Hybride Posted July 18, 2006 Share Posted July 18, 2006 I do apologise before hand if there is a script like this or if am just generally irritating. I've been staring at this script for two days now, and I can't figure out what's wrong with it.My problem deals with the "reset_pass.php" script. It's half taken from a book, half editted to my specs. I'm currently running PHP 4.4 I do believe so on the server. Now, the problem that am having is that everything works with the error part of the script - i.e.: if incorrect or incomplete email is typed, the error states it. However, if is a correct email, then the page just reverts back to itself (meaning, the script shows up, but no confirmation is stated or email sent.)[code]<? ob_start(); session_start(); DEFINE ('DB_USER', 'xxx'); DEFINE ('DB_PASSWORD', 'xxx'); DEFINE ('DB_HOST', 'localhost'); DEFINE ('DB_NAME', 'main'); $dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to MySQL:' . mysql_error() ); @mysql_select_db (DB_NAME) OR die ('Could not select the database:' . mysql_error() );?><center><?include ("../themes/eventures/header.php");include("../topmenu.php");include("../leftmenu.php");?><center><b><p>Forgot Password</p></b></center><p>Enter the email you used when registered to the site.</p><form method="post" action="../client/forgot_pass.php"><table border="0" cellpadding="3" cellspacing="1" ><tr><td><b>Email: </b></td><td><input name="email" type="text" size="25" maxlength="50"><br /><input type="submit" name="submitted" value="Reset Password"></p><? $login = $_POST['login']; $email = $_POST['email']; $pass = $_POST['pass']; $temppass = $_POST['temppass']; $client_id = $_POST['client_id']; if (isset($_POST['submitted'])) { $errors = array(); if (empty($email)) { $errors[] = print '<p><b>Error:</b> Please enter your email.</P>'; } else { $email = trim($email); $query = "SELECT client_id, email FROM client WHERE email='$email'"; $result = mysql_query($query); $row = mysql_fetch_array ($result, MYSQL_ASSOC); if ($row) { $row['pass']; $row['email']; $row['client_id']; } else { $errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>'; } } if ($email == $row[pass]) { $temppass = substr ( md5(uniqid(rand(),1)), 3, 10); $temppass = $pass; $query = "SELECT client_id, email FROM client WHERE email='$email'"; $result = mysql_query ($query); $num = mysql_num_rows($result); if (mysql_num_rows($result) == 0) { $row = mysql_fetch_array ($result, MYSQL_NUM); $query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'"; $result = mysql_query ($query); if (mysql_affected_rows() == 1) { print '<p>Your password has been changed. An email has been sent to your account.</p>'; exit(); $body = "Your password has been temporarily changed to '$temppass'."; $body .= "You may login using this password, and upon login, change it.\r\n"; $body .= "Support at Electronic Commerce, Inc."; mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com'); } else { $errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error(); } mysql_close(); } else { $errors[] .= print '<p>Please try again.</p>'; }} }?></form></td></tr></table> <? include ("../footer.php"); ?></center>[/code]Am not certain, but could it be the update query? Any help would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 Echo out the update dont make sence to me sorry.are you getting the update?have you echoed all you querys?post them if wrong ok. Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 this is the only error i see untill you get the update query sorted if wrong ok.if ($email == $row[pass])to if ($email == $row['pass']) Quote Link to comment Share on other sites More sharing options...
Hybride Posted July 18, 2006 Author Share Posted July 18, 2006 Actually, what am getting is everything *but* the update. The errors are all correct - they all show up when something is done wrong. However, when the correct email is put in, it doesn't show up/register.And I've tried the $row['pass'] and unfortunately, doesn't work. Thanks for the tip, though. :) Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 so does the email work then or is that the main problam. Quote Link to comment Share on other sites More sharing options...
Hybride Posted July 18, 2006 Author Share Posted July 18, 2006 That is the main problem, yes. The UPDATE query doesn't seem to respond with updating the password, nor confirming that it has been updated and no email has been sent. Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 You need to go throw the page step by step you also need to comment as you program for reasons of this nature errors ok.debug all the code ok good luck.Database working or not ?Why use the @ as this will stop errors.if there there post them.[code]<? ob_start();session_start();DEFINE ('DB_USER', 'xxx');DEFINE ('DB_PASSWORD', 'xxx');DEFINE ('DB_HOST', 'localhost');DEFINE ('DB_NAME', 'main');$dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect toMySQL:' . mysql_error() );@mysql_select_db (DB_NAME) OR die ('Could not select the database:' . mysql_error() );?>[/code]includes working ?[code] <center><?include ("../themes/eventures/header.php");include("../topmenu.php");include("../leftmenu.php");?>[/code]is the form correct ?[code]<center><b><p>Forgot Password</p></b></center><p>Enter the email you used when registered to the site.</p><form method="post" action="../client/forgot_pass.php"><table border="0" cellpadding="3" cellspacing="1" ><tr><td><b>Email: </b></td><td><input name="email" type="text" size="25" maxlength="50"><br /><input type="submit" name="submitted" value="Reset Password"></p>[/code][code]<? $login = $_POST['login']; $email = $_POST['email']; $pass = $_POST['pass']; $temppass = $_POST['temppass']; $client_id = $_POST['client_id']; if (isset($_POST['submitted'])) { $errors = array(); if (empty($email)) { $errors[] = print '<p><b>Error:</b> Please enter your email.</P>'; } else { $email = trim($email);// are you selecting corect database query it ok. $query = "SELECT client_id, email FROM client WHERE email='$email'"; $result = mysql_query($query); $row = mysql_fetch_array ($result, MYSQL_ASSOC); if ($row) { $row['pass']; $row['email']; $row['client_id']; } else { $errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>'; } } if ($email == $row[pass]) { $temppass = substr ( md5(uniqid(rand(),1)), 3, 10); $temppass = $pass; $query = "SELECT client_id, email FROM client WHERE email='$email'"; $result = mysql_query ($query); $num = mysql_num_rows($result); if (mysql_num_rows($result) == 0) { $row = mysql_fetch_array ($result, MYSQL_NUM); $query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'"; $result = mysql_query ($query); if (mysql_affected_rows() == 1) { print '<p>Your password has been changed. An email has been sent to your account.</p>'; exit(); $body = "Your password has been temporarily changed to '$temppass'."; $body .= "You may login using this password, and upon login, change it.\r\n"; $body .= "Support at Electronic Commerce, Inc."; mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com'); } else { $errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error(); } mysql_close(); } else { $errors[] .= print '<p>Please try again.</p>'; }} }?></form></td></tr></table> <? include ("../footer.php"); ?></center>[/code] Quote Link to comment Share on other sites More sharing options...
akitchin Posted July 18, 2006 Share Posted July 18, 2006 there are a few problems with this code:1. this if() statement:[code] if ($row) { $row['pass']; $row['email']; $row['client_id']; } else {[/code]does nothing, when executing. you are also not selecting pass from the table, so technically $row['pass'] doesn't exist.2. why SELECT the email from the database if you've got it sitting in a variable already? this just adds pointless load to the server. you don't have to select fields that you use in the WHERE clause.3. two things wrong with this if() statement:[code] if (mysql_num_rows($result) == 0) {[/code]first, you already have the results from that call in $num. no need to call it again in the if(). second, this means you will only process the update if the CLIENT WAS NOT FOUND IN THE DB. meaning it's only if they submit a false address that they'll get updated.4. this is useless:[code]$row = mysql_fetch_array ($result, MYSQL_NUM);[/code](it's in the if() statement i just mentioned)5. this should work:[code]$query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'";[/code]however, you'll have to check against the password using PASSWORD() when they login, because $temppass will not actually be what's inserted into the field. just making sure you know that.6. when in doubt, use or die(mysql_error()) on ALL of your mysql_query() functions. if the query fails, you will immediately know:[code]$resource = mysql_query($query) or die(mysql_error());[/code]hth Quote Link to comment Share on other sites More sharing options...
Hybride Posted July 18, 2006 Author Share Posted July 18, 2006 Redarrow, you are correct on all of the code parts.And akitchin, I did as you said, and updated the code a bit. Unfortunately, even with the mysql_error() added, it is still the same problem. Am thinking it may be the (if($email) == $row['pass']), but am not sure if it is, or what to change it to.[code]<center><b><p>Forgot Password</p></b></center><p>Enter the email you used when registered to the site.</p><form method="post" action="../client/forgot_pass.php"><table border="0" cellpadding="3" cellspacing="1" ><tr><td><b>Email: </b></td><td><input name="email" type="text" size="25" maxlength="50"><br /><input type="submit" name="submitted" value="Reset Password"></p><? $login = $_POST['login']; $email = $_POST['email']; $pass = $_POST['pass']; $temppass = $_POST['temppass']; $client_id = $_POST['client_id']; if (isset($_POST['submitted'])) { $errors = array(); if (empty($email)) { $errors[] = print '<p><b>Error:</b> Please enter your email.</P>'; } else { $email = trim($email); $query = "SELECT client_id, pass FROM client WHERE email='$email'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array ($result, MYSQL_ASSOC); if ($row) { $row['pass']; $row['email']; $row['client_id']; } else { $errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>'; } } if ($email == $row['pass']) { $pass = substr ( md5(uniqid(rand(),1)), 3, 10); $query = "SELECT client_id, email FROM client WHERE email='$email'"; $result = mysql_query ($query) or die(mysql_error()); $num = mysql_num_rows($result); if (mysql_num_rows($result) == 1) { $query = "UPDATE client SET pass=PASSWORD('$pass') WHERE email='$email'"; $result = mysql_query ($query); if (mysql_affected_rows() == 1) { echo '<p>Your password has been changed. An email has been sent to your account.</p>'; exit(); $body = "Your password has been temporarily changed to '$pass'."; $body .= "You may login using this password, and upon login, change it.\r\n"; $body .= "Support at Electronic Commerce, Inc."; mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com'); } else { $errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error(); } mysql_close(); } else { $errors[] .= print '<p>Please try again.</p>'; }} }?></form></td></tr></table>[/code]Thank you again for helping! Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 change thisif($email === $row['pass']),chage select statement $query = "SELECT client_id, email, pass FROM client WHERE email='$email'"; $result = mysql_query($query); $row = mysql_fetch_array ($result, MYSQL_ASSOC); if ($row) { $row['pass']; $row['email']; $row['client_id'];chage this used $num as already used.$query = "UPDATE client SET pass=PASSWORD('$pass') WHERE email='$email'"; $result = mysql_query ($query); if ($num) {thats 3 so far Quote Link to comment Share on other sites More sharing options...
Hybride Posted July 18, 2006 Author Share Posted July 18, 2006 Unfortunately, none of the edits work, arrow. I do sincerely apologise if am or this code is being irritating. :-\ Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted July 18, 2006 Share Posted July 18, 2006 You probably want to do a mysql_real_escape_string on $email before you use it in your select statement.This:[code]if ($row) { $row['pass']; $row['email']; $row['client_id']; } else {[/code]doesn't make sense. Assign them to variables or don't use them. If you are only wanting to check to make sure that person's email address in in the db, do a mysql_num_rows on $result and make sure it equals 1.This:[code]if ($email == $row['pass']) {[/code]also doesn't make sense...why would their password and email address be the same? Shouldn't that be row['email']?Why is there an exit() here:[code]echo '<p>Your password has been changed. An email has been sent to your account.</p>'; exit();[/code]That causes the rest of your script to not execute when the if statement above it returns true...which it should...which means no email is being sent. Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 I tried lol............[code]<center><b><p>Forgot Password</p></b></center><p>Enter the email you used when registered to the site.</p><form method="post" action="../client/forgot_pass.php"><table border="0" cellpadding="3" cellspacing="1" ><tr><td><b>Email: </b></td><td><input name="email" type="text" size="25" maxlength="50"><br /><input type="submit" name="submitted" value="Reset Password"></p><? $login = $_POST['login']; $email = $_POST['email']; $pass = $_POST['pass']; $temppass = $_POST['temppass']; $client_id = $_POST['client_id']; if (isset($_POST['submitted'])) { $errors = array(); if (empty($email)) { $errors[] = print '<p><b>Error:</b> Please enter your email.</P>'; } else { $email = trim($email); $query = "SELECT client_id, pass FROM client WHERE email='$email'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_array ($result, MYSQL_ASSOC); if ($row) { $password=$row['pass']; $email=$row['email']; $client_id=$row['client_id']; } else { $errors[] = print '<p><b>Error:</b> Email submitted does not match those on file.</p>'; } } if ($email == $password) { $pass = substr ( md5(uniqid(rand(),1)), 3, 10); $query = "SELECT client_id, email FROM client WHERE email='$email'"; $result = mysql_query ($query) or die(mysql_error()); $num = mysql_num_rows($result); if ($num == 1) { $query = "UPDATE client SET pass=PASSWORD('$temppass') WHERE email='$email'"; $result = mysql_query ($query); if ($num==1) { echo '<p>Your password has been changed. An email has been sent to your account.</p>'; $body = "Your password has been temporarily changed to '$pass'."; $body .= "You may login using this password, and upon login, change it.\r\n"; $body .= "Support at Electronic Commerce, Inc."; mail ($email, 'Your temporary password.', $body, 'From: support@electronic-commerce.us.com'); } else { $errors[] = print '<p><b>Error:</b> Your password could not be changed due to a system error.</p>' . mysql_error(); } mysql_close(); } else { $errors[] .= print '<p>Please try again.</p>'; }} }?></form></td></tr></table>[/code] Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted July 18, 2006 Share Posted July 18, 2006 with the exception of this:[code] if ($email == $password) {[/code]I don't see why your solution wouldn't work redarrow. I'm still missing why the password and email should be equal to eachother? Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 18, 2006 Share Posted July 18, 2006 sorry but i went throw what you said and done so but i also so confussed lol.....oh well we all learn somethink i hopewhy are you using the if($email==$password) {} Quote Link to comment Share on other sites More sharing options...
Hybride Posted July 18, 2006 Author Share Posted July 18, 2006 I thought it meant that if the $pass = $email, that the pass would be from the $email typed in (meaning, when the user submitted the email, if the two would equal, that it would a match). However, I went back and changed it to just if($email) {} . The code still doesn't work even with arrow's edits, unfortunately. :-\ Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 19, 2006 Share Posted July 19, 2006 Just wrote this for you alter all database,select good luck. the code works as it is ok.[b]There is full support for anybody via pm for the script just pm me cheers.[/b][code]<?//if email_fogot from form is not entered then echo message.$forgot_email=$_POST['forgot_email'];if(!$fogot_email=="none") {echo " <font color='red'>Sorry please fill in the form</font> <br>";}// connect database.$db=mysql_connect("localhost","xxuser_namexxx","xxpasswordxxxx");mysql_select_db("xxdatabase_namexx",$db);// post varables password and email.$email=($_POST['email']);$password=($_POST['password']);//select the database.$query = "SELECT * FROM pro_membersu WHERE id='00003'";//returd database results$result = mysql_query($query) or die(mysql_error());// do a while loop to get data.while($record=mysql_fetch_assoc($result)){//if form email match database email address send meassage.if(!$fogot_email==$record['email']){echo"<font color='red'> Sorry your email does not match our records</font><br>";}else{//if email does not exist from database give message to contack admin ok.if(!$record['email']==1) {echo"<font color='red'>Sorry no email address matches please contact admin!</a>";// else send a password to the member.}else{//convert varables from database for the email to understand easly. $email=$record['email'];$password=$record['password'];// give a message for the password.$inportant_message= " Your password is $password ";//get the email from the database but in easy readable format.$to=$email;// give a subject in the email.$subject='This is your password reminder!';// assign message varable to inportant meassage varable.$message=$inportant_message;// add a from for the mail message usally admin's email.$headers = "From: me@me.com\r\n" .// this is mail headers to send email with php. 'X-Mailer: PHP/' . phpversion() . "\r\n" . "MIME-Version: 1.0\r\n" . "Content-Type: text/html; charset=utf-8\r\n" . "Content-Transfer-Encoding: 8bit\r\n\r\n";// this sends all the information in all the mail.mail($to, $subject, $message, $headers); // echo message to user that the email has been with there password sent.echo "<font color='red'>Lost password sent to email address!</font> ";} } } ?><center><b><p>Forgot Password</p></b></center><p>Enter the email you used when registered to the site.</p><form method="POST" action=""><table border="0" cellpadding="3" cellspacing="1" ><tr><td><b>Email: </b></td><td><input name="fogot_email" type="text" size="25" maxlength="50"><br /><input type="submit" name="submit" value="Lost Password"></p></form>[/code] Quote Link to comment Share on other sites More sharing options...
Hybride Posted July 19, 2006 Author Share Posted July 19, 2006 I've tried the code, and am currently fixing some errors in it ($forgot versus $fogot for example). Thank you very much for it, of course. Looking at the old code as well, I've noticed that it has to do with the UPDATE part. I've tried on several other codes that I have to update the database, though no luck. Everything works but the update (I checked the db after using an update profile script to see if the variables change, which they don't.)Is this because I still run PHP4? Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 19, 2006 Share Posted July 19, 2006 $query="update users set name='$name' WHERE id='$id' ";example above//query the database$query=" ";//update the databaseupdate//select the table field to updateusers//set meaning set the name of field in table to updateset// i am to set the field that is name=$name in the tablename=$name// what order to update the table fieldwhere// i want the table field id='$id' of the users id login updated.id='$id'The were staement in the sql code is the most inportant to update information.this will exsplin everythink you ever need to know read it slowly ok.[code]Once there's data in the table, we might find that there is a need to modify the data. To do so, we can use the UPDATE command. The syntax for this isUPDATE "table_name"SET "column_1" = [new value]WHERE {condition}For example, say we currently have a table as below:Table Store_Informationstore_name Sales Date Los Angeles $1500 Jan-05-1999 San Diego $250 Jan-07-1999 Los Angeles $300 Jan-08-1999 Boston $700 Jan-08-1999 and we notice that the sales for Los Angeles on 01/08/1999 is actually $500 instead of $300, and that particular entry needs to be updated. To do so, we use the following SQL:UPDATE Store_InformationSET Sales = 500WHERE store_name = "Los Angeles"AND Date = "Jan-08-1999"The resulting table would look likeTable Store_Informationstore_name Sales Date Los Angeles $1500 Jan-05-1999 San Diego $250 Jan-07-1999 Los Angeles $500 Jan-08-1999 Boston $700 Jan-08-1999 In this case, there is only one row that satisfies the condition in the WHERE clause. If there are multiple rows that satisfy the condition, all of them will be modified.It is also possible to UPDATE multiple columns at the same time. The syntax in this case would look like the following:UPDATE "table_name"SET column_1 = [value1], column_2 = [value2]WHERE {condition}[/code] Quote Link to comment Share on other sites More sharing options...
Hybride Posted July 22, 2006 Author Share Posted July 22, 2006 I apologise for the bump, but the server was down, and I wasn't able to work.I have realised that the problem is actually just the UPDATE query. What happens is that it changes on the site, but it doesn't save to the database; nor when you login/logout, the changes revert back as to what you registered. (Meaning, it just saves on the page, not into the database.) I tried to work my way around it by making the mysql_query delete then insert updated data, but that creates a new user. Is there any other way I can fix this? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.