Tom8001 Posted December 5, 2014 Share Posted December 5, 2014 here is my change password script (This is being done by the admin) <?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); require 'connect.php'; if(isset($_POST['change'])) { $newp = trim($_POST['npass']); $confp = trim($_POST['cpass']); if(empty(trim($newp))) { echo "<h3><center>You did not enter a new password!</center></h3>"; exit(); } if(empty(trim($confp))) { echo "<h3><center>You must confirm the password!</center></h3>"; exit(); } if($confp !== $newp) { echo "Passwords do not match!, try again."; } else { $sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '"; echo " ".$row['username']."\s password has been reset! "; } } ?> <html><title> Change password </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head> <body> <div id="form"> <form action='' method='POST'> <h2><b><center>Change Password</center></b></h2><br> <tr> <td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br> <td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br> <td><input type="submit" name="change" value="Change!" /></td> </tr> </form> </div><!-- end of form div --> </body> </html> I'm getting Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30 Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32 And it say's \s password has been reset! It's saying that the variable row is undefined, it's defined in my edit user / select user page <?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); session_start(); require 'connect.php'; echo "<title> Edit a user </title>"; $sql = "SELECT id, username FROM $tbl_name ORDER BY username"; $result = $con->query($sql); while ($row = $result->fetch_assoc()) { echo "<div id='l'><tr><td>{$row['username']}</td> | <td><a href='editUser.php?id={$row['id']}'>Edit User</a> |</td> <td><a href='changepassword.php?id={$row['id']}'>Change Password</a> |</td> <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br> </tr></div>\n"; } ?> Also it doesn't actually UPDATE the password. Quote Link to comment Share on other sites More sharing options...
Psycho Posted December 5, 2014 Share Posted December 5, 2014 Tom, You need to take a step back and understand what the code is doing. Yes, you define $row in the select user page. First of all, every page request to the server is a new process. After each page is completed processing, and data help in memory is released. Variables don't persist from one request to another. Second, although $row is defined in that page, it is redefined as each record is processed. So, when the script is done executing, it only holds the values of the last record. So, what would make you think that if the user selects the first record, that $row (even if it was saved in memory) would hold the content of the first record. You pass the ID so, you have an identifier to pull the necessary data from the database. Also, I'm pretty sure this won't work as you expect. if(empty(trim($newp))) { You need to trim the value and put into a variable - then check if it is empty. $newp = trim($newp); if(empty($newp)) { Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 5, 2014 Author Share Posted December 5, 2014 $newp = trim($_POST['npass']); $confp = trim($_POST['cpass']); is in my code. Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 5, 2014 Author Share Posted December 5, 2014 wait no never mind about that i see what you mean Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 5, 2014 Author Share Posted December 5, 2014 I no longer get errors, but it still does not update the password. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted December 5, 2014 Share Posted December 5, 2014 you had a significant number of problems in the posted code, including not executing the UPDATE query at all. it would take seeing your current code in order to help you with it. Quote Link to comment Share on other sites More sharing options...
Tom8001 Posted December 5, 2014 Author Share Posted December 5, 2014 euser.php <?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); session_start(); require 'connect.php'; echo "<title> Edit a user </title>"; $sql = "SELECT id, username FROM $tbl_name ORDER BY username"; $result = $con->query($sql); while ($row = $result->fetch_assoc()) { echo "<div id='l'><tr><td>{$row['username']}</td> | <td><a href='editUser.php?id={$row['id']}'>Edit User</a> |</td> <td><a href='changepassword.php?id={$row['id']}&sec_key={$key}&auto={$auto}'>Change Password</a> |</td> <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br> </tr></div>\n"; } ?> <html> <head> <style> body { background-color: #000; color: yellow; font-weight: bold; font-family: Tahoma; } #l { color: aqua; text-align: center; margin-left: 0 auto; margin-right: 0 auto; } #l a { color: #ff0000; text-decoration: none; } #l a:hover { color: #fff; } </style> </head> <html> changepassword.php <?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); require 'connect.php'; if(isset($_POST['change'])) { $newp = trim($_POST['npass']); $confp = trim($_POST['cpass']); $newp = $con->real_escape_string($newp); $confp = $con->real_escape_string($confp); if(empty(($newp))) { echo "<h3><center>You did not enter a new password!</center></h3>"; exit(); } if(empty(($confp))) { echo "<h3><center>You must confirm the password!</center></h3>"; exit(); } if($confp !== $newp) { echo "Passwords do not match!, try again."; } else { $sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'"; $result = $con->query($sql); $row = $result->fetch_assoc(); $username = $row['username']; $update = "UPDATE password FROM $tbl_name WHERE pass='$newp'"; if($update) { echo " ".$row['username']." password has been reset! "; } else { die("Error"); } } } ?> <html><title> Change password </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both; border-radius: 5px;} #form input:hover {background-color: #111; color: #ff0000; font-weight: bold;}</style></head> <body> <div id="form"> <form action='' method='POST'> <h2><b><center><u> Change Password </u></center></b></h2><br> <tr> <td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br> <td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br> <td><input type="submit" name="change" value="Change!" /></td> <td><br><br><br><center><b><font color="red">Note:</font> Password must be 5 - 20 characters</b></center></td> </tr> </form> </div><!-- end of form div --> </body> </html> Quote Link to comment Share on other sites More sharing options...
LeJack Posted December 5, 2014 Share Posted December 5, 2014 I don't think you are really understanding what everyone is trying to tell you. I mean I don't blame you for trying to figure it out. You're just not understanding the basics. You're missing the while loop which should contain the $row part. This is a big deal because since in your first post, you showed \s password has been reset! Which this means what ever you were trying to pass didn't get passed because if it was let's say $row['example'], you need a while loop in order for it to pass. If you have it already defined inside a while loop and you're trying to use it outside of a while loop, you'll have to make it a variable. What everyone is telling you is that you're jumping this far too fast and you're not really understanding it. People are just giving you codes because they feel bad you aren't learning what you really need. You don't even understand the basics of selecting and updating a record using PHP. You should really go and read an article or something because you're just jumping this project of yours too fast. Even so, you're using regular queries which will get SQL injected if you don't escape your client inputs. Everything in your application is screaming "Help me". Quote Link to comment Share on other sites More sharing options...
Alex_ Posted December 6, 2014 Share Posted December 6, 2014 (edited) $update = "UPDATE password FROM $tbl_name WHERE pass='$newp'"; if($update) { echo " ".$row['username']." password has been reset! "; } else { die("Error"); } In short hand, you should, at the moment, always end up at the echo $row['username'] part. Which may seem right, but it's really not. Here's a small list of wrongs in that piece of code: - Your UPDATE query is wrong. Specify table first, then column (see below). It's also missing a "correct" WHERE clause - You never execute the Update query at all - You're asking the Script if the String $update has a real value, which it does, but it's a string, and therefor it's considered valid, so you get the message but the password is never updated, for several reasons. Here's how your Update query should look like: $updateQuery = 'UPDATE tableName SET pass = newPassword WHERE uniqueIdentifier = value'; $update = $db->execute($updateQuery); if($update) { ... } else { ... } Where you replace uniqueIdentifier with something like username/userid, and the value being either the username/userid. I see no uniqueidentifiers in your code there, but guessing it could be in session. So try that. Edit: no clue where this fontcolor came from, but oh well! Edited December 6, 2014 by Alex_ Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted December 6, 2014 Share Posted December 6, 2014 Edit: no clue where this fontcolor came from, but oh well! it's because you copy/pasted some code from a post and the LOGIC behind the wysiwyg editor and just about everything else of the ipb forum software is lacking. to see what your post really is, you must switch to the text mode, the light-switch looking thing on the upper-left-hand side of the post form. Quote Link to comment Share on other sites More sharing options...
Solution hansford Posted December 7, 2014 Solution Share Posted December 7, 2014 (edited) The code you posted is missing key steps if you're trying to do an UPDATE operation in the database. As it is now, it will never work, has SQL errors and security issues. No where in this section of code do we see that you actually perform an UPDATE operation on the database. You incorrectly write an UPDATE statement and store it in a variable and that's it. ...And, what if more than one user has the same password? Not a good way to distinguish between users. Go by their username and password. Two users shouldn't be allowed to have the same username. $update = "UPDATE password FROM $tbl_name WHERE pass='$newp'"; if($update) { echo " ".$row['username']." password has been reset! "; } else { die("Error"); } Create the SQL statement and perform the UPDATE operation on the database. $update = "UPDATE $tbl_name SET password = '$newp' WHERE username = '$username'"; $result = mysql_query( $update ); if( $result ) { echo "success!" } Edited December 7, 2014 by hansford Quote Link to comment Share on other sites More sharing options...
LeJack Posted December 7, 2014 Share Posted December 7, 2014 @hansford Use MySQLi instead of MySQL if you're going to give an example to the OP. Giving deprecated functions is no different than what the OP is attempting to do. Quote Link to comment Share on other sites More sharing options...
hansford Posted December 7, 2014 Share Posted December 7, 2014 @hansford Use MySQLi instead of MySQL if you're going to give an example to the OP. Giving deprecated functions is no different than what the OP is attempting to do Well, he obviously isn't familiar with PDO and so the code would make no sense to him. He is just trying to grasp basic principles at this point and see some results. I believe we would have all gave up on programming years ago if we didn't see some results for our efforts, ever how poorly constructed etc. they were. Quote Link to comment Share on other sites More sharing options...
LeJack Posted December 7, 2014 Share Posted December 7, 2014 Well, he obviously isn't familiar with PDO and so the code would make no sense to him. He is just trying to grasp basic principles at this point and see some results. I believe we would have all gave up on programming years ago if we didn't see some results for our efforts, ever how poorly constructed etc. they were. That's why I said MySQLi. If you nor the OP is familiar with this name then I suggest reading up on it. Both PDO and MySQLi have the same features. They both use OOP, they both use prepared statements, they both use the same structure. MySQLi does exactly what PDO does except MySQLi uses both procedural coding and OOP coding. Also, MySQLi is way much faster than PDO. MySQLi and PDO are exactly a like except for a few things so arguing about PDO is better or MySQLi is better makes no difference because PDO is wrapped around the MySQLi drivers and MySQLi is just an improvement of the old deprecated MySQL. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.