database. When submitting the "new" password it does not update in my table in my database. Any ideas why? Form Code: <?php include_once 'db_connect.php'; include_once 'functions.php'; include_once 'formatting_includes.php'; sec_session_start(); if (login_check($mysqli) == true) { $logged = 'in'; } $show = 'emailForm'; //which form step to show by default if(!isset($_SESSION['lockout'])) $_SESSION['lockout'] = false; if (isset($_SESSION['lockout']) && $_SESSION['lockout'] == true && (mktime() > $_SESSION['lastTime'] + 900)) { $_SESSION['lockout'] = false; $_SESSION['badCount'] = 0; } if (isset($_POST['subStep']) && !isset($_GET['a']) && $_SESSION['lockout'] != true) { switch($_POST['subStep']) { case 1: //we just submitted an email or username for verification $result = checkUNEmail($_POST['username'],$_POST['email']); if ($result['status'] == false ) { $error = true; $show = 'userNotFound'; } else { $error = false; $show = 'securityForm'; $securityUser = $result['id']; } break; case 2: //we just submitted the security question for verification if ($_POST['user_id'] != "" && $_POST['security_a'] != "") { $result = checkSecAnswer($_POST['user_id'],$_POST['security_a']); if ($result == true) { //answer was right $error = false; $securityUser = $_POST['user_id']; $show = 'successPage'; $passwordMessage = sendPasswordEmail($_POST['user_id']); $_SESSION['badCount'] = 0; } else { //answer was wrong $error = true; $show = 'securityForm'; $securityUser = $_POST['user_id']; $_SESSION['badCount']++; } } else { $error = true; $show = 'securityForm'; $securityUser = $_POST['user_id']; } break; case 3: //we are submitting a new password (only for encrypted) if ($_POST['user_id'] == '' || $_POST['security_key'] == '') header("location: ../login.php"); if (strcmp($_POST['password'],$_POST['confirmpwd']) != 0 || trim($_POST['password']) == '') { $error = true; $show = 'recoverForm'; } else { $error = false; $show = 'recoverSuccess'; updateUserPassword($_POST['user_id'],$_POST['password'],$_POST['security_key']); } break; } } elseif (isset($_GET['a']) && $_GET['a'] == 'recover' && $_GET['email'] != "") { $show = 'invalidKey'; $result = checkEmailKey($_GET['email'],urldecode(base64_decode($_GET['u']))); if ($result == false) { $error = true; $show = 'invalidKey'; } elseif ($result['status'] == true) { $error = false; $show = 'recoverForm'; $securityUser = $result['user_id']; } } if (isset($_SESSION['badCount']) && ($_SESSION['badCount'] >= 3)) { $show = 'speedLimit'; $_SESSION['lockout'] = true; $_SESSION['lastTime'] = '' ? mktime() : $_SESSION['lastTime']; } ?> <!doctype html> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Password Recovery</title> <link href="css/styles.css" rel="stylesheet" type="text/css"> </head> <body> <div id="header"></div> <div id="page"> <?php switch($show) { case 'emailForm': ?> <h2>Password Recovery</h2> <p>You can use this form to recover your password if you have forgotten it. Because your password is securely encrypted in our database, it is impossible actually recover your password, but we will email you a link that will enable you to reset it securely. Enter either your username or your email address below to get started.</p> <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post"> <div class="fieldGroup"><label for="username">Username</label><div class="field"><input type="text" name="username" id="username" value="" maxlength="20"></div></div> <div class="fieldGroup"><label>- OR -</label></div> <div class="fieldGroup"><label for="email">Email</label><div class="field"><input type="text" name="email" id="email" value="" maxlength="255"></div></div> <input type="hidden" name="subStep" value="1" /> <div class="fieldGroup"><input type="submit" value="Submit" style="margin-left: 150px;" /></div> <div class="clear"></div> </form> <?php break; case 'securityForm': ?> <h2>Password Recovery</h2> <p>Please answer the security question below:</p> <?php if ($error == true) { ?><span class="error">You must answer the security question correctly to receive your lost password.</span><?php } ?> <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post"> <div class="fieldGroup"> <label>Question</label> <div class="field"><?= getSecurityQuestion($securityUser); ?></div> </div> <div class="fieldGroup"> <label for="security_a">Answer</label> <div class="field"><input type="text" name="security_a" id="security_a" value="" maxlength="255"></div> </div> <input type="hidden" name="subStep" value="2" /> <input type="hidden" name="user_id" value="<?php echo $securityUser; ?>" /> <div class="fieldGroup"><input type="submit" value="Submit" style="margin-left: 150px;" /></div> <div class="clear"></div> </form> <?php break; case 'userNotFound': ?><br> <h2>Password Recovery</h2><br> <p>The username or email you entered was not found in our database.<br /><br /> <a href="?">Click here</a> to try again.</p><br> <?php break; case 'successPage': ?><br> <h2>Password Recovery</h2><br> <p>An email has been sent to you with instructions on how to reset your password. <strong>(Mail will not send unless you have an smtp server running locally.)</strong> <br /><br /><a href="../login.php">Return</a> to the login page. </p><br> <p>This is the message that would appear in the email:</p><br> <div class="message"><?= $passwordMessage;?></div><br> <?php break; case 'recoverForm': ?> <h2>Password Recovery</h2> <p>Welcome back, <?= getUserName($securityUser=='' ? $_POST['user_id'] : $securityUser); ?>.</p> <p>In the fields below, enter your new password.</p> <?php if ($error == true) { ?><span class="error">The new passwords must match and must not be empty.</span><?php } ?> <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post"> <div class="fieldGroup"><label for="password">New Password</label><div class="field"><input type="password" class="input" name="password" id="password" value="" maxlength="20"></div></div> <div class="fieldGroup"><label for="confirmpwd">Confirm Password</label><div class="field"><input type="password" class="input" name="confirmpwd" id="confirmpwd" value="" maxlength="20"></div></div> <input type="hidden" name="subStep" value="3" /> <input type="hidden" name="user_id" value="<?= $securityUser=='' ? $_POST['user_id'] : $securityUser; ?>" /> <input type="hidden" name="security_key" value="<?= $_GET['email']=='' ? $_POST['security_key'] : $_GET['email']; ?>" /> <input class="bt_login" type="button" value="Reset" onClick="return resetformhash(this.form,this.form.password,this.form.confirmpwd);" style="margin-left: 150px;"/> <div class="clear"></div> </form> <?php break; case 'invalidsecurity_key': ?> <h2>Invalid security_key</h2> <p>The security_key that you entered was invalid. Either you did not copy the entire security_key from the email, you are trying to use the security_key after it has expired (3 days after request), or you have already used the security_key in which case it is deactivated.<br /><br /><a href="login.php">Return</a> to the login page. </p> <?php break; case 'recoverSuccess': ?> <h2>Password Reset</h2> <p>Congratulations! your password has been reset successfully.</p><br /><br /><a href="login.php">Return</a> to the login page. </p> <?php break; case 'speedLimit': ?> <h2>Warning</h2> <p>You have answered the security question wrong too many times. You will be locked out for 15 minutes, after which you can try again.</p><br /><br /><a href="login.php">Return</a> to the login page. </p> <?php break; } ob_flush(); $mysqli->close(); ?> <!--PAGE CONTENT--> </div> </body> </html> Password Functions: function checkUNEmail($username,$email) { global $mysqli; $error = array('status'=>false,'user_id'=>0); if (isset($email) && trim($email) != '') { //email was entered if ($stmt = $mysqli->prepare("SELECT id FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s',trim($email)); $stmt->execute(); $stmt->store_result(); $numRows = $stmt->num_rows(); $stmt->bind_result($user_id); $stmt->fetch(); $stmt->close(); if ($numRows >= 1) return array('status'=>true,'id'=>$user_id); } else { return $error; } } elseif (isset($username) && trim($username) != '') { //username was entered if ($stmt = $mysqli->prepare("SELECT id FROM members WHERE username = ? LIMIT 1")) { $stmt->bind_param('s',trim($username)); $stmt->execute(); $stmt->store_result(); $numRows = $stmt->num_rows(); $stmt->bind_result($user_id); $stmt->fetch(); $stmt->close(); if ($numRows >= 1) return array('status'=>true,'id'=>$user_id); } else { return $error; } } else { //nothing was entered; return $error; } } function getSecurityQuestion($user_id) { global $mysqli; $questions = array(); $questions[0] = "What is your mother's maiden name?"; $questions[1] = "What city were you born in?"; $questions[2] = "What is your favorite colour?"; $questions[3] = "What year did you graduate from High School?"; $questions[4] = "What is your pet's name?"; $questions[5] = "What is your favorite model of car?"; if ($stmt = $mysqli->prepare("SELECT security_q FROM members WHERE id = ? LIMIT 1")) { $stmt->bind_param('i',$user_id); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($security_q); $stmt->fetch(); $stmt->close(); return $questions[$security_q]; } else { return false; } } function checkSecAnswer($user_id, $security_a) { global $mysqli; if ($stmt = $mysqli->prepare("SELECT username FROM members WHERE id = ? AND LOWER(security_a) = ? LIMIT 1")) { $security_a = strtolower($security_a); $stmt->bind_param('is',$user_id, $security_a); $stmt->execute(); $stmt->store_result(); $numRows = $stmt->num_rows(); $stmt->close(); if ($numRows >= 1) { return true; } } else { return false; } } function sendPasswordEmail($user_id) { global $mysqli; if ($stmt = $mysqli->prepare("SELECT username, email, password FROM members WHERE id = ? LIMIT 1")) { $stmt->bind_param('i',$user_id); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($username, $email, $password); $stmt->fetch(); $stmt->close(); $expFormat = mktime(date("H"), date("i"), date("s"), date("m") , date("d")+3, date("Y")); $expDate = date("Y-m-d H:i:s",$expFormat); $salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); $security_key = hash('sha512',$username . '_' . $email . rand(0,10000) .$expDate . $salt); if ($stmt = $mysqli->prepare("INSERT INTO password_reset (user_id, security_key, expiry_date) VALUES (?,?,?)")) { $stmt->bind_param('iss',$user_id, $security_key, $expDate); $stmt->execute(); $stmt->close(); $passwordLink = "<a href=\"?a=recover&email=" . $security_key . "&u=" . urlencode(base64_encode($user_id)) . "\">http://jhbvcstracking/resetpwd.php?a=recover&email=" . $security_key . "&u=" . urlencode(base64_encode($user_id)) . "</a>"; $message = "Dear $username,\r\n"; $message .= "Please visit the following link to reset your password:\r\n"; $message .= "-----------------------\r\n"; $message .= "$passwordLink\r\n"; $message .= "-----------------------\r\n"; $message .= "Please be sure to copy the entire link into your browser. The link will expire after 3 days for security reasons.\r\n\r\n"; $message .= "If you did not request this forgotten password email, no action is needed, your password will not be reset as long as the link above is not visited. However, you may want to log into your account and change your security password and answer, as someone may have guessed it.\r\n\r\n"; $message .= "Thanks,\r\n"; $message .= "-- Our site team"; $headers .= "From: Our Site <[email protected] <script type='text/javascript'> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName('script');l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </script>> \n"; $headers .= "To-Sender: \n"; $headers .= "X-Mailer: PHP\n"; // mailer $headers .= "Reply-To: [email protected]<script type='text/javascript'> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName('script');l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </script>\n"; // Reply address $headers .= "Return-Path: [email protected]<script type='text/javascript'> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName('script');l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </script>\n"; //Return Path for errors $headers .= "Content-Type: text/html; charset=iso-8859-1"; //Enc-type $subject = "Your Lost password"; @mail($email,$subject,$message,$headers); return str_replace("\r\n","<br/ >",$message); } } } function checkEmailKey($security_key,$user_id) { global $mysqli; $curDate = date("Y-m-d H:i:s"); if ($stmt = $mysqli->prepare("SELECT user_id FROM password_reset WHERE security_key = ? AND user_id = ? AND expiry_date >= ?")) { $stmt->bind_param('sis',$security_key, $user_id, $curDate); $stmt->execute(); $stmt->execute(); $stmt->store_result(); $numRows = $stmt->num_rows(); $stmt->bind_result($user_id); $stmt->fetch(); $stmt->close(); if ($numRows > 0 && $user_id != '') { return array('status'=>true,'user_id'=>$user_id); } } return false; } function updateUserPassword($user_id, $password, $security_key) { global $mysqli; if (checkEmailsecurity_key($security_key,$user_id) === false) return false; if ($stmt = $mysqli->prepare("UPDATE members SET password = ? WHERE id = ?")) { $password = hash('sha512',trim($password) . $salt); $stmt->bind_param('si',$password,$user_id); $stmt->execute(); $stmt->close(); $stmt = $mysqli->prepare("DELETE FROM password_reset WHERE security_key = ?"); $stmt->bind_param('s',$security_key); $stmt->execute(); } } function getUserName($user_id) { global $mysqli; if ($stmt = $mysqli->prepare("SELECT username FROM members WHERE id = ?")) { $stmt->bind_param('i',$user_id); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($username); $stmt->fetch(); $stmt->close(); } return $username; } These are the messages I am getting from my form when I hit submit: I am validating the password fields (i.e length, matching password and confirmation, character types etc) using javascript.) So I know that the "new" password I a testing with is correct and matching. Thanks

Added $securityUser = $_POST['user_id'] to rule one as well, but still getting the notice. Besides the above mentioned notice, there are still two problems: The new password isn't updated into the database The link doesn't work when copied and pasted into the address bar. Clicking it works (For this one I can open new thread). What I am worried about though, is that once we've worked through all the errors, that I might get back to a point where the updated password doesn't work as I was having earlier.