Jump to content

weird login/pw reset issues

aebstract

By aebstract
in PHP Coding Help

 Share

Recommended Posts

aebstract Advanced Member

aebstract

Posted
Posted

I got a script that resets every user's password in a db. In my db I have a plants table, and each plant has several users, which I have a users table for. Now everything seems to work. If I run my reset script, it creates a new pw for every user.. here is the weird part. I'm trying to log in to a plant that has two users, I can login as one but not the other. Returns a false password (no results returned from db). Now if I get the md5 of something random, like let's say "pencil" and insert it manually in to my db as the user that I couldn't log in as.. it then lets me with that new password. However, I can no longer log in as the first user that was working..?

 

reset:

<?php

include "connect/todb.php";

  function makePass () {
    $length = 6;
    $password = "";
    $possible = "0123456789bcdfghjkmnpqrstvwxyz";
    for($i = 0;$i < $length;$i++)
      $password .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
    return $password;
  }


      $color1 = "#dddddd";
      $color2 = "#c0c0c0";
   	  $row_count = 0;



  echo "<table bgcolor=\"#000000\" cellpadding=\"5\" cellspacing=\"1\">";
  $result = mysql_query("SELECT * FROM plants ORDER BY plantloc ASC") or DIE(mysql_error());
  while($r=mysql_fetch_array($result)){


    $id=$r["id"];
    $plantloc=$r["plantloc"];


$results = mysql_query("SELECT * FROM users WHERE plant = '$id'") or DIE(mysql_error());
while($s=mysql_fetch_array($results)){

  $user_id=$s["user_id"];
  $plant=$s["plant"];
  $email=$s["email"];




    $password = makePass();
    $password2 = md5($password);


    mysql_query("UPDATE users SET password='$password2' WHERE plant=$id LIMIT 1") or DIE(mysql_error());


    $row_color = ($row_count % 2) ? $color1 : $color2;


    echo "<tr height=20><td bgcolor=\"$row_color\">$plantloc</td><td bgcolor=\"$row_color\">$password</td><td bgcolor=\"$row_color\">$email</td></tr>";


$row_count++;

}


}
  echo "</table>";
?>

 

 

login:

<?php
if(isset($_SESSION["id"]))
{
  header("Location: /accounthome/");
  exit();
}

include "connect/todb.php";

if(isset($_POST['submit']))
{
  if(empty($_POST['password']))
  {
    $error .= 'You must fill in a password <br />';
  }
  if(!strlen($error))
  {
    $result = mysql_query("SELECT * FROM `users` WHERE `plant` = '".mysql_real_escape_string($_POST['dropdown'])."' AND `password` = '".md5($_POST['password'])."'")
      or die("Query error: ".mysql_error());
    if(mysql_num_rows($result) == 0)
    {
      $error .= "The pasword you entered did not match the plant location you chose.";
    }
    else
    {
      $worked = mysql_fetch_array($result);
      $_SESSION["id"] = $worked['plant'];

      header("Location: /accounthome/");
      exit;
    }
  }
}

$content .= '<center><table><tr><td><form action="/login/" method="post">Location: </td><td><select name="dropdown">';
$result = mysql_query("SELECT * FROM `plants` ORDER BY `plantloc` ASC") or DIE(mysql_error());
while($r = mysql_fetch_array($result))
{
  $id = $r['id'];
  $plantloc = $r['plantloc'];
  $content .= "<option value=\"{$id}\">{$plantloc}</option>\n";
}
$content .= '</select></td></tr><tr><td>
Password:
</td><td>
<input type="password" name="password" size="6" />
</td></tr><tr><td></td><td>
<input type="submit" name="submit" value="login" />
</td></tr></table></center></form>';
?>

Link to comment
Share on other sites
puritania Newbie

puritania

Posted
Posted

You probably can't start a new query (your update) while fetching. You have to read it first into an array and then foreach it. Another thing: Why do you mix PHP and HTML like this and don't break with its tags? Columns also should be written into backticks ` in queries. The location header is also incorrect: an absolute url is needed!

 

PS: Sorry about the bad english  ::)

Link to comment
Share on other sites
aebstract Advanced Member

aebstract

Posted
  • Author
Posted

Okay I did a few tests and looked at what was being set as passwords to make sure everything was working right. It seems that if we have:

PLANT A

user 1 - pass1

user 2 - pass2

 

pass1 will work for user 2 and pass2 doesn't work at all. This is as far as what is displayed out as results. If I knew what it was encrypting to, then it wouldn't be a problem (so its no the login). Whenever there is more than one user for a plant, it does something odd with the displaying what it sets?

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.