Jump to content

Set Password Script is not working


Go to solution Solved by hansford,

Recommended Posts

here is my change password script (This is being done by the admin) 

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

require 'connect.php';

if(isset($_POST['change'])) {

	$newp = trim($_POST['npass']);
	$confp = trim($_POST['cpass']);

	if(empty(trim($newp))) {

		echo "<h3><center>You did not enter a new password!</center></h3>";

		exit();

	} if(empty(trim($confp))) {

		echo "<h3><center>You must confirm the password!</center></h3>";

		exit();

	} if($confp !== $newp) {

		echo "Passwords do not match!, try again.";
	} else {

		$sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '";

		echo " ".$row['username']."\s password has been reset! ";
	}
}

?>

<html><title>  Change password  </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head>
<body>
<div id="form">
	<form action='' method='POST'>
	<h2><b><center>Change Password</center></b></h2><br>
	<tr>
	<td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br>
	<td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br>
	<td><input type="submit" name="change" value="Change!" /></td>
</tr>
</form>
</div><!-- end of form div -->
</body>
</html>

I'm getting 

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32

And it say's 

\s password has been reset!

It's saying that the variable row is undefined, it's defined in my edit user / select user page 

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

session_start();

require 'connect.php';

echo "<title>  Edit a user  </title>";

$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
   	echo "<div id='l'><tr><td>{$row['username']}</td> |
        <td><a href='editUser.php?id={$row['id']}'>Edit User</a> |</td>
        <td><a href='changepassword.php?id={$row['id']}'>Change Password</a> |</td>
        <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br>
        </tr></div>\n";
}


?>

Also it doesn't actually UPDATE the password.

Link to comment
https://forums.phpfreaks.com/topic/292923-set-password-script-is-not-working/
Share on other sites

Tom,

 

You need to take a step back and understand what the code is doing. Yes, you define $row in the select user page.

 

First of all, every page request to the server is a new process. After each page is completed processing, and data help in memory is released. Variables don't persist from one request to another.

 

Second, although $row is defined in that page, it is redefined as each record is processed. So, when the script is done executing, it only holds the values of the last record. So, what would make you think that if the user selects the first record, that $row (even if it was saved in memory) would hold the content of the first record.

 

You pass the ID so, you have an identifier to pull the necessary data from the database.

 

 

Also, I'm pretty sure this won't work as you expect.

 

if(empty(trim($newp))) {

 

You need to trim the value and put into a variable - then check if it is empty.

 

$newp = trim($newp);
if(empty($newp)) {

euser.php 

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

session_start();

require 'connect.php';

echo "<title>  Edit a user  </title>";

$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
   	echo "<div id='l'><tr><td>{$row['username']}</td> |
        <td><a href='editUser.php?id={$row['id']}'>Edit User</a> |</td>
        <td><a href='changepassword.php?id={$row['id']}&sec_key={$key}&auto={$auto}'>Change Password</a> |</td>
        <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br>
        </tr></div>\n";
}


?>

<html>
<head>
<style>
body {

	background-color: #000;
	color: yellow;
	font-weight: bold;
	font-family: Tahoma;
}
#l {

	color: aqua;
	text-align: center;
	margin-left: 0 auto;
	margin-right: 0 auto;
}
#l a {

	color: #ff0000;
	text-decoration: none;
}
#l a:hover {

	color: #fff;
}
</style>
</head>

<html>

changepassword.php 

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

require 'connect.php';


if(isset($_POST['change'])) {

	$newp = trim($_POST['npass']);
	$confp = trim($_POST['cpass']);

	$newp = $con->real_escape_string($newp);
	$confp = $con->real_escape_string($confp);

	if(empty(($newp))) {

		echo "<h3><center>You did not enter a new password!</center></h3>";

		exit();

	} if(empty(($confp))) {

		echo "<h3><center>You must confirm the password!</center></h3>";

		exit();

	} if($confp !== $newp) {

		echo "Passwords do not match!, try again.";
	} else {

		$sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'";
		$result = $con->query($sql);
		$row = $result->fetch_assoc();
		$username = $row['username'];

		$update = "UPDATE password FROM $tbl_name WHERE pass='$newp'";

		if($update) {
		
			echo " ".$row['username']." password has been reset! ";

		} else {

			die("Error");
		}
	}
}

?>

<html><title>  Change password  </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both; border-radius: 5px;} #form input:hover {background-color: #111; color: #ff0000; font-weight: bold;}</style></head>
<body>
<div id="form">
	<form action='' method='POST'>
	<h2><b><center><u>  Change Password  </u></center></b></h2><br>
	<tr>
	<td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br>
	<td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br>
	<td><input type="submit" name="change" value="Change!" /></td>
	<td><br><br><br><center><b><font color="red">Note:</font> Password must be 5 - 20 characters</b></center></td>
</tr>
</form>
</div><!-- end of form div -->
</body>
</html>

:)

I don't think you are really understanding what everyone is trying to tell you. I mean I don't blame you for trying to figure it out. You're just not understanding the basics.

 

You're missing the while loop which should contain the $row part. This is a big deal because since in your first post, you showed

 

 

\s password has been reset!

 

Which this means what ever you were trying to pass didn't get passed because if it was let's say $row['example'], you need a while loop in order for it to pass. If you have it already defined inside a while loop and you're trying to use it outside of a while loop, you'll have to make it a variable.

 

What everyone is telling you is that you're jumping this far too fast and you're not really understanding it. People are just giving you codes because they feel bad you aren't learning what you really need.

 

You don't even understand the basics of selecting and updating a record using PHP. You should really go and read an article or something because you're just jumping this project of yours too fast.

 

Even so, you're using regular queries which will get SQL injected if you don't escape your client inputs. Everything in your application is screaming "Help me".

    $update = "UPDATE password FROM $tbl_name WHERE pass='$newp'";

        if($update) {
        
            echo " ".$row['username']." password has been reset! ";

        } else {

            die("Error");
        }

In short hand, you should, at the moment, always end up at the echo $row['username'] part. Which may seem right, but it's really not.

 

Here's a small list of wrongs in that piece of code:

- Your UPDATE query is wrong. Specify table first, then column (see below). It's also missing a "correct" WHERE clause

- You never execute the Update query at all

- You're asking the Script if the String $update has a real value, which it does, but it's a string, and therefor it's considered valid, so you get the message but the password is never updated, for several reasons.

 

Here's how your Update query should look like:

$updateQuery = 'UPDATE tableName SET pass = newPassword WHERE uniqueIdentifier = value';
$update = $db->execute($updateQuery);
if($update) {
...
} else {
...
}

Where you replace uniqueIdentifier with something like username/userid, and the value being either the username/userid. I see no uniqueidentifiers in your code there, but guessing it could be in session. So try that.

 

Edit: no clue where this fontcolor came from, but oh well!

Edited by Alex_
Edit: no clue where this fontcolor came from, but oh well!

 

 

it's because you copy/pasted some code from a post and the LOGIC behind the wysiwyg editor and just about everything else of the ipb forum software is lacking. to see what your post really is, you must switch to the text mode, the light-switch looking thing on the upper-left-hand side of the post form.

  • Solution

The code you posted is missing key steps if you're trying to do an UPDATE operation in the database.

As it is now, it will never work, has SQL errors and security issues. 

 

No where in this section of code do we see that you actually perform an UPDATE operation on the database.

You incorrectly write an UPDATE statement and store it in a variable and that's it. ...And, what if more than one user has the same password? Not a good way to distinguish between users. Go by their username and password. Two users shouldn't be allowed to have the same username.

$update = "UPDATE password FROM $tbl_name WHERE pass='$newp'";

		if($update) {
		
			echo " ".$row['username']." password has been reset! ";

		} else {

			die("Error");
		}

Create the SQL statement and perform the UPDATE operation on the database.

$update = "UPDATE $tbl_name SET password = '$newp' WHERE username = '$username'";

$result = mysql_query( $update );

if( $result ) {

echo "success!"

}
Edited by hansford

 

@hansford

Use MySQLi instead of MySQL if you're going to give an example to the OP. Giving deprecated functions is no different than what the OP is attempting to do

 

Well, he obviously isn't familiar with PDO and so the code would make no sense to him. He is just trying to grasp basic principles at this point and see some results. I believe we would have all gave up on programming years ago if we didn't see some results for our efforts, ever how poorly constructed etc. they were. 

Well, he obviously isn't familiar with PDO and so the code would make no sense to him. He is just trying to grasp basic principles at this point and see some results. I believe we would have all gave up on programming years ago if we didn't see some results for our efforts, ever how poorly constructed etc. they were. 

That's why I said MySQLi. If you nor the OP is familiar with this name then I suggest reading up on it. Both PDO and MySQLi have the same features. They both use OOP, they both use prepared statements, they both use the same structure.

 

MySQLi does exactly what PDO does except MySQLi uses both procedural coding and OOP coding. Also, MySQLi is way much faster than PDO. MySQLi and PDO are exactly a like except for a few things so arguing about PDO is better or MySQLi is better makes no difference because PDO is wrapped around the MySQLi drivers and MySQLi is just an improvement of the old deprecated MySQL.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.