Jump to content


Photo

query issues with php


  • Please log in to reply
6 replies to this topic

#1 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 10 August 2006 - 06:28 PM

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
	<meta name="Description" content="Your description goes here..." />
	<meta name="Keywords" content="your,keywords,goes,here" />
	<meta name="author" content="Joyel Puryear.  
	http://www.freelancebusinessman.com" /> 
	<link rel="stylesheet" type="text/css" href="elost.css" />
	<title>Reset Password</title>
</head>
<body>
	<div id="wrap">
	<div id="header">
<?php
include './includes/topnav.inc.php';
?>
	</div>
	<div><img src="images/elostandfound.jpg" alt="ELostAndFound Logo" /></div>
	<div id="content">
	<p>We require all the following information to reset a password so we can make
	sure it's actually you resetting the password and not someone else.  All this
	information has to match our database information 100% for it to allow the
	password reset.  To change around your account information that can be done
	from inside your control panel once you login, at the top of the screen.
	Click on the link called my account, there you can change your account settings.
	</p>
	<?php
if (isset($_POST['submitresetpass'])) {
	$errorhandler = "";
	$regexphone = " 
/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/";  // regex phone validation
	$regexemail = 
"^[A-Za-z0-9\._-]+@([A-Za-z0-9][A-Za-z0-9-]{1,62})(\.[A-Za-z][A-Za-z0-9-]{1,62})+$";
	if ($_POST['resetpassusername'] == "") {
	$errorhandler .= "The username field was left blank<br />";
	}
	if ($_POST['resetpassemail'] == "") {
	$errorhandler .= "The email field was left blank<br />";
	}
	if ($_POST['resetpasscity'] == "") {
	$errorhandler .= "The city field was left blank<br />";
	}
	if ($_POST['resetpasszipcode'] == "") {
	$errorhandler .= "The zipcode field was left blank<br />";
	}
	if ($_POST['resetpassphone'] == "") {
	$errorhandler .= "The phone field was left blank<br />";
	}
	if ($_POST['resetpassbirthdate'] == "") {
	$errorhandler .= "the birthdate field was left blank<br />";
	}
	if (!ereg("$regexemail", $_POST['resetpassemail'])) { 
	$errorhandler .= "The email address is improperly formatted<br />";
	}
	if ($_POST['resetpassphone'] == "") {
	$errorhandler .= "The Phone was left blank<br />";
	}
	if(!(getmxrr(substr(strstr($_POST['resetpassemail'], '@'), 1), $temp)) || checkdnsrr(gethostbyname(substr(strstr($_POST['resetpassemail'], '@'), 1)), "ANY")) {
	$errorhandler .= "The Domain name for the email address does not exist<br />";
	}
	if ($_POST['desiredpassword'] == "") {
	$errorhandler .= "The desired password field was left blank<br />";
	}
	mysql_connect("localhost", "######", "#####");
	mysql_select_db("elostand_general");
	$resetpassusername = mysql_real_escape_string($_POST['resetpassusername']);
	$resetpassemail = mysql_real_escape_string($_POST['resetpassemail']);
	$resetpasscity = mysql_real_escape_string($_POST['resetpasscity']);
	$resetpassstate = mysql_real_escape_string($_POST['resetpassstate']);
	$resetpasszipcode = mysql_real_escape_string($_POST['resetpasszipcode']);
	$resetpassphone = mysql_real_escape_string($_POST['resetpassphone']);
	$resetpassbirthdate = mysql_real_escape_string($_POST['resetpassbirthdate']);
	$desiredpassword = mysql_real_escape_string($_POST['desiredpassword']);
	$resetpassusername = strtolower($resetpassusername);
	$resetpassemail = strtolower($resetpassemail);
	$resetpasscity = strtolower($resetpasscity);
	$resetpassstate = strtolower($resetpassstate);
	$resetpassphone = strtolower($resetpassphone);
	$select = "SELECT * FROM userinfo WHERE username = '$resetpassusername' AND email = '$resetpassemail' AND  city = '$resetpasscity' AND state = '$resetpassstate' AND zipcode = '$resetpasszipcode' AND phone = '$resetpassphone' AND birthdate = '$resetpassbirthdate';";
	$query = mysql_query($select);
	if (mysql_num_rows($query)) {
	echo "NO ROWS";
	$errorhandler .= "There is no such info in the database<br />";
	$errorhandler .= "Please try again or contact us for questions<br />";
	}
	
	if ($errorhandler != "") {
	echo $errorhandler;
	}
	
	if ($errorhandler == "") {
	$passhash = md5($desiredpassword);
	$update = "UPDATE userinfo SET password = '$passhash' WHERE username = '$resetpassusername';";
		if(mysql_query($update)) {
		echo "The password was changed successfully";
		$message = "
		You just recently had your password changed, here were the results.
		User Name: {$resetpassusername}
		Password: {$desiredpassword}
		";
		mail($resetpassemail, "Password Notification", $message);
		$temp = true;
		}else {
		echo "There was some kind of problem updating the password.<br />";
		echo "Please either contact support or try again<br />";
		}// close update query else statement
	}// end else
} // close isset
	?>
<?php
if ($temp != true) {
?>
	<form name="resetpass" id="resetpass" action="resetpassword.php" method="post">
	<label for="resetpassusername">*Username:</label>
	<input name="resetpassusername" type="text" id="resetpassusername" value="<?php echo $_POST['resetpassusername']?>"
	maxlength="80" />
<br />
	<label for="resetpassemail">*Email Address</label>
	<input name="resetpassemail" id="resetpassemail" type="text" maxlength="80" value ="<?php echo $_POST['resetpassemail']?>" />
	<br />
	<label for="resetpasscity">*City:</label>
	<input name="resetpasscity" id="resetpasscity" type="text" maxlength="80"  value ="<?php echo $_POST['resetpasscity']?>"/>
	<br />
	<label for="resetpassstate">*State:</label>
	<input name="resetpassstate" id="resetpassstate" type="text" maxlength="80" value="<?php echo $_POST['resetpassstate']?>" />
	<br />
	<label for="resetpasszipcode">*Zip Code:</label>
	<input name="resetpasszipcode" id="resetpasszipcode" type="text" maxlength="20" value="<?php echo $_POST['resetpasszipcode']?>" />
	<br />
	<label for="resetpassphone">*Phone:</label>
	<input name="resetpassphone" id="resetpassphone" type="text" maxlength="80" value="<?php echo $_POST['resetpassphone']?>" />(555-555-5555)
	<br />
	<label for="resetpassbirthdate">*Birth Date:</label>
	<input name="resetpassbirthdate" id="resetpassbirthdate" type="text"
	maxlength="80" value="<?php echo $_POST['resetpassbirthdate']?>" />(mm/dd/yyyy)
	<br />
	<label for="desiredpassword">*New Password:</label>
	<input name="desiredpassword" id="desiredpassword" type="password"
	maxlength="80" />
	<br />
	<input name="submitresetpass" id="submitresetpass" type="submit" value="submit" />
	<input name="resetpassreset" id="resetpassreset" type="reset" 
	value="Clear Form!" />
	</form>
	<?php
	}
	?>
	<p class="box"><strong>Note:</strong> You must agree to the Disclaimer to
	sign up for the site.  You should also check out the privacy policy, rules page,
	and other information on the site before signing up.  It is HIGHLY recommended
	that you click the following link to make the web site go over to a secure
	connection.  This will increase security during the login, and logout process.
	<a href="https://www.elostandfound.info" title="Secure Site">Here</a> Please
	give it just a second to switch over to the secure connection, it can sometimes
	take a few seconds.  The secure connection is 100 times more secure
	than the standard connection, the downfall however is that is loads slower.  It
	will also display a message about having secure and non-secure items on the
	same page, these non-secure items are the validation links in the bottom
	left hand corner of the page, and they are nothing to worry about.</p>
	</div>
	<div id="sidebar">
	<h3>Welcome</h3>
	<a href="index.php" title="Back To the Homepage">Home:</a><br />
	<a href="resetpassword.php" title="Reset Password">Reset Your Password!</a>
	<?php
	if ($_SESSION['controller'] == true) {
	?>
	<a href="logout.php" title="LogOut">Log Out!</a><br />
	<?php
	}
	?>

	<h2>Categories:</h2>
<?php
include './includes/categories.inc.php';
?>
	<h2>Site news:</h2>
<?php
include './includes/news.inc.php';
?>
	<h2>Validation Links</h2>
	<p>Inactive when over a secure connection</p>
	<ul class="links">
	<li><a href="
http://jigsaw.w3.org/css-validator/validator?uri=http://70.103.140.141/~elostand/elost.css" target="_blank"><img src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" />
	</a>
	</li>
	<li><a href="http://validator.w3.org/check?uri=referer" target="_blank">
	<img src="http://www.w3.org/Icons/valid-xhtml11" 
	alt="Valid XHTML 1.1" /></a></li>
	</ul>
	</div>
<?php
include './includes/footer.inc.php';
?>
	</div>
</body>
</html>
I haven't encountered this type of problem for a very long time, this whole script is running but it's totally ignoring my query for no known reason.  I thought it was working until someone pointed out an issue, it's worse than I thought, I am trying to test the database to see if the query exists, so I know whether or not they are int he datbase, in order to allow them to change there username and password, but it's not working the way it should be it's ignoring my first query completely.  It's not returning errors, or returning anything, but it's not registering it with my errorhandler.

Here is the line I am having problems with.
$select = "SELECT * FROM userinfo WHERE username = '$resetpassusername' AND email = '$resetpassemail' AND  city = '$resetpasscity' AND state = '$resetpassstate' AND zipcode = '$resetpasszipcode' AND phone = '$resetpassphone' AND birthdate = '$resetpassbirthdate';";
	$query = mysql_query($select);
	if (mysql_num_rows($query)) {
	$errorhandler .= "There is no such info in the database<br />";
	$errorhandler .= "Please try again or contact us for questions<br />";
	}
I tried mysql fetch arrays and everything else but something is keeping that part from running smoothly, any advice.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#2 bltesar

bltesar
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 10 August 2006 - 06:33 PM

is it possible that your conditional if (isset($_POST['submitresetpass']))  is returning false?

if after submitting the form, you're getting the form back, then that is probably the trouble.

what are you getting after your submit?  Is the update query working?

#3 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 10 August 2006 - 06:39 PM

It runs through everything as far as validation of characters, it's been awhile since I had to ask for help.  THe thing is it does all validation, it checks all empty fields, so I know it's reading my isset.
That entire structure is getting read.  Also when I get to the point of the first query it just ignores the test completely.  Whether I test for a positive or negative, then on the second query it runs the script for it, like the echo but does nothing with the database.  It's like the queries themselves are just getting ignored.
I rewrote it 2 times to see if I could find out what was causing it, it's like my queries are invisible somehow.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#4 bltesar

bltesar
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 10 August 2006 - 06:51 PM

did this code once work and then suddenly stop working correctly?

this seems unusual-
if (mysql_num_rows($query)) {
	echo "NO ROWS";
	$errorhandler .= "There is no such info in the database<br />";
	$errorhandler .= "Please try again or contact us for questions<br />";
	}

because it should have a '!', or at least it seems it should, this code block won't be executed if the query failed for some reason.  How is the server's error display set?

#5 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 10 August 2006 - 06:57 PM

The error display is all set correctly, it is suppose to display all errors, I haven't had to ask for help in awhile because I learned alot, and I am running for this issue off a server with the same php.ini configuration as my own site.  ALl errorhandling is on.  THe thing with this query, I need it to test to see if the information was in the database, IF IT IS in the database it returns an error, that echo no-rows was there as debug.  Here are 2 things I used on another script, they BOTH worked just fine, I used these to test for a username, and for a email address to prevent someone from entering them when they were already in the database, and these work flawlessly.

$selectuser = "SELECT `username` FROM `userinfo` WHERE `username` = '$username';";
$queryuser = mysql_query($selectuser);
if (mysql_num_rows($queryuser)) {
	$errorhandler .= "The username Already Exists.";
}
$selectemail = "SELECT `email` FROM `userinfo` WHERE `email` = '$email';";
$queryemail = mysql_query($selectemail);
if (mysql_num_rows($queryemail)) {
	$errorhandler .= "The Email Address Already Exists.";
}
that tests to see if the username exists, if it does already exist, it returns that error, if the email exists it returns that error, if one or both of them don't exist it just skips over it, and continues validation.  You see that I modeled the script I am having problems with around the other the ONLY different is the new script I am trying to get to work has a longer select query
$select = "SELECT * FROM userinfo WHERE username = '$resetpassusername' AND email = '$resetpassemail' AND  city = '$resetpasscity' AND state = '$resetpassstate' AND zipcode = '$resetpasszipcode' AND phone = '$resetpassphone' AND birthdate = '$resetpassbirthdate';";

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#6 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 10 August 2006 - 07:03 PM

The logic behind it was incorrect, you were correct the ! was what I needed in that situation I was looking at it from the wrong angle, so thank you.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#7 mewhocorrupts

mewhocorrupts
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts
  • LocationParker, CO

Posted 10 August 2006 - 07:42 PM


<?php
.....

mysql_connect("localhost", "######", "#####");

if (mysql_errorno())   // If 0, will not enter block, otherwise it will.  0 returned means no error.
{
   echo(mysql_errno() . " : " . mysql_error());
}

.....
?>

I'd prepend any database operations with those lines of code, just to make sure that after the call to create a connection, it is connected correctly.  Also, solely as a suggestion, you should assign your connection to a variable.  It makes the link easier to recognize and handle, not to mention error check.
-mewhocorrupts




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users