powpow Posted October 27, 2010 Share Posted October 27, 2010 I am trying to create a website that after you receive an email you have to use the email address and password to confirm account. Then the next page allows you to change your password. I want to save the users email from the first page and use it in the SQL statement in the second page to locate the user in the DB and update the data. There must be some problem with the way I have my code logically set up. It will make it to the 2nd step but then it will go back to the main email confirmation page. <?php include('common.php'); include('db.php'); session_start(); session_register('umail'); session_register('password'); session_register('pwd1'); session_register('pwd2'); if(!isset($_POST['email']) && !isset($_POST['password'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "BLOCKED URL"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> Email: <input type="text" name="email" size="8" /> password:<input type="password" name="password" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? exit; } else { $umail = $_SESSION['umail'] = $_POST['email']; $password = $_SESSION['password'] = $_POST['password']; dbConnect("web2"); $sql ="SELECT * FROM `user` WHERE email ='$umail'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if(!$result) error('Contact DB admin'); if($result='') error('not in db'); if($_SESSION['umail'] != $row['email'] && $_SESSION['password'] != $row['password']) error('Wrong email or password'); } if(!isset($_POST['pwd1']) && !isset($_POST['pwd2'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "BLOCKED URL"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> password: <input type="text" name="pwd1" size="8" /> password confirmation:<input type="password" name="pwd2" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { $pwd1 = $_SESSION['pwd1'] = $_POST['pwd1']; $pwd2 = $_SESSION['pwd2'] = $_POST['pwd2']; if($_SESSiON['pwd1'] == $_SESSION['pwd2']) { dbConnect("web2"); mysql_query("UPDATE user SET password ='$pwd1' WHERE email ='$umail'"); $sql="SELECT * FROM 'user' WHERE email='$umail'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if($_SESSION['pwd1'] != $row['password']) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "(BLOCKED URl"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> password: <input type="text" name="pwd1" size="8" /> password confirmation:<input type="password" name="pwd2" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { error(' the man'); session_unset(); session_destroy(); } } } ?> Link to comment https://forums.phpfreaks.com/topic/217037-using-session-array-input-to-sql-database/ Share on other sites More sharing options...
Anti-Moronic Posted October 27, 2010 Share Posted October 27, 2010 session_register() is deprecated and I would seriously advise you separate this into different pages. You also need to escape with mysql_real_escape_string() all of your data being stored. Finally, don't use short tags = <?= should be <?php - it will only cause problems in the future if you code like this. Sorry, can't answer your question on the logics of this. Link to comment https://forums.phpfreaks.com/topic/217037-using-session-array-input-to-sql-database/#findComment-1127243 Share on other sites More sharing options...
powpow Posted October 27, 2010 Author Share Posted October 27, 2010 You also need to escape with mysql_real_escape_string() all of your data being stored. mysql_realescape_string() instead of mysql_free_result() ? Link to comment https://forums.phpfreaks.com/topic/217037-using-session-array-input-to-sql-database/#findComment-1127245 Share on other sites More sharing options...
BlueSkyIS Posted October 27, 2010 Share Posted October 27, 2010 those are 2 totally different functions: http://php.net/manual/en/function.mysql-real-escape-string.php http://php.net/manual/en/function.mysql-free-result.php Link to comment https://forums.phpfreaks.com/topic/217037-using-session-array-input-to-sql-database/#findComment-1127248 Share on other sites More sharing options...
powpow Posted November 3, 2010 Author Share Posted November 3, 2010 Ok I appreciate it. I ended up getting it to work in two separate files. <?php @include_once('common.php'); @include_once('db.php'); if(!isset($_POST['email']) && !isset($_POST['password']) == 'true') { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['SCRIPT_NAME']?>"> Email: <input type="text" name="email" size="8" value="[email protected]" /> password:<input type="password" name="password" size="8" value="1e6ffc" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { dbconnect('web2'); $sql = "SELECT * FROM `user` WHERE email ='$_POST[email]' AND password ='$_POST[password]'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if(!$result) error('contact db admin'); elseif(!$row) error('no match please check email'); else { echo " <script language='javascript'> window.location = \"index_part2.php\"; </script>"; } mysql_free_result($result); } ?> <?php @include('common.php'); @include('db.php'); if(!isset($_POST['password1']) && !isset($_POST['password2'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['SCRIPT_NAME']?>"> <!-- username: <input type="text" name"uname" size="8" value="rpowell" /> --!> password: <input type="text" name="uname" size="8" value="rpowell" /> password: <input type="password" name="password1" size="8" value="hi" /> password confirmation:<input type="password" name="password2" size="8" value="hi" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { if($_POST['password1'] == $_POST['password2']) { $user = $_POST['uname']; dbconnect('web2'); $sql = "UPDATE `user` SET password ='$_POST[password1]' WHERE userid ='$user'"; mysql_query($sql); $check = "SELECT password FROM `user` WHERE userid ='$user'"; $result = mysql_query($check); $row = mysql_fetch_assoc($result); if($_POST['password1'] != $row['password']){ echo $_POST['uname']; echo "</br>"; echo $user; echo " </br>"; echo $_POST['password1']; echo " </br>"; echo $_POST['password2']; echo " </br>"; echo $row['password']; echo " </br>"; echo $user; error('contact db admin'); } else { echo " <script language='javascript'> window.location = \"homepage.php\"; </script>"; } mysql_free_result($result); } } ?> thanks again for your help. Link to comment https://forums.phpfreaks.com/topic/217037-using-session-array-input-to-sql-database/#findComment-1129913 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.