Jump to content

Doesn't check if the username is invalid

c-o-d-e

By c-o-d-e
in PHP Coding Help

 Share

Recommended Posts

c-o-d-e Member

c-o-d-e

Posted
Posted

I have this code, you may of seen it in the other thread of mine. I made a tiny bit of changes.

If both username and email have been entered, it checks if there is a row with the entered username. If there is, it checks if the email is registered with the username.

If there is no row with the entered username, it should create the error. Instead, it carries on with the process.

	if($username > 0 && $email > 0){
	$query = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or trigger_error("Query failed: ".mysql_error());
	if(mysql_num_rows($query) > 0) {
		$row = mysql_fetch_array($query);
		if($email == $row['Email']){}else{
			$error['email'] = '<span style="color:red;">The entered Email is not the registered email!</span>';
		}
	} else {
		$error['username'] = '<span style="color:red;">The entered Username is not registered!</span>';
	}
}

 

However, with the following code at the bottom its suppose to update the database. Although using an invalid username, it shouldn't be able to do the query. It should fail. Though.. it continues with the success note. Even though it has an if statement so that if the query failed, it would not work. Yet it works, but nothing changes in the database as there isn't a row with that user! I don't see why!! Here is the querys etc.

 

		 $query = mysql_query("UPDATE Users SET Password = '$pass' WHERE Username = '$username'") or trigger_error('Query failed: '. mysql_error());

	 $send = mail($email , "Password Reset Request" , "You have applied for a new password at Developers Community\n\nYour Username and New Password are below, Please change your Password when you login!\n\nUser: ".$username."\nPass: ".$pwd."\n\nIf you did not request a New Password, please change your Password and if this continues to happen then please contact us.\n\nPlease do not reply, this is an automated mailer.\n\nThanks", "FROM: [email protected]");

	 if(($query)&&($send)){
		 $success['complete'] = '<span style="color:red;">Your New Password has been sent to your Email Address. The Email could be in your Junk. If you do not recieve the email, please contact us.</span>';
	 }

Link to comment
https://forums.phpfreaks.com/topic/190302-doesnt-check-if-the-username-is-invalid/
Share on other sites
Genesis730 Member

Genesis730

Posted
Posted

Just looking at it quick so I might be wrong but wouldn't you need

My code MIGHT not be correct syntax but you get the idea

 

if($email == $row['Email']) {}
  else{
    $error['email'] = '<span style="color:red;">The entered Email is not the registered email!</span>';
         }
  else if($username== $row['Username']) {}
  else{
        $error['username'] = '<span style="color:red;">The entered Username is not registered!</span>';
         }
}

c-o-d-e Member

c-o-d-e

Posted
  • Author
Posted

You are using two Else statements within an If statement, it causes an unexpected else.

 

I understand you said it may not be correct syntax. I can't figure out the correct syntax though!

Can you help?

 

Also, with the query too.. can you help with that? Thanks.

Genesis730 Member

Genesis730

Posted
Posted

oops the proper statement is elseif

 

example

 

<html>
<body>

<?php
$d=date("D");
if ($d=="Fri")
  echo "Have a nice weekend!";
elseif ($d=="Sun")
  echo "Have a nice Sunday!";
else
  echo "Have a nice day!";
?>

</body>
</html>

 

HOPE THAT HELPS

c-o-d-e Member

c-o-d-e

Posted
  • Author
Posted 

	if($username > 0 && $email > 0){
	$query = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or trigger_error("Query failed: ".mysql_error());
	if(mysql_num_rows($query) > 0) {
		$row = mysql_fetch_array($query);
		if($username == $row['Username']) {} else {
			$error['username'] = '<span style="color:red;">The entered Username is not registered!</span>';
		}
		elseif($email == $row['Email']) {} else {
			$error['email'] = '<span style="color:red;">The entered Email is not the registered email!</span>';
		}
	}
}

 

There is an unexpected elseif. If I remove the elseif and just use if.

It then happens if I enter the WRONG email address associated with the Username. It resets my password and sends an email to that address, and even with the wrong Username AND Email. It still sends!

Genesis730 Member

Genesis730

Posted
Posted

Any better??

 

if($username > 0 && $email > 0){
  $query = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or trigger_error("Query failed: ".mysql_error());

if(mysql_num_rows($query) > 0) {
  $row = mysql_fetch_array($query);
  if($username != $row['Username'])
    {
      $error['username'] = '<span style="color:red;">The entered Username is not registered!</span>';
    }

  elseif($email != $row['Email'])
    {
      $error['email'] = '<span style="color:red;">The entered Email is not the registered email!</span>';
    }
}
}

wildteen88 Regular Member

wildteen88

Posted
Posted

You should modify your where clause so it also checks the email

$query = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Email='$email") or trigger_error("Query failed: ".mysql_error());

Now to see if the your query matched a row that contains the same username/email combination provided you'd use mysql_num_rows

 

$query = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Email='$email' LIMIT 1") or trigger_error("Query failed: ".mysql_error());

// if no rows was returned, the display an error. Username/email does not exist
if(mysql_num_rows() == 0)
{
    echo 'The Username/Email address provided does not exist';
}
else
{
    // A match was found, reset the password for the given username here
}

c-o-d-e Member

c-o-d-e

Posted
  • Author
Posted

Genesis730 What you tried before still sent the emails without correct username and password.

However, wildteen88 that is an excellent example. Though it still does the same as Genesis730!

It's confusing me.

 

	if($username > 0 && $email > 0) {
	$query = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Email = '$email' LIMIT 1") or trigger_error("Query failed: ".mysql_error());
	// if no rows was returned, the display an error. Username/email does not exist
	if(mysql_num_rows($query) == 0) {
		$error['uspa'] = 'The Username/Email address provided does not exist';
	} else {
		// A match was found, reset the password for the given username here
	}
}

 

And I do have "if(!isset($error)){" before the password reset part too.

wildteen88 Regular Member

wildteen88

Posted
Posted

No you wont need to check that the $error variable exists when resetting the password. All your code for resetting the password will be placed in the else statement

else {
// A match was found, reset the password for the given username here
}

The else statement will ONLY be executed if the query returned a match on the username/email address.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.