soycharliente Posted July 30, 2007 Share Posted July 30, 2007 This section isn't working. I don't really know what information you might need so please feel free to ask for anything that might help clear it up. <?php $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'XXX'))='$rid'"; ?> $rid is a hidden field pulled from a $_GET. It's on a password reset form. It's an md5 hash. The form: <form action="resetPassword.php" method="post"> <input type="hidden" name="rid" value="<?php echo $_GET["rid"]; ?>" /> <p> New Password:<br /> <input type="text" name="new_pw" value="<?php echo $new_pw; ?>" maxlength="255" /><br /> <?php echo ($error_new_pw)?"<span class=\"red\">Enter a valid password. Read the guidelines below.</span><br />":""; ?> <span class="gray smaller">Password should be between 5 and 16 characters long and consist of only letters and numbers.</span> </p> <p> <input type="submit" name="submit_resetPassword" value="Reset Password" /> - <input type="reset" name="reset_resetPassword" value="Clear" /> </p> </form> Processing: <?php if (isset($_POST["submit_resetPassword"])) { if (isset($_POST)) { foreach ($_POST as $key => $val) { $_POST[$key] = myEscape($val); } } $new_pw = $_POST["new_pw"]; $rid = $_POST["rid"]; $error_new_pw = (preg_match("/^[a-zA-Z0-9]{5,16}$/", $new_pw)) ? FALSE : TRUE; $resetPass = FALSE; if (!$error_new_pw) { dbconnect(); $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query); $resetPass = TRUE; $query = "SELECT * FROM blog_users WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query) or DIE("Error: RESET PASSWORD LOGIN. Contact Webmaster.); if (mysql_num_rows($result) > 0) { $r = mysql_fetch_assoc($result); $user = $r["username"]; $pass = $r["password"]; if ($un == $user && $pw == $pass) { $_SESSION["user"] = $un; $loggedin = TRUE; $loginError = FALSE; updateLastLogin(getUserId($_SESSION["user"])); header("Location: index.php"); exit; } } } } ?> Quote Link to comment Share on other sites More sharing options...
trq Posted July 30, 2007 Share Posted July 30, 2007 Try... $result = mysql_query($query) or die(mysql_error()); What error do you get? Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 I'm not getting any errors. The query just isn't updating to reflect the new password. I'm able to login with my old password and the new password just gives me the login error that I set up on the login page. Quote Link to comment Share on other sites More sharing options...
trq Posted July 30, 2007 Share Posted July 30, 2007 Did you modify the code as suggested? And have you got error reporting/display errors on? Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Yes I did put that in. I'm not getting any errors. And have you got error reporting/display errors on? I don't know what that means. Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 display_errors - On - On I saw that when I ran php_info(). I don't have access to a .ini file. Quote Link to comment Share on other sites More sharing options...
akitchin Posted July 30, 2007 Share Posted July 30, 2007 you can use mysql_affected_rows() to find out how many rows are affected by INSERT, REPLACE, UPDATE and DELETE queries. might come in handy for figuring out whether something is being updated or not. since it seems it isn't, i'm going to guess the culprit is your WHERE clause. if there are no errors, it means it's a var issue and not a syntax issue. you say you're passing $rid by GET, but you're assigning it via $_POST. could that be the issue? Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Did I place it wrong? It looks right to me. I checked the source and everything is there. I'm placing it into the form via $_GET to populate a value attribute and then posting it to the page that processes it. Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Got this error: Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in /resetPassword.php on line 75 That's this line: <?php $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'XXXXXX'))='$rid'"; ?> Quote Link to comment Share on other sites More sharing options...
akitchin Posted July 30, 2007 Share Posted July 30, 2007 it's always helpful to echo your stuff before running it to see exactly what's going on: echo 'email: '.$email.', lastlogin: '.$lastlogin.', RID: '.$rid; $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query); $resetPass = TRUE; $query = "SELECT * FROM blog_users WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query) or DIE("Error: RESET PASSWORD LOGIN. Contact Webmaster."); you were also missing an ending quote on the DIE() statement after the select. msqyl_affected_rows() is like mysql_insert_id() - you don't feed it anything (or if you do, you feed it the connection resource, but not the query resource). Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 it's always helpful to echo your stuff before running it to see exactly what's going on: echo 'email: '.$email.', lastlogin: '.$lastlogin.', RID: '.$rid; $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query); $resetPass = TRUE; $query = "SELECT * FROM blog_users WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query) or DIE("Error: RESET PASSWORD LOGIN. Contact Webmaster."); you were also missing an ending quote on the DIE() statement after the select. msqyl_affected_rows() is like mysql_insert_id() - you don't feed it anything (or if you do, you feed it the connection resource, but not the query resource). I saw that quote error. The page didn't even load when that wasn't there. Don't know how that version of my code made it into my post. Quote Link to comment Share on other sites More sharing options...
pyrodude Posted July 30, 2007 Share Posted July 30, 2007 I don't have any idea about the issue with your code, but I'm curious: why do you tell the user to limit their password to 16 characters but the textbox for the password has maxlength:255 set? Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 I copy/pasted the code from another form. Guess I forgot to change that. Quote Link to comment Share on other sites More sharing options...
akitchin Posted July 30, 2007 Share Posted July 30, 2007 so, what's the scoop? is it still not working? are you still getting an error on mysql_affected_rows(), even without passing anything to it? is it just not updating? are the variables correct? Quote Link to comment Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Still have the same Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in /resetPassword.php on line 75 I think I narrowed the problem down, but it's SQL related and not PHP so I asked about it somewhere else. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.