adrian5117 Posted March 17, 2009 Share Posted March 17, 2009 This particular problem has caused me great trouble in the past, and now I forget how to fix it. When I try to reset my password, I get this error, even after creating a fresh account with an empty database! Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in [Filepath hidden for security purposes] resetpass.php on line 39 (Feel free to create an account of your own so you can test.) Visit: http://www.l2-x.co.nr/controlpanel Remember, you will need to register to make an account first if you intend on testing! index.php <form action="resetpass.php" method=post autocomplete=no> ALL FIELDS MUST BE AT LEAST 3 CHARACTERS LONG<br> <table border=1 bordercolor=red cellpadding=0 cellspacing=0> <tr> <td align=center><font color=ffcc00>Account:</td><td align=center><input type="text" id="n" name="name" value='' size=15 maxlength=16 style="text-align:center;background-color:FFCC00;font-size:13" onfocus="dothis()" onblur="dothis()" onkeyup="dothis()" onkeydown="dothis()" onkeypress="return alpha(event,numbers+letters)"></td> </tr> <tr> <td align=center colspan=2><input type=submit name="submit" disabled id="s" value="Reset Password" hidefocus=true style=width:100%></td> </tr> </table> </form> resetpass.php <?php include '../ip.php'; //get username and password info from the form, protecting against SQL injection $user = mysql_real_escape_string($_POST["name"]); if(!preg_match('/^[a-zA-Z0-9]{3,16}$/',$user)) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Account names must be 3-16 characters, and must consist of only letters and/or numbers.<br><button onclick=history.go(-1)>OK</button>'); } $result = mysql_query("SELECT login FROM accounts WHERE login='$user' AND accesslevel >= 0"); $row = mysql_fetch_row($result); if($row==0) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Account does not exist.<br><button onclick=history.go(-1)>OK</button>'); } else { $getq = mysql_query("SELECT * FROM pwrecov WHERE login='$user'"); while ($gotq = mysql_fetch_array($getq)) { echo '<center>'; echo '<font color=ffcc00>'; echo '<form action="resetpass2.php" method=post autocomplete=no>'; echo "<input type=hidden name=name value=$user>"; echo '<table border=1 bordercolor=red cellpadding=0 cellspacing=0>'; echo '<tr>'; echo "<td align=center><font color=ffcc00>Secret Question:</td><td align=center><textarea rows=4 readonly style=width:150;background-color:FFCC00;font-size:12>$gotq[1]</textarea></td>"; echo '</tr>'; echo '<tr>'; echo "<td align=center><font color=ffcc00>Secret Answer:</td><td align=center><input type='text' id='a' name='fanswer' value='' maxlength=32 style=width:100%;text-align:center;background-color:FFCC00;font-size:13></td>"; echo '</tr>'; echo '<tr>'; echo "<td align=center><font color=ffcc00>New Password:</td><td align=center><input type='password' id='p' name='fpass' value='' maxlength=16 style=width:100%;text-align:center;background-color:FFCC00;font-size:13></td>"; echo '</tr>'; echo '<tr>'; echo "<td align=center><font color=ffcc00>Confirm PW:</td><td align=center><input type='password' id='p2' name='fconfirm' value='' maxlength=16 style=width:100%;text-align:center;background-color:FFCC00;font-size:13></td>"; echo '</tr>'; echo '<tr>'; echo '<td align=center colspan=3><input type=submit name="submit" id="s" value="Reset Password" hidefocus=true style=width:100%></td>'; echo '</tr>'; echo '</table>'; echo '</form>'; echo '</font>'; echo '</center>'; } } mysql_close(); ?> resetpass2.php <?php echo '<html onselectstart="return false" oncontextmenu="return false" ondrag="return false">'; echo '<head>'; echo '<title>L2Xanthos</title>'; echo '<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">'; echo '<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">'; echo '<META HTTP-EQUIV="CONTENT-LANGUAGE" CONTENT="en-US">'; echo '<META HTTP-EQUIV="EXPIRES" CONTENT="Mon, 22 Jul 2000 11:12:01 GMT">'; echo '<META NAME="KEYWORDS" CONTENT="Lineage 2, Lineage II, L2, L2Xanthos, Lineage 2 Xanthos, Lineage II Xanthos, MMORPG">'; echo '<META NAME="ROBOTS" CONTENT="INDEX,NOFOLLOW">'; echo '<meta http-equiv="imagetoolbar" content="no">'; echo '</head>'; echo '<body bgcolor=897C6C scroll=no>'; include '../ip.php'; mysql_connect("$dbhost", "$dbuser", "$dbpass") or die('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to mysql.</font><br><button onclick=history.go(-1)>OK</button>'); mysql_select_db("$dbname") or die ('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to Database.</font><br><button onclick=history.go(-1)>OK</button>'); //get username and password info from the form, protecting against SQL injection $fanswer = mysql_real_escape_string($_POST["fanswer"]); $user = mysql_real_escape_string($_POST["name"]); //$ac = mysql_real_escape_string($_POST["account"]); //$char = mysql_real_escape_string($_POST["char"]); $fpass = mysql_real_escape_string($_POST["fpass"]); $fconfirm = mysql_real_escape_string($_POST["fconfirm"]); /* if(!preg_match('/^[a-zA-Z0-9]{3,16}$/',$char)) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Character names must be 3-16 characters, and must consist of only letters and/or numbers.<br><button onclick=history.go(-1)>OK</button>'); } if(!preg_match('/^[a-zA-Z0-9]{3,32}$/',$fanswer)) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Secret answers must be 3-150 characters.<br><button onclick=history.go(-1)>OK</button>'); } if(!preg_match('/^[a-zA-Z0-9]{3,16}$/',$ac)) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Account names must be 3-16 characters, and must consist of only letters and/or numbers.<br><button onclick=history.go(-1)>OK</button>'); } */ /* $acresult = mysql_query("SELECT * FROM accounts WHERE login='$ac'"); $acray = mysql_fetch_array($acresult); if($acray[0]!=$ac) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>No accounts with that name found.<br><button onclick=history.go(-1)>OK</button>'); } else { $chresult = mysql_query("SELECT * FROM characters WHERE char_name='$char' AND account_name='$ac'"); $chrow = mysql_num_rows($chresult); if($chrow==0) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Failed to name a valid character on this account.<br><button onclick=history.go(-1)>OK</button>'); } else { */ $pwresult = mysql_query("SELECT * FROM pwrecov WHERE login='$user' AND answer='$fanswer'"); $pwrow = mysql_num_rows($pwresult); if($pwrow==0) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Incorrect secret answer.<br><button onclick=history.go(-1)>OK</button>'); } else { if(!preg_match('/^[a-zA-Z0-9]{3,16}$/',$fpass)) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Passwords must be 3-16 characters, and must consist of only letters and/or numbers.<br><button onclick=history.go(-1)>OK</button>'); } if(!preg_match('/^[a-zA-Z0-9]{3,16}$/',$fconfirm)) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Passwords must be 3-16 characters, and must consist of only letters and/or numbers.<br><button onclick=history.go(-1)>OK</button>'); } if($fpass != $fconfirm) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Passwords do not match.<br><button onclick=history.go(-1)>OK</button>'); } $npass = base64_encode(pack('H*', sha1($fpass))); mysql_query("UPDATE accounts SET password='$npass' WHERE login='$user'"); die ('<body bgcolor=897C6C scroll=no><font color=00ff00><center>SUCCESS!<br>Password successfully reset to <font color=ffcc00><b>'.$fpass.'</b></font>.<br><button onclick=history.go(-2)>OK</button>'); } //} //} mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
sloth456 Posted March 17, 2009 Share Posted March 17, 2009 in resetpass.php you haven't actually intiated a connection to your database or selected your database using mysql_connect and mysql_select_db, unless you've already done it in ip.php Quote Link to comment Share on other sites More sharing options...
adrian5117 Posted March 17, 2009 Author Share Posted March 17, 2009 Yes, it is designated in ip.php Visit the site, every other php script works. [Create Account, Change PW, etc...] <?php $dbhost = "[iP hidden for security purposes]"; $dbuser = "[username hidden for security purposes]"; $dbpass = "[Password hidden for security purposes]"; $dbname = "[Database hidden for security purposes]"; ?> Quote Link to comment Share on other sites More sharing options...
samshel Posted March 17, 2009 Share Posted March 17, 2009 $result = mysql_query("SELECT login FROM accounts WHERE login='$user' AND accesslevel >= 0") or die("Error-".mysql_error()); Quote Link to comment Share on other sites More sharing options...
adrian5117 Posted March 17, 2009 Author Share Posted March 17, 2009 $result = mysql_query("SELECT login FROM accounts WHERE login='$user' AND accesslevel >= 0") or die("Error-".mysql_error()); This wont work, because there are operations that take place after this check is made. $result = mysql_query("SELECT login FROM accounts WHERE login='$user' AND accesslevel >= 0"); $row = mysql_fetch_row($result); if($row==0) { die ('<body bgcolor=897C6C scroll=no><font color=red><center>ERROR!<br>Account does not exist.<br><button onclick=history.go(-1)>OK</button>'); } else { ... Quote Link to comment Share on other sites More sharing options...
trq Posted March 17, 2009 Share Posted March 17, 2009 You never check your query succeeds or returns a result before using $result. eg; $result = mysql_query("SELECT login FROM accounts WHERE login='$user' AND accesslevel >= 0"); $row = mysql_fetch_row($result); // rest of code should be.... if ($result = mysql_query("SELECT login FROM accounts WHERE login='$user' AND accesslevel >= 0")) { if (mysql_num_rows($result)) { // its now safe to use $result $row = mysql_fetch_row($result); // rest of code } // no results found } // query failed. Quote Link to comment Share on other sites More sharing options...
samshel Posted March 17, 2009 Share Posted March 17, 2009 this is just for debugging..it will show you the reason of error u r getting in mysql_fetch_row(), also if there is an error then anyways the operations after this statement wont be performed... Quote Link to comment Share on other sites More sharing options...
sloth456 Posted March 17, 2009 Share Posted March 17, 2009 I don't understand. Why is it then, in resetpass2.php you have these lines <?php mysql_connect("$dbhost", "$dbuser", "$dbpass") or die('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to mysql.</font><br><button onclick=history.go(-1)>OK</button>'); mysql_select_db("$dbname") or die ('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to Database.</font><br><button onclick=history.go(-1)>OK</button>'); ?> but you do not have these lines present in resetpass.php Quote Link to comment Share on other sites More sharing options...
adrian5117 Posted March 17, 2009 Author Share Posted March 17, 2009 I don't understand. Why is it then, in resetpass2.php you have these lines <?php mysql_connect("$dbhost", "$dbuser", "$dbpass") or die('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to mysql.</font><br><button onclick=history.go(-1)>OK</button>'); mysql_select_db("$dbname") or die ('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to Database.</font><br><button onclick=history.go(-1)>OK</button>'); ?> but you do not have these lines present in resetpass.php The resetpass2.php is only used to notify the user of success/failure. Quote Link to comment Share on other sites More sharing options...
sloth456 Posted March 17, 2009 Share Posted March 17, 2009 I don't understand. Why is it then, in resetpass2.php you have these lines <?php mysql_connect("$dbhost", "$dbuser", "$dbpass") or die('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to mysql.</font><br><button onclick=history.go(-1)>OK</button>'); mysql_select_db("$dbname") or die ('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to Database.</font><br><button onclick=history.go(-1)>OK</button>'); ?> but you do not have these lines present in resetpass.php The resetpass2.php is only used to notify the user of success/failure. But why would you need to connect again, when you have already stated that you have connected in ip.php which is included in both resetpass.php an restpass2.php I suppose what I'm getting at is : are you 110% sure you have already connected to your database in resetpass.php before you start selecting tables. To clarify you could post the code that is in ip.php, obviously editing out any database usernames and passwords. Quote Link to comment Share on other sites More sharing options...
adrian5117 Posted March 17, 2009 Author Share Posted March 17, 2009 I don't understand. Why is it then, in resetpass2.php you have these lines <?php mysql_connect("$dbhost", "$dbuser", "$dbpass") or die('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to mysql.</font><br><button onclick=history.go(-1)>OK</button>'); mysql_select_db("$dbname") or die ('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to Database.</font><br><button onclick=history.go(-1)>OK</button>'); ?> but you do not have these lines present in resetpass.php The resetpass2.php is only used to notify the user of success/failure. But why would you need to connect again, when you have already stated that you have connected in ip.php which is included in both resetpass.php an restpass2.php I suppose what I'm getting at is : are you 110% sure you have already connected to your database in resetpass.php before you start selecting tables. To clarify you could post the code that is in ip.php, obviously editing out any database usernames and passwords. This IS all the code that ip.php contains! Seriously! <?php $dbhost = "[iP hidden for security purposes]"; $dbuser = "[username hidden for security purposes]"; $dbpass = "[Password hidden for security purposes]"; $dbname = "[Database hidden for security purposes]"; ?> Quote Link to comment Share on other sites More sharing options...
sloth456 Posted March 17, 2009 Share Posted March 17, 2009 ip.php does not connect to your database, it only stores the details. In the code you have posted here, you have not connected to your database in resetpass.php You need to put: mysql_connect("$dbhost", "$dbuser", "$dbpass") or die('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to mysql.</font><br><button onclick=history.go(-1)>OK</button>'); mysql_select_db("$dbname") or die ('<body bgcolor=897C6C scroll=no><font color=red><center>Error connecting to Database.</font><br><button onclick=history.go(-1)>OK</button>'); Right after include '../ip.php'; in resetpass.php Quote Link to comment Share on other sites More sharing options...
adrian5117 Posted March 17, 2009 Author Share Posted March 17, 2009 OMG!! duhhhhhhhhhhhhhhhh thank you very much (I am laughing my ass off right now... Wow im a rusty noob xD) THANK YOU - THREAD FINISHED Quote Link to comment Share on other sites More sharing options...
corbin Posted March 18, 2009 Share Posted March 18, 2009 Ahhh good old L2.... *Thinks* Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.