lewashby Posted September 24, 2013 Share Posted September 24, 2013 In the following program can someone please tell me why my script is skipping the first else clause and never printing "You have already changed your password"? Everything else is working fine but when I enter in a username and password that have already been entered into the system it skips the portiong of code designed for that case. Thanks. <?php $email = $_POST['email']; $psswd = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); if(!$db) { echo "Could not open/access DB"; } else { $userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); $userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); if($email == $userEmail && $psswd == $userPsswd) { echo "You have already changed your password"; } else { $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, "$email") !== false) { echo "User was a match"; if(strpos($line, "$psswd") !== false) { header("location: /ET/password/changepassword.html"); break; } else { echo "Invalid password"; break; } } else { echo "Invalid email address"; break; } } } fclose($file); } ?> Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted September 24, 2013 Share Posted September 24, 2013 You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. $userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); $userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); Quote Link to comment Share on other sites More sharing options...
lewashby Posted September 29, 2013 Author Share Posted September 29, 2013 You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. $userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); $userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); Is that not exactly what I did? It looks like you just copied two have my own lines and pated them here. What am I missing? Thanks. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted September 29, 2013 Share Posted September 29, 2013 you need to read documentation and examples in order to use programming languages. it's simply impossible to get them to work in any reasonable amount of time if you don't. the SQLite3::query method - Return ValuesReturns an SQLite3Result object if the query returns results. Otherwise, returns TRUE if the query succeeded, FALSE on failure. to fetch the data from a SQLite3Result object, you must use the ->fetchArray() method - http://php.net/manual/en/sqlite3.query.php Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted September 29, 2013 Share Posted September 29, 2013 In addition to what mac said, you need to combine these two sql queries into one query. Quote Link to comment Share on other sites More sharing options...
lewashby Posted September 30, 2013 Author Share Posted September 30, 2013 You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. $userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); $userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); I have also tried the fetch array method. The page displays but still adds an error entry to /var/log/apache2/error.log when I include the SQLITE_NUM option and also display but give no error when I leave that option out. Either way the code to check against that string is still being skipped. Quote Link to comment Share on other sites More sharing options...
lewashby Posted September 30, 2013 Author Share Posted September 30, 2013 Here's where I'm at now. <?php $email = $_POST['email']; $psswd = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); if(!$db) { echo "Could not open/access DB"; } else { //$userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); //$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); $row1 = $db->query("SELECT email FROM users WHERE email='$email'"); $row2 = $db->query("SELECT password FROM users WHERE email='$email'"); $userEmail = $row1->fetchArray(); $userPsswd = $row2->fetchArray(); if($email == $userEmail && $psswd == $userPsswd) { echo "You have already changed your password"; } else { $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, "$email") !== false) { echo "User was a match"; if(strpos($line, "$psswd") !== false) { header("location: ./changepassword.html"); break; } else { echo "Invalid password"; break; } } else { echo "Invalid email address"; break; } } } fclose($file); } ?> Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 30, 2013 Share Posted September 30, 2013 Read the documentation. fetchArray(0 returns - an array! You are then trying to compare the string values sent in the POST data to those arrays - which will never return true. Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 30, 2013 Share Posted September 30, 2013 <?php $email = $_POST['email']; $psswd = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); if(!$db) { echo "Could not open/access DB"; } else { $result = $db->query("SELECT email, password FROM users WHERE email='$email'"); $user = $result->fetchArray(); if(!$user) { echo "No user match found in database."; } elseif($psswd == $user->password) { echo "You have already changed your password"; } else { $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, $email) !== false) { if(strpos($line, $psswd) !== false) { header("location: ./changepassword.html"); } else { echo "User was a match in accounts.txt, Invalid password"; } exit(); } } fclose($file); echo "No user match found in accounts.txt file."; } } ?> Quote Link to comment Share on other sites More sharing options...
lewashby Posted September 30, 2013 Author Share Posted September 30, 2013 You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. $userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); $userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); <?php $email = $_POST['email']; $psswd = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); if(!$db) { echo "Could not open/access DB"; } else { $result = $db->query("SELECT email, password FROM users WHERE email='$email'"); $user = $result->fetchArray(); if(!$user) { echo "No user match found in database."; } elseif($psswd == $user->password) { echo "You have already changed your password"; } else { $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, $email) !== false) { if(strpos($line, $psswd) !== false) { header("location: ./changepassword.html"); } else { echo "User was a match in accounts.txt, Invalid password"; } exit(); } } fclose($file); echo "No user match found in accounts.txt file."; } } ?> Psycho - Thanks, I just tried it bit it still doesn't seem to be working. Does this line "if(!$user)" check to see if $user holds a 'false' value? The documentation says that the function will return false if there are no more rows, not if there is no match. <?php $email = $_POST['email']; $psswd = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); if(!$db) { echo "Could not open/access DB"; } else { //$userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); //$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); $result = $db->query("SELECT email, password FROM users WHERE email='$email'"); $user = $result->fetchArray(); if(!$user) { echo 'No user match in database'; } //if($email == $userEmail && $psswd == $userPsswd) elseif($psswd == $user->password) { echo "You have already changed your password"; } else { $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, "$email") !== false) { echo "User was a match"; if(strpos($line, "$psswd") !== false) { header("location: ./changepassword.html"); break; } else { echo "Invalid password"; break; } } else { echo "Invalid email address"; break; } } } fclose($file); } ?> Quote Link to comment Share on other sites More sharing options...
lewashby Posted September 30, 2013 Author Share Posted September 30, 2013 You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. $userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); $userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); <?php $email = $_POST['email']; $psswd = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); if(!$db) { echo "Could not open/access DB"; } else { $result = $db->query("SELECT email, password FROM users WHERE email='$email'"); $user = $result->fetchArray(); if(!$user) { echo "No user match found in database."; } elseif($psswd == $user->password) { echo "You have already changed your password"; } else { $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, $email) !== false) { if(strpos($line, $psswd) !== false) { header("location: ./changepassword.html"); } else { echo "User was a match in accounts.txt, Invalid password"; } exit(); } } fclose($file); echo "No user match found in accounts.txt file."; } } ?> Psycho - Thanks, I just tried it bit it still doesn't seem to be working. Does this line "if(!$user)" check to see if $user holds a 'false' value? The documentation says that the function will return false if there are no more rows, not if there is no match. <?php $email = $_POST['email']; $psswd = $_POST['psswd']; $db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE); if(!$db) { echo "Could not open/access DB"; } else { //$userEmail = $db->query("SELECT email FROM users WHERE email='$email'"); //$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'"); $result = $db->query("SELECT email, password FROM users WHERE email='$email'"); $user = $result->fetchArray(); if(!$user) { echo 'No user match in database'; } //if($email == $userEmail && $psswd == $userPsswd) elseif($psswd == $user->password) { echo "You have already changed your password"; } else { $file = fopen("./accounts.txt", 'r+') or die("Failed to open file"); while(!feof($file)) { $line = fgets($file); if(strpos($line, "$email") !== false) { echo "User was a match"; if(strpos($line, "$psswd") !== false) { header("location: ./changepassword.html"); break; } else { echo "Invalid password"; break; } } else { echo "Invalid email address"; break; } } } fclose($file); } ?> PHP Notice: Trying to get property of non-object in /var/www/ET/password/accounts.php on line 28 Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 30, 2013 Share Posted September 30, 2013 Psycho - Thanks, I just tried it bit it still doesn't seem to be working. Does this line "if(!$user)" check to see if $user holds a 'false' value? The documentation says that the function will return false if there are no more rows, not if there is no match. Think about what you just said. The function fetchArray() will return false if there are no more rows in the result set. So, what do you think will happen if NO rows were in the result set and you called fetchArray()? Hint: it would return false!. Since you are expecting only one record, the code calls fetchArray() once, so if it returns false you know there were no records in the result set (although the code currently has no handling n the case of a failed query) - thus tthere was no record that matched the email address. This is basic logic. PHP Notice: Trying to get property of non-object in /var/www/ET/password/accounts.php on line 28 Ah, the results are being fetched using fetchArray(), not fetchObject(), so the references to the values need to be as an array and not an object. Change elseif($psswd == $user->password) to elseif($psswd == $user['password']) Quote Link to comment Share on other sites More sharing options...
Solution lewashby Posted October 1, 2013 Author Solution Share Posted October 1, 2013 Psycho - thanks that got it. This has been killing me for about two weeks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.