soycharliente Posted July 30, 2007 Share Posted July 30, 2007 This section isn't working. I don't really know what information you might need so please feel free to ask for anything that might help clear it up. <?php $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'XXX'))='$rid'"; ?> $rid is a hidden field pulled from a $_GET. It's on a password reset form. It's an md5 hash. The form: <form action="resetPassword.php" method="post"> <input type="hidden" name="rid" value="<?php echo $_GET["rid"]; ?>" /> <p> New Password:<br /> <input type="text" name="new_pw" value="<?php echo $new_pw; ?>" maxlength="255" /><br /> <?php echo ($error_new_pw)?"<span class=\"red\">Enter a valid password. Read the guidelines below.</span><br />":""; ?> <span class="gray smaller">Password should be between 5 and 16 characters long and consist of only letters and numbers.</span> </p> <p> <input type="submit" name="submit_resetPassword" value="Reset Password" /> - <input type="reset" name="reset_resetPassword" value="Clear" /> </p> </form> Processing: <?php if (isset($_POST["submit_resetPassword"])) { if (isset($_POST)) { foreach ($_POST as $key => $val) { $_POST[$key] = myEscape($val); } } $new_pw = $_POST["new_pw"]; $rid = $_POST["rid"]; $error_new_pw = (preg_match("/^[a-zA-Z0-9]{5,16}$/", $new_pw)) ? FALSE : TRUE; $resetPass = FALSE; if (!$error_new_pw) { dbconnect(); $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query); $resetPass = TRUE; $query = "SELECT * FROM blog_users WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query) or DIE("Error: RESET PASSWORD LOGIN. Contact Webmaster.); if (mysql_num_rows($result) > 0) { $r = mysql_fetch_assoc($result); $user = $r["username"]; $pass = $r["password"]; if ($un == $user && $pw == $pass) { $_SESSION["user"] = $un; $loggedin = TRUE; $loginError = FALSE; updateLastLogin(getUserId($_SESSION["user"])); header("Location: index.php"); exit; } } } } ?> Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/ Share on other sites More sharing options...
trq Posted July 30, 2007 Share Posted July 30, 2007 Try... $result = mysql_query($query) or die(mysql_error()); What error do you get? Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-310968 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 I'm not getting any errors. The query just isn't updating to reflect the new password. I'm able to login with my old password and the new password just gives me the login error that I set up on the login page. Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-310970 Share on other sites More sharing options...
trq Posted July 30, 2007 Share Posted July 30, 2007 Did you modify the code as suggested? And have you got error reporting/display errors on? Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-310974 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Yes I did put that in. I'm not getting any errors. And have you got error reporting/display errors on? I don't know what that means. Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-310978 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 display_errors - On - On I saw that when I ran php_info(). I don't have access to a .ini file. Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-310981 Share on other sites More sharing options...
akitchin Posted July 30, 2007 Share Posted July 30, 2007 you can use mysql_affected_rows() to find out how many rows are affected by INSERT, REPLACE, UPDATE and DELETE queries. might come in handy for figuring out whether something is being updated or not. since it seems it isn't, i'm going to guess the culprit is your WHERE clause. if there are no errors, it means it's a var issue and not a syntax issue. you say you're passing $rid by GET, but you're assigning it via $_POST. could that be the issue? Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-310990 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Did I place it wrong? It looks right to me. I checked the source and everything is there. I'm placing it into the form via $_GET to populate a value attribute and then posting it to the page that processes it. Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311005 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Got this error: Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in /resetPassword.php on line 75 That's this line: <?php $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'XXXXXX'))='$rid'"; ?> Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311008 Share on other sites More sharing options...
akitchin Posted July 30, 2007 Share Posted July 30, 2007 it's always helpful to echo your stuff before running it to see exactly what's going on: echo 'email: '.$email.', lastlogin: '.$lastlogin.', RID: '.$rid; $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query); $resetPass = TRUE; $query = "SELECT * FROM blog_users WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query) or DIE("Error: RESET PASSWORD LOGIN. Contact Webmaster."); you were also missing an ending quote on the DIE() statement after the select. msqyl_affected_rows() is like mysql_insert_id() - you don't feed it anything (or if you do, you feed it the connection resource, but not the query resource). Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311010 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 it's always helpful to echo your stuff before running it to see exactly what's going on: echo 'email: '.$email.', lastlogin: '.$lastlogin.', RID: '.$rid; $query = "UPDATE blog_users SET password='$new_pw' WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query); $resetPass = TRUE; $query = "SELECT * FROM blog_users WHERE MD5(CONCAT('$email', '$lastlogin', 'rbx4life'))='$rid'"; $result = mysql_query($query) or DIE("Error: RESET PASSWORD LOGIN. Contact Webmaster."); you were also missing an ending quote on the DIE() statement after the select. msqyl_affected_rows() is like mysql_insert_id() - you don't feed it anything (or if you do, you feed it the connection resource, but not the query resource). I saw that quote error. The page didn't even load when that wasn't there. Don't know how that version of my code made it into my post. Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311013 Share on other sites More sharing options...
pyrodude Posted July 30, 2007 Share Posted July 30, 2007 I don't have any idea about the issue with your code, but I'm curious: why do you tell the user to limit their password to 16 characters but the textbox for the password has maxlength:255 set? Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311060 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 I copy/pasted the code from another form. Guess I forgot to change that. Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311078 Share on other sites More sharing options...
akitchin Posted July 30, 2007 Share Posted July 30, 2007 so, what's the scoop? is it still not working? are you still getting an error on mysql_affected_rows(), even without passing anything to it? is it just not updating? are the variables correct? Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311098 Share on other sites More sharing options...
soycharliente Posted July 30, 2007 Author Share Posted July 30, 2007 Still have the same Warning: mysql_affected_rows(): supplied argument is not a valid MySQL-Link resource in /resetPassword.php on line 75 I think I narrowed the problem down, but it's SQL related and not PHP so I asked about it somewhere else. Link to comment https://forums.phpfreaks.com/topic/62483-solved-query-problem/#findComment-311125 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.