silverglade Posted December 18, 2009 Share Posted December 18, 2009 hi, my page is set up to accept a password change, update the database with the new password , and direct them to the login page. but i just get a blank screen on the redirect, and the password is not updating in the database. any help GREATLY appreciated if you can see anything wrong in my code. thanks. derek here is the code to the page <?php //Start session session_start(); $host = "xxx"; $database = "xxx"; $username = "xxx"; $password = "xxxx"; //Connect to mysql database mysql_connect($host, $username, $password); mysql_select_db($database); //Check for email and Salt in URL if(!isset($_GET['Email']) || !isset($_GET['Salt'])) { //If not, send them back to the index header("http://mysite.com/index.php"); } //Get the email things and escape them (this prevents people from using SQL injection to hack your database) $Email = mysql_real_escape_string($_GET['Email']); $Salt = mysql_real_escape_string($_GET['Salt']); //Check to make sure the email and salt are right $Query = mysql_query("SELECT * FROM members WHERE `Email`='$Email' AND `Salt`='$Salt'"); //If not, send back to index if(!mysql_num_rows($Query)) { header("http://mysite.com/index.php"); } //Check to see if they have entered their desired password yet if(!isset($_POST['Password'])) { //If not, show form echo "Please enter your desired password: <form action=\"Signup.php?Email=$Email&Salt=$Salt\" method=\"post\"> <input type=\"password\" name=\"Password\"><br> <input type=\"submit\" value=\"Set Password\">"; } else { //If so, escape the input, like above $Password = mysql_real_escape_string($_POST['Password']); //Encrypt it, so it can't be read even if someone does get into your database $Password = md5($Password); //Update the database mysql_query("UPDATE members SET `Password`='$Password' WHERE `Email`='$Email'"); //Send them to login header("http://mysite.com/index.php#login"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/185556-having-trouble-getting-this-password-setup-and-redirect-to-login-working/ Share on other sites More sharing options...
mikesta707 Posted December 18, 2009 Share Posted December 18, 2009 to debug, put something like or trigger_error(mysql_error()); after your mysql_query() calls and see if you are generating a mysql error. Also turn error reporting on via error_reporting(E_ALL); ini_set("display_errors", 1); report if you get any errors Quote Link to comment https://forums.phpfreaks.com/topic/185556-having-trouble-getting-this-password-setup-and-redirect-to-login-working/#findComment-979635 Share on other sites More sharing options...
mrMarcus Posted December 18, 2009 Share Posted December 18, 2009 don't run mysql_real_escape_string against the password, and then hash it: <?php //If so, escape the input, like above $Password = mysql_real_escape_string($_POST['Password']); //Encrypt it, so it can't be read even if someone does get into your database $Password = md5($Password); ?> if somebody's password contained quotes, they would be escaped adding a \ to the password, which would be changing the password. instead, just hash the password using md5(). Quote Link to comment https://forums.phpfreaks.com/topic/185556-having-trouble-getting-this-password-setup-and-redirect-to-login-working/#findComment-979638 Share on other sites More sharing options...
silverglade Posted December 18, 2009 Author Share Posted December 18, 2009 thanks, ill just hash it. . i used the error reporting setting on , and no errors just a blank page, also, where do i add this or trigger_error(mysql_error()); like an example please? i dont know how to add it into my code yet. (this is someone's code im trying to make work for me) i just looked through the whole thing and i dont see any syntax errors in it. i just dont know why its not working. doesnt update database, and doesnt forward them to the login page Quote Link to comment https://forums.phpfreaks.com/topic/185556-having-trouble-getting-this-password-setup-and-redirect-to-login-working/#findComment-979642 Share on other sites More sharing options...
silverglade Posted December 18, 2009 Author Share Posted December 18, 2009 oh wait, i just tried it again and it looks like the password is changing, in the database, but its encrypted so if anyone accesses the database they cant use the info. does that sound correct? even if so, it still doesnt redirect them after they type in their desired password. Quote Link to comment https://forums.phpfreaks.com/topic/185556-having-trouble-getting-this-password-setup-and-redirect-to-login-working/#findComment-979645 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.