Error Reporting

[kayz100]

Hi guys can you all please help me. I am stuck with my script it keep inputting errors: Script below thanks

 

 

<?php  

session_start(); 

$password=$_GET['password']; 

include("phpfiles/maindb.php"); 

connect(); 

if(!isset($_POST['password'])){ 

$sql="select email from users where password='".$password."' and id=0"; 

$query = mysqli_query($maindb, $sql);

while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){

$email=$row['email']; 

   } 

If ($email!=''){ 

          $_SESSION['email']=$email; 

} 

else die("Invalid link or Password already changed");} 

$password=$_POST['password']; 

$email=$_SESSION['email']; 

if(!isset($password)){ 

echo '<form method="post"> 

enter your new password:<input type="password" name="password" /> 

<a href="index.php><input type="submit" value="Change Password">Back</span></a>

</form>';} 

if(isset($_POST['password'])&&isset($_SESSION['email'])) 

{ 

$sql="update users set password='".md5($password)."' where email='".$email."'"; 

$query = mysqli_query($maindb, $sql);

if(mysqli_query($maindb, $sql), "update users set id=1 where password='".$password."'");

echo "Your password has been changed successfully"; 

if(!$query)echo "An error occurred"; 

    }

?>

 

 

[Muddy_Funster]

inputting what errors, where and when?

[fastsol]

I didn't even try to diagnose the issue, but I can tell you that you should seriously scrap this whole thing and start over with something that is actually secure and built correctly.  You are totally wide open for sql injection and security is NONE in your case.  There are some good video tutorials on youtube from phpacademy and betterphp, I would suggest starting there.

[kayz100]

Thanks guys I have taken your advise and am scrapping the whole thing