Jump to content

Logical Statement Always Returning False

Colton.Wagner

By Colton.Wagner
in PHP Coding Help

 Share

Recommended Posts

Colton.Wagner Member

Colton.Wagner

Posted
Posted

So here's the issue I am having. I have created an IF statement that is testing to see if the stored password is equal to the user entered password. They are both encrypted and I have verified that the two variables are equal to each other. So the question is why does it always come back false?

 

if($row = mysql_fetch_array($query) && ($row['Password'] ==  $encrypt->password($_POST['Current_Password'])))

 

I have verified that they are both equal to each other but it always goes to the else statment and prints an error. Any thoughts? I appreciate your time in advanced.

Link to comment
Share on other sites
Colton.Wagner Member

Colton.Wagner

Posted
  • Author
Posted

Heres the entire snippet. Let me know what you think.

 

if(!isset($_GET['sub']) || ($_GET['sub'] == 1)) {
  // Display Current Settings
   if(!isset($_GET['edit']) && ($_GET['edit'] != "true")) {
 $content = "<div id=\"TopNavLeft\"></div>";
 $content .= "<div id=\"BlueHeader\">Edit Personal Settings</div>";
 $content .= "<div id=\"CMSMain\">";
 $content .= "<table width=\"700\"><form action=\"./?tier=3&sub=1&edit=true\" method=\"post\" name=\"Edit Settings\">";
 $content .= "<tr><td colspan=\"3\">Please verify that the information listed below is correct.</td></tr>";
 // Query Current Record in Database
  $Username = $_SESSION['Username'];
  $query = mysql_query("SELECT * FROM adminusers WHERE Username='$Username'");
  // Fetch the information and display it
   if($row = mysql_fetch_array($query)){
    $content .= "<tr><td style=\"width: 150px;\">Username</td><td style=\"width: 150px;\">:</td><td><input type=\"text\" name=\"Username\" value=\"" . $row['Username'] . "\" readonly=\"readonly\" size=\"35\" /></td></tr>";
    $content .= "<tr><td>First Name</td><td>:</td><td><input type=\"text\" name=\"First_Name\" value=\"" . $row['First_Name'] . "\" size=\"35\" /></td></tr>";
    $content .= "<tr><td>Last Name</td><td>:</td><td><input type=\"text\" name=\"Last_Name\" value=\"" . $row['Last_Name'] . "\" size=\"35\" /></td></tr>";
    $content .= "<tr><td>Email</td><td>:</td><td><input type=\"text\" name=\"Email\" value=\"" . $row['Email'] . "\" size=\"35\" /></td></tr>";
    $content .= "<tr><td colspan=\"3\"> </td></tr>";
    $content .= "<tr><td>Current Password</td><td>:</td><td><input type=\"password\" name=\"Current_Password\" size=\"35\" /></td></tr>";
    $content .= "<tr><td>New Password</td><td>:</td><td><input type=\"password\" name=\"New_Password\" size=\"35\" /></td></tr>";
    $content .= "<tr><td>Verify Password</td><td>:</td><td><input type=\"password\" name=\"Verify_Password\" size=\"35\" /></td></tr>";
    $content .= "<tr><td colspan=\"2\"> </td><td style=\"text-align: left\"><input type=\"submit\" value=\"Submit\" /></td></tr>";
   }
 $content .= "</form></table></div>";
   } else {
   // Insert the header
   $content = "<div id=\"TopNavLeft\"></div>";
   $content .= "<div id=\"BlueHeader\">Personal Settings Updated</div>";
   $content .= "<div id=\"CMSMain\">";

   // Verify Current Password, Validity of Email, and that Passwords Match.
 $query = mysql_query("SELECT * FROM adminusers WHERE Username='$_SESSION[username]'");
 if($row = mysql_fetch_array($query) && ($row['Password'] ==  $encrypt->password($_POST['Current_Password']))){
  if($check->email($_POST['Email']) == true){
   if($check->password($_POST['New_Password'],$_POST['Verify_Password']) == true){
   //Encrypt the password and Update the database. 
    $Password = $encrypt->password($_POST['New_Password']);
    $edit->admin($_SESSION['Username'], $Password, $_POST['First_Name'], $_POST['Last_Name'], $_POST['Email']);
    $content .= "<p>Thank you, " . $_POST['First_Name'] . " " . $_POST['Last_Name'] . " your settings have been updated. Please make sure you check your messaging inbox regularly. Important security message(s) will be received directly into this inbox and it will help keep your website safe.";
   } else {
   // Passwords did not match each other.
    $content .= "<p>The passwords that you entered did not match each other. Please return to the previous screen and try again. If the problem remains persistent please contact your webmaster.</p>";
   }
  } else {
  // Email address was not formatted properly.
   $content .= "<p>The email address that you entered does not appear to be valid. Please try the process again or contact your webmaster.</p>";
  }
 } else {
 // Password was not correct. Please try again.
  $content .= "<p>There seems to be a problem. The password that you entered did not match our records. Please try again or contact your webmaster. " . $encrypt->password($_POST['Current_Password']) . " = " . $row['Password'] . "</p>";
 }
   $content .= "</div>";
   }
  }

Link to comment
Share on other sites
Andy123 Newbie

Andy123

Posted
Posted

Yes, please post a var_dump. Also, watch out for SQL injection. Perhaps you have already escaped the $_SESSION['Username'], but in my opinion it is better to do it before using it in a query. That way you always have access to the original value and can manipulate it in any way that you need it and you will not find yourself wondering whether or not the value has already been escaped. Just a little heads up. :)

Link to comment
Share on other sites
mikosiko Newbie

mikosiko

Posted
Posted

if($row = mysql_fetch_array($query) && ($row['Password'] == $encrypt->password($_POST['Current_Password'])))

 

 

I could bet that you are getting a NOTICE message in this line telling you "Notice: Undefined variable row in.....", and hence your IF is evaluating to FALSE

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted (edited) 

if($row = mysql_fetch_array($query) && ($row['Password'] ==  $encrypt->password($_POST['Current_Password'])))

 

Is interpreted as in this order:

1. ($row['Password'] == $encrypt->password($_POST['Current_Password']) -> Undefined variable $row <=> false

2. mysql_fetch_array($query) && (Result of #1) <=> true && false <=> false

3. $row = (Result of #2) <=> $row == false

 

Solution:

Wrap $row = mysql_fetch_array($query) in ()

 

This is a common mistake and can be avoided by just Keeping It Simple.

 

You can test this on the CLI:

 

$ php -derror_reporting=-1 -ddisplay_errors=1 -r "($foo = true && ($foo == true));"
Notice: Undefined variable: foo in Command line code on line 1

Edited by ignace
Link to comment
Share on other sites
Colton.Wagner Member

Colton.Wagner

Posted
  • Author
Posted 

if($row = mysql_fetch_array($query) && ($row['Password'] == $encrypt->password($_POST['Current_Password'])))

 

Is interpreted as in this order:

1. ($row['Password'] == $encrypt->password($_POST['Current_Password']) -> Undefined variable $row <=> false

2. mysql_fetch_array($query) && (Result of #1) <=> true && false <=> false

3. $row = (Result of #2) <=> $row == false

 

Solution:

Wrap $row = mysql_fetch_array($query) in ()

 

This is a common mistake and can be avoided by just Keeping It Simple.

 

You can test this on the CLI:

 

$ php -derror_reporting=-1 -ddisplay_errors=1 -r "($foo = true && ($foo == true));"
Notice: Undefined variable: foo in Command line code on line 1

 

I wrapped the line in parenthesis like you requested but it still did not resolve the issue. Here is an example:

 

if(($row = mysql_fetch_array($query)) && ($row['Password'] == $encrypt->password($_POST['CurrentPassword']))){

 

I'm going to try a var_dump() now and see if that works.

Link to comment
Share on other sites
mikosiko Newbie

mikosiko

Posted
Posted (edited)

I wrapped the line in parenthesis like you requested but it still did not resolve the issue. Here is an example:

 

if(($row = mysql_fetch_array($query)) && ($row['Password'] == $encrypt->password($_POST['CurrentPassword']))){

 

I'm going to try a var_dump() now and see if that works.

 

In benefit of others reading this... The solution provided for Ignace of course works, and did solve the original issue that you had (an undefined variable $row), now if after solve that issue your expression still evaluating to FALSE could means that, either your previous query is not returning results (and you are not validating that in your code) or the comparison between your stored password and the posted one is evaluating to false because they doesn't match.

 

your original code was (now with Ignace suggestion in place)

 

// Verify Current Password, Validity of Email, and that Passwords Match.
$query =mysql_query("SELECT * FROM adminusers WHERE Username='$_SESSION[username]'");
if(($row = mysql_fetch_array($query)) && ($row['Password'] == $encrypt->password($_POST['Current_Password']))){

 

suggestions:

- Validate that your raw query is correct. (separate it from the mysql_query() and echo it first).

- Validate that the query is returning values and not evaluating to FALSE.

- Validate that the stored password match the Posted password after your call your $encrypt->password() method

Edited by mikosiko
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.