Jump to content

[SOLVED] database update help

kaiman

By kaiman
in PHP Coding Help

 Share

Recommended Posts

kaiman Member

kaiman

Posted
Posted

Hi,

 

I am trying to write a password reset script that will generate a random password, update the table in the database (adding sha1 to the randomly generated password) and then email the randomly generated password (before sha1 hashing) to the user so they can login and then change it to something they will remember.

 

My problem is that it keeps erroring out and won't update the record. My guess is that there is some syntax that is missing/wrong, but I've been beating my head against this and can't seem to get it to work. The code is below.

 

Please help!

 

Thanks in advance,

 

kaiman

 

// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// generates random password
// include ("randompass.inc.php");

// generates random password with the following letters and numbers
function randomPass($length) {
$letters = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9);
$newpass = "";
for($i = 0; $i < $length; $i++) {
$newpass .= $letters[rand(0,61)];
}
return $newpass;
}

// returns random 8 character password
$pass = randomPass(;

// protects against mysql injection
function cleanString($string){
htmlentities(mysql_real_escape_string($string));
    return $string;
}

// values sent from form
$username = cleanString($_POST['username']);
$email = cleanString($_POST['email']);

// check for empty fields
if (empty($username) || empty($email)) {
   echo "Please Complete All Form Fields";
   exit ;
}

//account check
$sql="SELECT count(*) FROM $tbl_name WHERE username='$username' and email='$email'";
$result=mysql_query($sql);
$num = mysql_result($result,0);

//check to see if username and email exists or not.
if($num < 1){
echo "That Username or Email Address Does Not Match Our Records. Please Provide A Valid Username and Email Address.";
exit();
}

// if email is found update data in database
$sql="UPDATE $tbl_name SET pass='" . sha1($pass) . "' WHERE username='$username' and email = '$email'";
$result=mysql_query($sql);

// if data is successfully changed in database, send email to user
if($result){

// send e-mail to

code, blah, blah, blah

Link to comment
https://forums.phpfreaks.com/topic/176640-solved-database-update-help/
Share on other sites
kaiman Member

kaiman

Posted
  • Author
Posted

It just sends me to a blank page and I don't get an email verifying that it has been updated. When I go and look in phpMyAdmin to see if the password sha1 has changed, it has not. Any ideas? Am I missing some sql code that would help make sure the record is updated?

 

Thanks,

 

kaiman

kaiman Member

kaiman

Posted
  • Author
Posted

It is on for that domain, but no error log was written. I have a feeling that the issue lies somewhere in between the password generation and the database UPDATE, but my PHP isn't good enough to determine where!

 

I have a similar script that does the mysql DELETE function and seems to work flawlessly so I am at a loss to where this is going awry.

 

Any other ideas?

 

Thanks again,

 

kaiman

kaiman Member

kaiman

Posted
  • Author
Posted

No luck after adding the error code, no errors display and it still just redirects me to error page at bottom and does not update database. I know it is connecting to the database ok because the first to conditions come back with the echos if not met correctly.

 

Below is the complete script code minus personal info. You will notice that I changed the sha1 mysql code slightly to see if that made a difference, but no go.

 

Other help is appreciated.

 

Thanks!

 

kaiman

 

// connects to server and selects database.
include ("dbconnect.inc.php");

// table name
$tbl_name="registered_members";

// generates random password
// include ("randompass.inc.php");

// generates random password with the following letters and numbers
function randomPass($length) {
$letters = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 0, 1, 2, 3, 4, 5, 6, 7, 8, 9);
$newpass = "";
for($i = 0; $i < $length; $i++) {
$newpass .= $letters[rand(0,61)];
}
return $newpass;
}

// returns random 8 character password
$pass = randomPass(;

// protects against mysql injection
function cleanString($string){
htmlentities(mysql_real_escape_string($string));
    return $string;
}

// values sent from form
$username = cleanString($_POST['username']);
$email = cleanString($_POST['email']);

// check for empty fields
if (empty($username) || empty($email)) {
   echo "Please Complete All Form Fields";
   exit ;
}

//account check
$sql="SELECT count(*) FROM $tbl_name WHERE username='$username' and email='$email'";
$result=mysql_query($sql);
$num = mysql_result($result,0);

//check to see if username and email exists or not.
if($num < 1){
echo "That Username or Email Address Does Not Match Our Records. Please Provide A Valid Username and Email Address.";
exit();
}

// if username and email is found update data in database
$sql="UPDATE $tbl_name SET pass=sha1('$pass') WHERE username='$username' and email='$email'";
$result=mysql_query($sql);
echo mysql_error();

// if data is successfully updated in database, send email to user
if($result){

// send e-mail to
$to="$email";

// your subject
$subject="Password Reset";

// from
$header="from: Email <email@domain.com>";

// your message
$message=

"Dear $email,\n\n" .
"Your password has been reset.\n\n" .
"Your temporary password is $pass.\n\n" .
"To complete the process, please login to http://domain.com/ and change your password.\n\n" .
"If you believe you recieved this email in error or need further assistance\n" . 
"please email email@domain.com\n\n" .
"Sincerely,\n\n" .
"Domain\n" .
"http://domain.com\n";

// send email
$sentmail = mail($to,$subject,$message,$header);

}

// if not found
else {
echo "Could Not Send Email";
}

// if your email was succesfully sent
if($sentmail){
header( "Location: http://domain.com/success/" );
}
else {
header( "Location: http://domain.com/error/" );
exit;
}

?>

kaiman Member

kaiman

Posted
  • Author
Posted

* SOLVED *

 

$sql="UPDATE $tbl_name SET pass=sha1('$pass') WHERE username='$username' and email='$email'";

 

Should have been

 

$sql="UPDATE $tbl_name SET password=sha1('$pass') WHERE username='$username' and email='$email'";

 

This is what happens when I stare at things too long :P

 

Thanks for everyone's help,

 

kaiman

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.