Web Application Recipe

[pipwax]

Hi Guys!

 

    I am working with the Web Application recipes. I am currently working on the send password page. The page is working, but I sends the same password and username regardless of the email entered. Here is the code.

=========================code=============================

<?php require_once('Connections/newsfeed.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

$EmailParam_LostPassword = "[email protected]";

if (isset($_POST['EmailAddress'])) {

  $EmailParam_LostPassword = $_POST['EmailAddress'];

}

mysql_select_db($database_newsfeed, $newsfeed);

$query_LostPassword = sprintf("SELECT UserName, UserPassword FROM users WHERE UserEmail = %s", GetSQLValueString($EmailParam_LostPassword, "int"));

$LostPassword = mysql_query($query_LostPassword, $newsfeed) or die(mysql_error());

$row_LostPassword = mysql_fetch_assoc($LostPassword);

$totalRows_LostPassword = mysql_num_rows($LostPassword);

?>

<?php

$ConfirmMessage = "";

if ($totalRows_LostPassword > 0) {

$to = $_POST['EmailAddress'];

$from = 'From:[email protected] <[email protected]>\r\n';

$subject = "RE: Your sk8photos Login Information";

$body = "UserName: " . $row_LostPassword['UserName'] . "\rPassword: " . $row_LostPassword['UserPassword'];

@mail($to,$subject,$body,$from);

$ConfirmMessage = "Your login information has been sent to: " . $_POST['EmailAddress'];

}

?>

<html>

<head>

<title>Sk8photos.com | Send Password</title>

<link rel="stylesheet" href="style.css" type="text/css">

<meta name="description" content="">

<meta name="keywords" content="keywords">

</head>

<body>

<div align="center">

<div id="container_big">

<div id="container">

<div id="header">

<div id="banner"></div>

<div id="logo">

<a href="#" title="Homepage »">Sk8photos.com</a></div>

<div id="slogan"><marquee behavior="slide" direction="left">Roll ......Click......Roll click</marquee></div>

<div id="menu">

<a href="#">HOME</a>

<a href="#">NEWS</a>     

<a href="#">PHOTOS</a>     

<a href="#">VIDEOS</a>     

<a href="#">CONTACT US</a>

</div>

 

</div>

 

 

 

 

<!-- content begin -->

<div id="content">

 

<div id="right">

<div style="margin-left: 8px;">

<img src="images/i1.jpg" vspace="3"><br />

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis.<br>

<img src="images/i2.jpg" vspace="4">

</div>

</div>

 

<div id="main">

<table width="100%" border="0" cellspacing="1" cellpadding="1">

  <tr>

    <td><table width="100%" border="0" cellspacing="0" cellpadding="0">

      <tr>

        <td height="40"><table width="100%" class="layoutTable" border="0" cellpadding="6" cellspacing="0">

            <tr>

              <td width="200" align="center" valign="bottom" bgcolor="#F82474" class="pageHeader">SEND

                PASSWORD </td>

              <td bgcolor="#E9BE15"> </td>

            </tr>

        </table></td>

      </tr>

      <tr>

        <td><form name="SendPassword" method="post" action="">

          <table width="100%" border="0" cellspacing="0" cellpadding="6">

            <tr>

              <td width="25"> </td>

              <td colspan="2"> </td>

            </tr>

            <tr>

              <td width="25"> </td>

              <td colspan="2" class="plaintext">If you have forgotten your

                password, please enter the email address you used to register

                in the text box below. Your user name and password information

                will be e-mailed to that email address. </td>

            </tr>

            <tr>

              <td> </td>

              <td colspan="2"><?php echo $ConfirmMessage; ?> </td>

            </tr>

            <tr>

              <td width="25"> </td>

              <td class="formTitle">Email Address</td>

              <td class="formField"><input name="EmailAddress" type="text" id="EmailAddress" size="40"></td>

            </tr>

            <tr>

              <td width="25"> </td>

              <td class="formTitle"> </td>

              <td class="formField"><input name="SendPWD" type="submit" id="SendPWD" value="Send Login Info"></td>

            </tr>

          </table>

        </form>          </td>

      </tr>

    </table>

      </td>

  </tr>

</table>

<h1><br clear="all">

</h1>

</div>

 

<br clear="all">

</div>

</div>

<!-- content end -->

<div id="footer">

© 2007 <a href="#"><strong>Celebrere.com</strong>

 

</div>

</div>

 

</div>

</div>

</div>

</body></html>

<?php

mysql_free_result($LostPassword);

?>

==========================end code========================

[cags]

This section of code...

 

$query_LostPassword = sprintf("SELECT UserName, UserPassword FROM users WHERE UserEmail = %s", GetSQLValueString($EmailParam_LostPassword, "int"));

...makes no real sense to me. Firstly you are using sprintf with %s, which indicates the value to be inserted is a string. That being the case the %s should be enclosed in quotes as all strings submitted as part of a MySQL query should be. Secondly you call your GetSQLValueString function passing the type of int along with either a predefined variable of "[email protected]" or a value input by the user. This will return 0 since it's not an integer, in essence making your query...

 

"SELECT UserName, UserPassword FROM users WHERE UserEmail = 0"

 

Also, there appears to be a glaring security hole in as much as if the user doesn't input an e-mail into the box, you will e-mail them the username and password of the webmaster  :-\

[pipwax]

This code is as it is in the book. it is not working as it should. would like help making corrections. I am a beginner at programming.

[cags]

If you are saying your code is exactly the same as a published book, I find it very difficult to believe. It sounds very odd that a published book could contain code that validates an e-mail address using intval. It's possible that would pass through editing but seems very unlikely.

 

$query_LostPassword = sprintf("SELECT UserName, UserPassword FROM users WHERE UserEmail = %s", GetSQLValueString($EmailParam_LostPassword, "text"));

 

Would make a whole lot more sense, it would make the call to GetSQLValueString comply with the sprintf's indication the value should be a string. It would also mean you were fetching the username and password from the database from any lines that had the e-mail address the user typed in.

 

As you're a beginner I don't really want to confuse you, especially since you are following a book. Far be it for me to suggest I know more than the Author, but generally speaking, from a security perspective, you shouldn't store passwords in your database in plain unencrypted strings. They should instead be hashed. This being the case you wouldn't be able to send the user their password.

[trq]

The code looks suspiciously like that written by dreamweaver which is notoriously crap at writing code.

[pipwax]

I have not altered the code. I am using the snippets that came with the book. However, they were designed for dreamweaver mx 2004 and I am using dreamweaver cs3 maybe this has altered tha code