Jump to content

query issues with php


Ninjakreborn

Recommended Posts

[code]<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="Description" content="Your description goes here..." />
<meta name="Keywords" content="your,keywords,goes,here" />
<meta name="author" content="Joyel Puryear. 
http://www.freelancebusinessman.com" />
<link rel="stylesheet" type="text/css" href="elost.css" />
<title>Reset Password</title>
</head>
<body>
<div id="wrap">
<div id="header">
<?php
include './includes/topnav.inc.php';
?>
</div>
<div><img src="images/elostandfound.jpg" alt="ELostAndFound Logo" /></div>
<div id="content">
<p>We require all the following information to reset a password so we can make
sure it's actually you resetting the password and not someone else.  All this
information has to match our database information 100% for it to allow the
password reset.  To change around your account information that can be done
from inside your control panel once you login, at the top of the screen.
Click on the link called my account, there you can change your account settings.
</p>
<?php
if (isset($_POST['submitresetpass'])) {
$errorhandler = "";
$regexphone = "
/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/";  // regex phone validation
$regexemail =
"^[A-Za-z0-9\._-]+@([A-Za-z0-9][A-Za-z0-9-]{1,62})(\.[A-Za-z][A-Za-z0-9-]{1,62})+$";
if ($_POST['resetpassusername'] == "") {
$errorhandler .= "The username field was left blank<br />";
}
if ($_POST['resetpassemail'] == "") {
$errorhandler .= "The email field was left blank<br />";
}
if ($_POST['resetpasscity'] == "") {
$errorhandler .= "The city field was left blank<br />";
}
if ($_POST['resetpasszipcode'] == "") {
$errorhandler .= "The zipcode field was left blank<br />";
}
if ($_POST['resetpassphone'] == "") {
$errorhandler .= "The phone field was left blank<br />";
}
if ($_POST['resetpassbirthdate'] == "") {
$errorhandler .= "the birthdate field was left blank<br />";
}
if (!ereg("$regexemail", $_POST['resetpassemail'])) {
$errorhandler .= "The email address is improperly formatted<br />";
}
if ($_POST['resetpassphone'] == "") {
$errorhandler .= "The Phone was left blank<br />";
}
if(!(getmxrr(substr(strstr($_POST['resetpassemail'], '@'), 1), $temp)) || checkdnsrr(gethostbyname(substr(strstr($_POST['resetpassemail'], '@'), 1)), "ANY")) {
$errorhandler .= "The Domain name for the email address does not exist<br />";
}
if ($_POST['desiredpassword'] == "") {
$errorhandler .= "The desired password field was left blank<br />";
}
mysql_connect("localhost", "######", "#####");
mysql_select_db("elostand_general");
$resetpassusername = mysql_real_escape_string($_POST['resetpassusername']);
$resetpassemail = mysql_real_escape_string($_POST['resetpassemail']);
$resetpasscity = mysql_real_escape_string($_POST['resetpasscity']);
$resetpassstate = mysql_real_escape_string($_POST['resetpassstate']);
$resetpasszipcode = mysql_real_escape_string($_POST['resetpasszipcode']);
$resetpassphone = mysql_real_escape_string($_POST['resetpassphone']);
$resetpassbirthdate = mysql_real_escape_string($_POST['resetpassbirthdate']);
$desiredpassword = mysql_real_escape_string($_POST['desiredpassword']);
$resetpassusername = strtolower($resetpassusername);
$resetpassemail = strtolower($resetpassemail);
$resetpasscity = strtolower($resetpasscity);
$resetpassstate = strtolower($resetpassstate);
$resetpassphone = strtolower($resetpassphone);
$select = "SELECT * FROM userinfo WHERE username = '$resetpassusername' AND email = '$resetpassemail' AND  city = '$resetpasscity' AND state = '$resetpassstate' AND zipcode = '$resetpasszipcode' AND phone = '$resetpassphone' AND birthdate = '$resetpassbirthdate';";
$query = mysql_query($select);
if (mysql_num_rows($query)) {
echo "NO ROWS";
$errorhandler .= "There is no such info in the database<br />";
$errorhandler .= "Please try again or contact us for questions<br />";
}

if ($errorhandler != "") {
echo $errorhandler;
}

if ($errorhandler == "") {
$passhash = md5($desiredpassword);
$update = "UPDATE userinfo SET password = '$passhash' WHERE username = '$resetpassusername';";
if(mysql_query($update)) {
echo "The password was changed successfully";
$message = "
You just recently had your password changed, here were the results.
User Name: {$resetpassusername}
Password: {$desiredpassword}
";
mail($resetpassemail, "Password Notification", $message);
$temp = true;
}else {
echo "There was some kind of problem updating the password.<br />";
echo "Please either contact support or try again<br />";
}// close update query else statement
}// end else
} // close isset
?>
<?php
if ($temp != true) {
?>
<form name="resetpass" id="resetpass" action="resetpassword.php" method="post">
<label for="resetpassusername">*Username:</label>
<input name="resetpassusername" type="text" id="resetpassusername" value="<?php echo $_POST['resetpassusername']?>"
maxlength="80" />
<br />
<label for="resetpassemail">*Email Address</label>
<input name="resetpassemail" id="resetpassemail" type="text" maxlength="80" value ="<?php echo $_POST['resetpassemail']?>" />
<br />
<label for="resetpasscity">*City:</label>
<input name="resetpasscity" id="resetpasscity" type="text" maxlength="80"  value ="<?php echo $_POST['resetpasscity']?>"/>
<br />
<label for="resetpassstate">*State:</label>
<input name="resetpassstate" id="resetpassstate" type="text" maxlength="80" value="<?php echo $_POST['resetpassstate']?>" />
<br />
<label for="resetpasszipcode">*Zip Code:</label>
<input name="resetpasszipcode" id="resetpasszipcode" type="text" maxlength="20" value="<?php echo $_POST['resetpasszipcode']?>" />
<br />
<label for="resetpassphone">*Phone:</label>
<input name="resetpassphone" id="resetpassphone" type="text" maxlength="80" value="<?php echo $_POST['resetpassphone']?>" />(555-555-5555)
<br />
<label for="resetpassbirthdate">*Birth Date:</label>
<input name="resetpassbirthdate" id="resetpassbirthdate" type="text"
maxlength="80" value="<?php echo $_POST['resetpassbirthdate']?>" />(mm/dd/yyyy)
<br />
<label for="desiredpassword">*New Password:</label>
<input name="desiredpassword" id="desiredpassword" type="password"
maxlength="80" />
<br />
<input name="submitresetpass" id="submitresetpass" type="submit" value="submit" />
<input name="resetpassreset" id="resetpassreset" type="reset"
value="Clear Form!" />
</form>
<?php
}
?>
<p class="box"><strong>Note:</strong> You must agree to the Disclaimer to
sign up for the site.  You should also check out the privacy policy, rules page,
and other information on the site before signing up.  It is HIGHLY recommended
that you click the following link to make the web site go over to a secure
connection.  This will increase security during the login, and logout process.
<a href="https://www.elostandfound.info" title="Secure Site">Here</a> Please
give it just a second to switch over to the secure connection, it can sometimes
take a few seconds.  The secure connection is 100 times more secure
than the standard connection, the downfall however is that is loads slower.  It
will also display a message about having secure and non-secure items on the
same page, these non-secure items are the validation links in the bottom
left hand corner of the page, and they are nothing to worry about.</p>
</div>
<div id="sidebar">
<h3>Welcome</h3>
<a href="index.php" title="Back To the Homepage">Home:</a><br />
<a href="resetpassword.php" title="Reset Password">Reset Your Password!</a>
<?php
if ($_SESSION['controller'] == true) {
?>
<a href="logout.php" title="LogOut">Log Out!</a><br />
<?php
}
?>

<h2>Categories:</h2>
<?php
include './includes/categories.inc.php';
?>
<h2>Site news:</h2>
<?php
include './includes/news.inc.php';
?>
<h2>Validation Links</h2>
<p>Inactive when over a secure connection</p>
<ul class="links">
<li><a href="
http://jigsaw.w3.org/css-validator/validator?uri=http://70.103.140.141/~elostand/elost.css" target="_blank"><img src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" />
</a>
</li>
<li><a href="http://validator.w3.org/check?uri=referer" target="_blank">
<img src="http://www.w3.org/Icons/valid-xhtml11"
alt="Valid XHTML 1.1" /></a></li>
</ul>
</div>
<?php
include './includes/footer.inc.php';
?>
</div>
</body>
</html>[/code]
I haven't encountered this type of problem for a very long time, this whole script is running but it's totally ignoring my query for no known reason.  I thought it was working until someone pointed out an issue, it's worse than I thought, I am trying to test the database to see if the query exists, so I know whether or not they are int he datbase, in order to allow them to change there username and password, but it's not working the way it should be it's ignoring my first query completely.  It's not returning errors, or returning anything, but it's not registering it with my errorhandler.

Here is the line I am having problems with.
[code]$select = "SELECT * FROM userinfo WHERE username = '$resetpassusername' AND email = '$resetpassemail' AND  city = '$resetpasscity' AND state = '$resetpassstate' AND zipcode = '$resetpasszipcode' AND phone = '$resetpassphone' AND birthdate = '$resetpassbirthdate';";
$query = mysql_query($select);
if (mysql_num_rows($query)) {
$errorhandler .= "There is no such info in the database<br />";
$errorhandler .= "Please try again or contact us for questions<br />";
}[/code]
I tried mysql fetch arrays and everything else but something is keeping that part from running smoothly, any advice.
Link to comment
Share on other sites

is it possible that your conditional if (isset($_POST['submitresetpass']))  is returning false?

if after submitting the form, you're getting the form back, then that is probably the trouble.

what are you getting after your submit?  Is the update query working?
Link to comment
Share on other sites

It runs through everything as far as validation of characters, it's been awhile since I had to ask for help.  THe thing is it does all validation, it checks all empty fields, so I know it's reading my isset.
That entire structure is getting read.  Also when I get to the point of the first query it just ignores the test completely.  Whether I test for a positive or negative, then on the second query it runs the script for it, like the echo but does nothing with the database.  It's like the queries themselves are just getting ignored.
I rewrote it 2 times to see if I could find out what was causing it, it's like my queries are invisible somehow.
Link to comment
Share on other sites

did this code once work and then suddenly stop working correctly?

this seems unusual-
[code] if (mysql_num_rows($query)) {
echo "NO ROWS";
$errorhandler .= "There is no such info in the database<br />";
$errorhandler .= "Please try again or contact us for questions<br />";
}[/code]

because it should have a '!', or at least it seems it should, this code block won't be executed if the query failed for some reason.  How is the server's error display set?
Link to comment
Share on other sites

The error display is all set correctly, it is suppose to display all errors, I haven't had to ask for help in awhile because I learned alot, and I am running for this issue off a server with the same php.ini configuration as my own site.  ALl errorhandling is on.  THe thing with this query, I need it to test to see if the information was in the database, IF IT IS in the database it returns an error, that echo no-rows was there as debug.  Here are 2 things I used on another script, they BOTH worked just fine, I used these to test for a username, and for a email address to prevent someone from entering them when they were already in the database, and these work flawlessly.

[code]$selectuser = "SELECT `username` FROM `userinfo` WHERE `username` = '$username';";
$queryuser = mysql_query($selectuser);
if (mysql_num_rows($queryuser)) {
$errorhandler .= "The username Already Exists.";
}
$selectemail = "SELECT `email` FROM `userinfo` WHERE `email` = '$email';";
$queryemail = mysql_query($selectemail);
if (mysql_num_rows($queryemail)) {
$errorhandler .= "The Email Address Already Exists.";
}[/code]
that tests to see if the username exists, if it does already exist, it returns that error, if the email exists it returns that error, if one or both of them don't exist it just skips over it, and continues validation.  You see that I modeled the script I am having problems with around the other the ONLY different is the new script I am trying to get to work has a longer select query
[code]$select = "SELECT * FROM userinfo WHERE username = '$resetpassusername' AND email = '$resetpassemail' AND  city = '$resetpasscity' AND state = '$resetpassstate' AND zipcode = '$resetpasszipcode' AND phone = '$resetpassphone' AND birthdate = '$resetpassbirthdate';";[/code]
Link to comment
Share on other sites


[code]
<?php
.....

mysql_connect("localhost", "######", "#####");

if (mysql_errorno())  // If 0, will not enter block, otherwise it will.  0 returned means no error.
{
  echo(mysql_errno() . " : " . mysql_error());
}

.....
?>
[/code]

I'd prepend any database operations with those lines of code, just to make sure that after the call to create a connection, it is connected correctly.  Also, solely as a suggestion, you should assign your connection to a variable.  It makes the link easier to recognize and handle, not to mention error check.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.