Colton.Wagner Posted October 18, 2012 Share Posted October 18, 2012 So here's the issue I am having. I have created an IF statement that is testing to see if the stored password is equal to the user entered password. They are both encrypted and I have verified that the two variables are equal to each other. So the question is why does it always come back false? if($row = mysql_fetch_array($query) && ($row['Password'] == $encrypt->password($_POST['Current_Password']))) I have verified that they are both equal to each other but it always goes to the else statment and prints an error. Any thoughts? I appreciate your time in advanced. Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/ Share on other sites More sharing options...
scootstah Posted October 18, 2012 Share Posted October 18, 2012 Perhaps the first part of the expression is failing. Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386173 Share on other sites More sharing options...
Colton.Wagner Posted October 18, 2012 Author Share Posted October 18, 2012 Heres the entire snippet. Let me know what you think. if(!isset($_GET['sub']) || ($_GET['sub'] == 1)) { // Display Current Settings if(!isset($_GET['edit']) && ($_GET['edit'] != "true")) { $content = "<div id=\"TopNavLeft\"></div>"; $content .= "<div id=\"BlueHeader\">Edit Personal Settings</div>"; $content .= "<div id=\"CMSMain\">"; $content .= "<table width=\"700\"><form action=\"./?tier=3&sub=1&edit=true\" method=\"post\" name=\"Edit Settings\">"; $content .= "<tr><td colspan=\"3\">Please verify that the information listed below is correct.</td></tr>"; // Query Current Record in Database $Username = $_SESSION['Username']; $query = mysql_query("SELECT * FROM adminusers WHERE Username='$Username'"); // Fetch the information and display it if($row = mysql_fetch_array($query)){ $content .= "<tr><td style=\"width: 150px;\">Username</td><td style=\"width: 150px;\">:</td><td><input type=\"text\" name=\"Username\" value=\"" . $row['Username'] . "\" readonly=\"readonly\" size=\"35\" /></td></tr>"; $content .= "<tr><td>First Name</td><td>:</td><td><input type=\"text\" name=\"First_Name\" value=\"" . $row['First_Name'] . "\" size=\"35\" /></td></tr>"; $content .= "<tr><td>Last Name</td><td>:</td><td><input type=\"text\" name=\"Last_Name\" value=\"" . $row['Last_Name'] . "\" size=\"35\" /></td></tr>"; $content .= "<tr><td>Email</td><td>:</td><td><input type=\"text\" name=\"Email\" value=\"" . $row['Email'] . "\" size=\"35\" /></td></tr>"; $content .= "<tr><td colspan=\"3\"> </td></tr>"; $content .= "<tr><td>Current Password</td><td>:</td><td><input type=\"password\" name=\"Current_Password\" size=\"35\" /></td></tr>"; $content .= "<tr><td>New Password</td><td>:</td><td><input type=\"password\" name=\"New_Password\" size=\"35\" /></td></tr>"; $content .= "<tr><td>Verify Password</td><td>:</td><td><input type=\"password\" name=\"Verify_Password\" size=\"35\" /></td></tr>"; $content .= "<tr><td colspan=\"2\"> </td><td style=\"text-align: left\"><input type=\"submit\" value=\"Submit\" /></td></tr>"; } $content .= "</form></table></div>"; } else { // Insert the header $content = "<div id=\"TopNavLeft\"></div>"; $content .= "<div id=\"BlueHeader\">Personal Settings Updated</div>"; $content .= "<div id=\"CMSMain\">"; // Verify Current Password, Validity of Email, and that Passwords Match. $query = mysql_query("SELECT * FROM adminusers WHERE Username='$_SESSION[username]'"); if($row = mysql_fetch_array($query) && ($row['Password'] == $encrypt->password($_POST['Current_Password']))){ if($check->email($_POST['Email']) == true){ if($check->password($_POST['New_Password'],$_POST['Verify_Password']) == true){ //Encrypt the password and Update the database. $Password = $encrypt->password($_POST['New_Password']); $edit->admin($_SESSION['Username'], $Password, $_POST['First_Name'], $_POST['Last_Name'], $_POST['Email']); $content .= "<p>Thank you, " . $_POST['First_Name'] . " " . $_POST['Last_Name'] . " your settings have been updated. Please make sure you check your messaging inbox regularly. Important security message(s) will be received directly into this inbox and it will help keep your website safe."; } else { // Passwords did not match each other. $content .= "<p>The passwords that you entered did not match each other. Please return to the previous screen and try again. If the problem remains persistent please contact your webmaster.</p>"; } } else { // Email address was not formatted properly. $content .= "<p>The email address that you entered does not appear to be valid. Please try the process again or contact your webmaster.</p>"; } } else { // Password was not correct. Please try again. $content .= "<p>There seems to be a problem. The password that you entered did not match our records. Please try again or contact your webmaster. " . $encrypt->password($_POST['Current_Password']) . " = " . $row['Password'] . "</p>"; } $content .= "</div>"; } } Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386174 Share on other sites More sharing options...
Pikachu2000 Posted October 18, 2012 Share Posted October 18, 2012 Do you have error reporting on? Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386175 Share on other sites More sharing options...
Colton.Wagner Posted October 18, 2012 Author Share Posted October 18, 2012 (edited) Do you have error reporting on? Absolutely, It does not display anything and when I check the error logs nothing is prevelant. Edited October 18, 2012 by Colton.Wagner Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386176 Share on other sites More sharing options...
Pikachu2000 Posted October 18, 2012 Share Posted October 18, 2012 Could be whitespace on one of the values. Have you tried trim()ming them? Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386182 Share on other sites More sharing options...
scootstah Posted October 19, 2012 Share Posted October 19, 2012 Try var_dump'ing each variable ($row['Password'] and $encrypt->password($_POST['Current_Password'])) and see what you get. Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386305 Share on other sites More sharing options...
Andy123 Posted October 19, 2012 Share Posted October 19, 2012 Yes, please post a var_dump. Also, watch out for SQL injection. Perhaps you have already escaped the $_SESSION['Username'], but in my opinion it is better to do it before using it in a query. That way you always have access to the original value and can manipulate it in any way that you need it and you will not find yourself wondering whether or not the value has already been escaped. Just a little heads up. Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386377 Share on other sites More sharing options...
mikosiko Posted October 19, 2012 Share Posted October 19, 2012 if($row = mysql_fetch_array($query) && ($row['Password'] == $encrypt->password($_POST['Current_Password']))) I could bet that you are getting a NOTICE message in this line telling you "Notice: Undefined variable row in.....", and hence your IF is evaluating to FALSE Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386383 Share on other sites More sharing options...
ignace Posted October 19, 2012 Share Posted October 19, 2012 (edited) if($row = mysql_fetch_array($query) && ($row['Password'] == $encrypt->password($_POST['Current_Password']))) Is interpreted as in this order: 1. ($row['Password'] == $encrypt->password($_POST['Current_Password']) -> Undefined variable $row <=> false 2. mysql_fetch_array($query) && (Result of #1) <=> true && false <=> false 3. $row = (Result of #2) <=> $row == false Solution: Wrap $row = mysql_fetch_array($query) in () This is a common mistake and can be avoided by just Keeping It Simple. You can test this on the CLI: $ php -derror_reporting=-1 -ddisplay_errors=1 -r "($foo = true && ($foo == true));" Notice: Undefined variable: foo in Command line code on line 1 Edited October 19, 2012 by ignace Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1386384 Share on other sites More sharing options...
Colton.Wagner Posted October 23, 2012 Author Share Posted October 23, 2012 if($row = mysql_fetch_array($query) && ($row['Password'] == $encrypt->password($_POST['Current_Password']))) Is interpreted as in this order: 1. ($row['Password'] == $encrypt->password($_POST['Current_Password']) -> Undefined variable $row <=> false 2. mysql_fetch_array($query) && (Result of #1) <=> true && false <=> false 3. $row = (Result of #2) <=> $row == false Solution: Wrap $row = mysql_fetch_array($query) in () This is a common mistake and can be avoided by just Keeping It Simple. You can test this on the CLI: $ php -derror_reporting=-1 -ddisplay_errors=1 -r "($foo = true && ($foo == true));" Notice: Undefined variable: foo in Command line code on line 1 I wrapped the line in parenthesis like you requested but it still did not resolve the issue. Here is an example: if(($row = mysql_fetch_array($query)) && ($row['Password'] == $encrypt->password($_POST['CurrentPassword']))){ I'm going to try a var_dump() now and see if that works. Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1387222 Share on other sites More sharing options...
mikosiko Posted October 23, 2012 Share Posted October 23, 2012 (edited) I wrapped the line in parenthesis like you requested but it still did not resolve the issue. Here is an example: if(($row = mysql_fetch_array($query)) && ($row['Password'] == $encrypt->password($_POST['CurrentPassword']))){ I'm going to try a var_dump() now and see if that works. In benefit of others reading this... The solution provided for Ignace of course works, and did solve the original issue that you had (an undefined variable $row), now if after solve that issue your expression still evaluating to FALSE could means that, either your previous query is not returning results (and you are not validating that in your code) or the comparison between your stored password and the posted one is evaluating to false because they doesn't match. your original code was (now with Ignace suggestion in place) // Verify Current Password, Validity of Email, and that Passwords Match. $query =mysql_query("SELECT * FROM adminusers WHERE Username='$_SESSION[username]'"); if(($row = mysql_fetch_array($query)) && ($row['Password'] == $encrypt->password($_POST['Current_Password']))){ suggestions: - Validate that your raw query is correct. (separate it from the mysql_query() and echo it first). - Validate that the query is returning values and not evaluating to FALSE. - Validate that the stored password match the Posted password after your call your $encrypt->password() method Edited October 23, 2012 by mikosiko Quote Link to comment https://forums.phpfreaks.com/topic/269652-logical-statement-always-returning-false/#findComment-1387293 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.