aebstract Posted February 20, 2008 Share Posted February 20, 2008 <?php mysql_connect("localhost","berryequipment","gU8Kso8Y") or die(mysql_error()); mysql_select_db("berryequipment_net_db"); echo "<table>"; $result = mysql_query("SELECT * FROM plants") or DIE(mysql_error()); $nmbrows = mysql_num_rows($result); while($r=mysql_fetch_array($result)) { $id=$r["id"]; $plantloc=$r["plantloc"]; $city=$r["city"]; $state=$r["state"]; $zip=$r["zip"]; $street=$r["street"]; $pt=$r["PT"]; $email=$r["email"]; for ($newid = 1; $newid <= $nmbrows; $newid++) { $length = "6"; $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; $i = "0"; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } $password2 = md5($password); mysql_query("UPDATE plants SET password=$password2 WHERE id=$newid") or DIE(mysql_error()); } echo "<tr><td>$plantloc</td><td width=10></td><td>$city, $state $zip</td><td width=10></td><td>$street</td><td width=10></td></tr> <br />$password <br />$email <br /><br />"; } echo "</table>"; ?> Suppose to simply update the password for every row in my table. Generating a new one for each account. Then I want it to all echo out in the page, this will be printed out one time and kept for reference to each account's password. I'm getting a white page with this: Unknown column 'c519880022deeb6d18a3aab3bbc27a6e' in 'field list' Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 20, 2008 Share Posted February 20, 2008 Try putting quotes around the password: mysql_query("UPDATE plants SET password='$password2' WHERE id=$newid") or DIE(mysql_error()); Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 Thanks Where is the solved button?! Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 20, 2008 Share Posted February 20, 2008 still broken :-\ Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 Okay I'm having a bit of trouble with this. I echoed all these results to a blank page so I could print it out and have record of the passwords that the database saved. I know my login form works, cause I have tested it out before, but with a more manual way of inserting passwords, vs setting them all at once. Well now I have tried many of these passwords that this generated for me but nothing is matching up. Here is my login: <?php if(isset($_SESSION["id"])) { header("Location: index.php?page=acchome"); exit(); } if(!isset($_SESSION["id"])) { if (isset ($_POST['submit'])) { $problem = FALSE; if (empty ($_POST['password'])) { $problem = TRUE; $error .= 'You must fill in a password <br />'; } if (!$problem) { $result = mysql_query("SELECT id, plantloc, password, city, state, zip, street FROM plants WHERE id=('$_POST[dropdown]') AND password=('".md5($_POST['password'])."')") or die ("error"); if (mysql_num_rows($result) == 0) { echo 'The pasword you entered did not match the plant location you chose.'; } else { $worked = mysql_fetch_array($result); $_SESSION["id"] = $worked[id]; if ($history == eqfps348){ header("Location: index.php?page=$history"); } else { header("Location: index.php?page=accounthome"); } } } } } $content .= '<center><table><tr><td> <form action="index.php?page=login" method="post"> Location: </td><td> <select name="dropdown">'; mysql_connect("localhost","berryequipment","gU8Kso8Y") or die(mysql_error()); mysql_select_db("berryequipment_net_db"); $result = mysql_query("SELECT * FROM plants ORDER BY plantloc ASC") or DIE(mysql_error()); while ($r=mysql_fetch_array($result)) { $id=$r["id"]; $plantloc=$r["plantloc"]; $content .= "<option value=\"$id\">$plantloc</option>\n"; } $content .= '</select> </td></tr><tr><td> Password: </td><td> <input type="password" maxlength="6" name="password" value="' . $_POST[password] . '" size="6" /> </td></tr><tr><td></td><td> <input type="submit" name="submit" value="login" /> </td></tr></table></center> </form>'; ?> Keeps returning my error of "The pasword you entered did not match the plant location you chose." This topic could have its own post but I decided to just keep it here. Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 Concatenate id=('$_POST[dropdown]') Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 Here... change this mysql_query("SELECT id, plantloc, password, city, state, zip, street FROM plants WHERE id=('$_POST[dropdown]') AND password=('".md5($_POST['password'])."')") or die ("error"); to this mysql_query("SELECT id, plantloc, password, city, state, zip, street FROM plants WHERE id='".$_POST['dropdown']."' AND password='".md5($_POST['password'])."'") or die (mysql_error()); Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 Got the same password did not match issue. You're just trying to fix the format of the way I did my query, but like I said (please read this part) this was working fine before I used the code in the first post on this topic. Here is what I used to put plants in to the database: <?php session_start(); header("Cache-control: private"); if (isset ($_POST['submit'])) { $problem = FALSE; if (empty ($_POST['plantloc'])) { $problem = TRUE; $error .= 'Must enter a plant location<br />'; } mysql_connect("localhost","berryequipment","gU8Kso8Y") or die(mysql_error()); mysql_select_db("berryequipment_net_db"); if (!$problem) { $plantloc = $_POST['plantloc']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $street = $_POST['street']; $email = $_POST['email']; $pt = $_POST['pt']; $length = "6"; $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; $i = "0"; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } $password2 = md5($password); $result = MYSQL_QUERY("INSERT INTO plants (plantloc,password,city,state,zip,street,PT,email)". "VALUES ('$plantloc', '$password2', '$city', '$state', '$zip', '$street', '$pt', '$email')") or die (mysql_error()); header("Location: account2.php"); } else { $content .= "$error"; } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>setup account</title> </head> <body> <?php $content .= '<form action="account2.php" method="post"> <br /> Plant Location: <br /><input type="text" maxlength="100" class="textfield" name="plantloc" size="40" value="' . $_POST[plantloc] . '" /><br /><br /> Plant City: <br /><input type="text" maxlength="100" class="textfield" name="city" size="40" value="' . $_POST[city] . '" /><br /><br /> Plant State: <br /><input type="text" maxlength="100" class="textfield" name="state" size="40" value="' . $_POST[state] . '" /><br /><br /> Plant Zip: <br /><input type="text" maxlength="100" class="textfield" name="zip" size="40" value="' . $_POST[zip] . '" /><br /><br /> Plant Street: <br /><input type="text" maxlength="100" class="textfield" name="street" size="40" value="' . $_POST[street] . '" /><br /><br /> Plant Email: <br /><input type="text" maxlength="100" class="textfield" name="email" size="40" value="' . $_POST[email] . '" /><br /><br /> Plant Type: <br /><input type="text" maxlength="100" class="textfield" name="pt" size="1" value="' . $_POST[pt] . '" /><br /><br /> <input type="submit" name="submit" value="submit" class="textfield" /></form>'; echo "$content"; ?> </body> </html> from this I am going to the top post and resetting all passwords. Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 Maybe I over looked it, but on your insert statement, do you md5 the $password variable anywhere? Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 never mind, i see it Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 What I would do is print both passwords to the browser. Echo the password from the record and echo the md5($_POST['password'] They'll both be in md5 but you can at least compare the two visually. Something tells me it's the comparison issue... just a thought. Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 wow, this must just not be my day. I tried adding a little bit so I can display both the password they are inputting, md5'd and the password from the db, now when I try to login, it just returns me to the same page.. no errors.. nothing. (password still filled in) <?php if(isset($_SESSION["id"])) { header("Location: index.php?page=acchome"); exit(); } if(!isset($_SESSION["id"])) { if (isset ($_POST['submit'])) { $problem = FALSE; if (empty ($_POST['password'])) { $problem = TRUE; $error .= 'You must fill in a password <br />'; } if (!$problem) { $result = mysql_query("SELECT id, plantloc, password, city, state, zip, street FROM plants WHERE id='".$_POST['dropdown']."' AND password='".md5($_POST['password'])."'") or die (mysql_error()); if (mysql_num_rows($result) == 0) { while($r=mysql_fetch_array($result)) { $password=$r["password"]; $passpass = md5($_POST['password']); echo 'The pasword you entered did not match the plant location you chose.<br /> your password: $passpass<br /> db password: $password'; } } else { $worked = mysql_fetch_array($result); $_SESSION["id"] = $worked[id]; if ($history == eqfps348){ header("Location: index.php?page=$history"); } else { header("Location: index.php?page=accounthome"); } } } } } $content .= '<center><table><tr><td> <form action="index.php?page=login" method="post"> Location: </td><td> <select name="dropdown">'; mysql_connect("localhost","berryequipment","gU8Kso8Y") or die(mysql_error()); mysql_select_db("berryequipment_net_db"); $result = mysql_query("SELECT * FROM plants ORDER BY plantloc ASC") or DIE(mysql_error()); while ($r=mysql_fetch_array($result)) { $id=$r["id"]; $plantloc=$r["plantloc"]; $content .= "<option value=\"$id\">$plantloc</option>\n"; } $content .= '</select> </td></tr><tr><td> Password: </td><td> <input type="password" maxlength="6" name="password" value="' . $_POST[password] . '" size="6" /> </td></tr><tr><td></td><td> <input type="submit" name="submit" value="login" /> </td></tr></table></center> </form>'; ?> Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 Is this the only thing you added? $passpass = md5($_POST['password']); Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 I added while($r=mysql_fetch_array($result)) { $password=$r["password"]; $passpass = md5($_POST['password']); and the closing bracket after the error echo. I added this so that I could display the password from db, might be a better/easier way I am not aware of. Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 Try this, I removed the AND PASSWORD=PASSWORD because it may not be getting a match... $result = mysql_query("SELECT id, plantloc, password, city, state, zip, street FROM plants WHERE id='".$_POST['dropdown']."'") or die (mysql_error()); if (mysql_num_rows($result) == 0) { while($r=mysql_fetch_array($result)) { $password=$r["password"]; $passpass = md5($_POST['password']); echo 'The pasword you entered did not match the plant location you chose.<br /> your password: $passpass<br /> db password: $password'; } Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 That password part has to be there, without it anyone can select any plant and instantly have access. edit: I think from my original code that I posted here, it isn't putting the passwords in the correct rows because of the way I'm trying to order it or something? Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 the id is not unique? I was doing this just to pull the password from the record. If we have that it must be password = password in the SQL statement and password does not match md5(password) we'll get no results and therefore we cannot view the password from that row. This is for trouble shooting only. Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 Returns with no message or anything still, check my edit message just above ^ Quote Link to comment Share on other sites More sharing options...
suttercain Posted February 20, 2008 Share Posted February 20, 2008 is the id column in your table an auto increment/primary key? Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 yes Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 20, 2008 Share Posted February 20, 2008 I revisited your code for generating the passwords and you had a problem. Try this code: <?php function makePass () { $length = 6; $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; for($i = 0;$i < $length;$i++) $password .= substr($possible, mt_rand(0, strlen($possible)-1), 1); return $password; } mysql_connect("****","*****","********") or die(mysql_error()); mysql_select_db("berryequipment_net_db"); echo "<table>"; $result = mysql_query("SELECT * FROM plants") or DIE(mysql_error()); while($r=mysql_fetch_array($result)){ $id=$r["id"]; $plantloc=$r["plantloc"]; $city=$r["city"]; $state=$r["state"]; $zip=$r["zip"]; $street=$r["street"]; $pt=$r["PT"]; $email=$r["email"]; $password = makePass(); $password2 = md5($password); mysql_query("UPDATE plants SET password='$password2' WHERE id=$id") or DIE(mysql_error()); echo "<tr><td>$plantloc</td><td width=10></td><td>$city, $state $zip</td><td width=10></td><td>$street</td><td width=10></td></tr> <br />$password <br />$email <br /><br />"; } echo "</table>"; ?> edit: The problem was, you were looping twice Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 on login: The password you entered did not match the plant location you chose. what problem were you referring to? I printed my results before and I only had one set of results? Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 20, 2008 Share Posted February 20, 2008 Yes, what was happening was FOR EACH RECORD { FOREACH RECORD { SET PASSWORD } OUTPUT ROW FROM FIRST LOOP WITH LAST PASSWORD FROM SECOND LOOP } So, each time the first loop ran, all the rows would get their passwords updated. And, the row printed would be for the last row updated. Long story short, big mess. Did you try my updated code? Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 20, 2008 Share Posted February 20, 2008 If you want to see it in action, change this in your original code: mysql_query("UPDATE plants SET password='$password2' WHERE id=$newid") or DIE(mysql_error()); to this: $updateQry = "UPDATE plants SET password=$password2 WHERE id=$newid"; print $updateQry."\n"; mysql_query($updateQry) or DIE(mysql_error()); Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 20, 2008 Author Share Posted February 20, 2008 Yeah I did change to what you had said and when I logged in I get the "password doesnt match location" error that I created. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.