Jump to content

having trouble getting this password setup and redirect to login working


Recommended Posts

hi, my page is set up to accept a password change, update the database with the new password , and direct them to the login page. but i just get a blank screen on the redirect, and the password is not updating in the database. any help GREATLY appreciated if you can see anything wrong in my code. thanks. derek

 

here is the code to the page

 

<?php

//Start session
session_start();

$host		= "xxx";
$database 	= "xxx";
$username 	= "xxx";
$password 	= "xxxx";

//Connect to mysql database
mysql_connect($host, $username, $password);
mysql_select_db($database);

//Check for email and Salt in URL
if(!isset($_GET['Email']) || !isset($_GET['Salt']))
{
//If not, send them back to the index
header("http://mysite.com/index.php");
}

//Get the email things and escape them (this prevents people from using SQL injection to hack your database)
$Email = mysql_real_escape_string($_GET['Email']);
$Salt = mysql_real_escape_string($_GET['Salt']);

//Check to make sure the email and salt are right
$Query = mysql_query("SELECT * FROM members WHERE `Email`='$Email' AND `Salt`='$Salt'");

//If not, send back to index
if(!mysql_num_rows($Query))
{
header("http://mysite.com/index.php");
}

//Check to see if they have entered their desired password yet
if(!isset($_POST['Password']))
{
//If not, show form
echo "Please enter your desired password: <form action=\"Signup.php?Email=$Email&Salt=$Salt\" method=\"post\">
<input type=\"password\" name=\"Password\"><br>
<input type=\"submit\" value=\"Set Password\">";
}
else
{
//If so, escape the input, like above
$Password = mysql_real_escape_string($_POST['Password']);

//Encrypt it, so it can't be read even if someone does get into your database
$Password = md5($Password);

//Update the database
mysql_query("UPDATE members
SET `Password`='$Password'
WHERE `Email`='$Email'");

//Send them to login
header("http://mysite.com/index.php#login");
}
?>

to debug, put something like

or trigger_error(mysql_error());

after your mysql_query() calls and see if you are generating a mysql error. Also turn error reporting on via

error_reporting(E_ALL);
ini_set("display_errors", 1);

report if you get any errors

don't run mysql_real_escape_string against the password, and then hash it:

 

<?php
//If so, escape the input, like above
$Password = mysql_real_escape_string($_POST['Password']);

//Encrypt it, so it can't be read even if someone does get into your database
$Password = md5($Password);
?>

 

if somebody's password contained quotes, they would be escaped adding a \ to the password, which would be changing the password.

 

instead, just hash the password using md5().

thanks, ill just hash it.

. i used the error reporting setting on , and no errors just a blank page, also, where do i add this

 

or trigger_error(mysql_error());

 

like an example please? i dont know how to add it into my code yet. (this is someone's code im trying to make work for me) i just looked through the whole thing and i dont see any syntax errors in it. i just dont know why its not working. doesnt update database, and doesnt forward them to the login page

oh wait, i just tried it again and it looks like the password is changing, in the database, but its encrypted so if anyone accesses the database they cant use the info. does that sound correct?

even if so, it still doesnt redirect them after they type in their desired password.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.