Jump to content

small program skipping else clause


lewashby
Go to solution Solved by lewashby,

Recommended Posts

In the following program can someone please tell me why my script is skipping the first else clause and never printing "You have already changed your password"? Everything else is working fine but when I enter in a username and password that have already been entered into the system it skips the portiong of code designed for that case. Thanks.

<?php

$email = $_POST['email'];
$psswd = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    $userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
    $userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

    if($email == $userEmail && $psswd == $userPsswd)
    {
        echo "You have already changed your password";
    }
    else
    {
        $file = fopen("./accounts.txt", 'r+') or die("Failed to open file");


        while(!feof($file))
        {
            $line = fgets($file);
            if(strpos($line, "$email") !== false)
            {
                echo "User was a match";
            if(strpos($line, "$psswd") !== false)
            {
            header("location: /ET/password/changepassword.html");
            break;
        }
        else
        {
            echo "Invalid password";
            break;
        }
        }
        else
        {
            echo "Invalid email address";
        break;
        }
    }
    }

    fclose($file);
}
?>

 

Link to comment
Share on other sites

You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. 

$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");
Link to comment
Share on other sites

 

You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. 

$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

Is that not exactly what I did? It looks like you just copied two have my own lines and pated them here. What am I missing? Thanks.

Link to comment
Share on other sites

you need to read documentation and examples in order to use programming languages. it's simply impossible to get them to work in any reasonable amount of time if you don't.

 

the SQLite3::query method -

 
Return Values

Returns an SQLite3Result object if the query returns results. Otherwise, returns TRUE if the query succeeded, FALSE on failure.

 

 

to fetch the data from a SQLite3Result object, you must use the ->fetchArray() method - http://php.net/manual/en/sqlite3.query.php

Link to comment
Share on other sites

 

You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. 

$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

I have also tried the fetch array method. The page displays but still adds an error entry to /var/log/apache2/error.log when I include the SQLITE_NUM option and also display but give no error when I leave that option out. Either way the code to check against that string is still being skipped.

Link to comment
Share on other sites

Here's where I'm at now.

<?php

$email = $_POST['email'];
$psswd = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    //$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
    //$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");
    $row1 = $db->query("SELECT email FROM users WHERE email='$email'");
    $row2 = $db->query("SELECT password FROM users WHERE email='$email'");

    $userEmail = $row1->fetchArray();
    $userPsswd = $row2->fetchArray();

    if($email == $userEmail && $psswd == $userPsswd)
    {
        echo "You have already changed your password";
    }
    else
    {
        $file = fopen("./accounts.txt", 'r+') or die("Failed to open file");


        while(!feof($file))
        {
            $line = fgets($file);
            if(strpos($line, "$email") !== false)
            {
                echo "User was a match";
            if(strpos($line, "$psswd") !== false)
            {
            header("location: ./changepassword.html");
            break;
        }
        else
        {
            echo "Invalid password";
            break;
        }
        }
        else
        {
            echo "Invalid email address";
        break;
        }
    }
    }

    fclose($file);
}
?>
Link to comment
Share on other sites

 

<?php

$email = $_POST['email'];
$psswd = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    $result = $db->query("SELECT email, password FROM users WHERE email='$email'");
    $user = $result->fetchArray();

    if(!$user)
    {
         echo "No user match found in database.";
    }
    elseif($psswd == $user->password)
    {
        echo "You have already changed your password";
    }
    else
    {
        $file = fopen("./accounts.txt", 'r+') or die("Failed to open file");
        while(!feof($file))
        {
            $line = fgets($file);
            if(strpos($line, $email) !== false)
            {
                if(strpos($line, $psswd) !== false)
                {
                    header("location: ./changepassword.html");
                }
                else
                {
                    echo "User was a match in accounts.txt, Invalid password";
                }
                exit();
            }
        }
        fclose($file);
        echo "No user match found in accounts.txt file.";
    }
}
?>
Link to comment
Share on other sites

 

You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. 

$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");
<?php

$email = $_POST['email'];
$psswd = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    $result = $db->query("SELECT email, password FROM users WHERE email='$email'");
    $user = $result->fetchArray();

    if(!$user)
    {
         echo "No user match found in database.";
    }
    elseif($psswd == $user->password)
    {
        echo "You have already changed your password";
    }
    else
    {
        $file = fopen("./accounts.txt", 'r+') or die("Failed to open file");
        while(!feof($file))
        {
            $line = fgets($file);
            if(strpos($line, $email) !== false)
            {
                if(strpos($line, $psswd) !== false)
                {
                    header("location: ./changepassword.html");
                }
                else
                {
                    echo "User was a match in accounts.txt, Invalid password";
                }
                exit();
            }
        }
        fclose($file);
        echo "No user match found in accounts.txt file.";
    }
}
?>

Psycho - Thanks, I just tried it bit it still doesn't seem to be working. Does this line "if(!$user)" check to see if $user holds a 'false' value? The documentation says that the function will return false if there are no more rows, not if there is no match.

<?php

$email = $_POST['email'];
$psswd = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    //$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
    //$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

    $result = $db->query("SELECT email, password FROM users WHERE email='$email'");
    $user = $result->fetchArray();

    if(!$user)
    {
    echo 'No user match in database';
    }

    

    //if($email == $userEmail && $psswd == $userPsswd)
    elseif($psswd == $user->password)
    {
        echo "You have already changed your password";
    }
    else
    {
        $file = fopen("./accounts.txt", 'r+') or die("Failed to open file");


        while(!feof($file))
        {
            $line = fgets($file);
            if(strpos($line, "$email") !== false)
            {
                echo "User was a match";
            if(strpos($line, "$psswd") !== false)
            {
            header("location: ./changepassword.html");
            break;
        }
        else
        {
            echo "Invalid password";
            break;
        }
        }
        else
        {
            echo "Invalid email address";
        break;
        }
    }
    }

    fclose($file);
}
?>
Link to comment
Share on other sites

 

 

You only send these statements to your SQLite database. Then, you need to fetch the results from the DB server storing them to those two variables. 

$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");
<?php

$email = $_POST['email'];
$psswd = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    $result = $db->query("SELECT email, password FROM users WHERE email='$email'");
    $user = $result->fetchArray();

    if(!$user)
    {
         echo "No user match found in database.";
    }
    elseif($psswd == $user->password)
    {
        echo "You have already changed your password";
    }
    else
    {
        $file = fopen("./accounts.txt", 'r+') or die("Failed to open file");
        while(!feof($file))
        {
            $line = fgets($file);
            if(strpos($line, $email) !== false)
            {
                if(strpos($line, $psswd) !== false)
                {
                    header("location: ./changepassword.html");
                }
                else
                {
                    echo "User was a match in accounts.txt, Invalid password";
                }
                exit();
            }
        }
        fclose($file);
        echo "No user match found in accounts.txt file.";
    }
}
?>

Psycho - Thanks, I just tried it bit it still doesn't seem to be working. Does this line "if(!$user)" check to see if $user holds a 'false' value? The documentation says that the function will return false if there are no more rows, not if there is no match.

<?php

$email = $_POST['email'];
$psswd = $_POST['psswd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    //$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
    //$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

    $result = $db->query("SELECT email, password FROM users WHERE email='$email'");
    $user = $result->fetchArray();

    if(!$user)
    {
    echo 'No user match in database';
    }

    

    //if($email == $userEmail && $psswd == $userPsswd)
    elseif($psswd == $user->password)
    {
        echo "You have already changed your password";
    }
    else
    {
        $file = fopen("./accounts.txt", 'r+') or die("Failed to open file");


        while(!feof($file))
        {
            $line = fgets($file);
            if(strpos($line, "$email") !== false)
            {
                echo "User was a match";
            if(strpos($line, "$psswd") !== false)
            {
            header("location: ./changepassword.html");
            break;
        }
        else
        {
            echo "Invalid password";
            break;
        }
        }
        else
        {
            echo "Invalid email address";
        break;
        }
    }
    }

    fclose($file);
}
?>

 

PHP Notice:  Trying to get property of non-object in /var/www/ET/password/accounts.php on line 28

Link to comment
Share on other sites

Psycho - Thanks, I just tried it bit it still doesn't seem to be working. Does this line "if(!$user)" check to see if $user holds a 'false' value? The documentation says that the function will return false if there are no more rows, not if there is no match.
 
Think about what you just said. The function fetchArray() will return false if there are no more rows in the result set. So, what do you think will happen if NO rows were in the result set and you called fetchArray()? Hint: it would return false!. Since you are expecting only one record, the code calls fetchArray() once, so if it returns false you know there were no records in the result set (although the code currently has no handling n the case of a failed query) - thus tthere was no record that matched the email address. This is basic logic.
 

 

PHP Notice:  Trying to get property of non-object in /var/www/ET/password/accounts.php on line 28

 

Ah, the results are being fetched using fetchArray(), not fetchObject(), so the references to the values need to be as an array and not an object. Change

 

elseif($psswd == $user->password)

 

to

 

elseif($psswd == $user['password'])
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.