aebstract Posted March 7, 2008 Share Posted March 7, 2008 I got a script that resets every user's password in a db. In my db I have a plants table, and each plant has several users, which I have a users table for. Now everything seems to work. If I run my reset script, it creates a new pw for every user.. here is the weird part. I'm trying to log in to a plant that has two users, I can login as one but not the other. Returns a false password (no results returned from db). Now if I get the md5 of something random, like let's say "pencil" and insert it manually in to my db as the user that I couldn't log in as.. it then lets me with that new password. However, I can no longer log in as the first user that was working..? reset: <?php include "connect/todb.php"; function makePass () { $length = 6; $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; for($i = 0;$i < $length;$i++) $password .= substr($possible, mt_rand(0, strlen($possible)-1), 1); return $password; } $color1 = "#dddddd"; $color2 = "#c0c0c0"; $row_count = 0; echo "<table bgcolor=\"#000000\" cellpadding=\"5\" cellspacing=\"1\">"; $result = mysql_query("SELECT * FROM plants ORDER BY plantloc ASC") or DIE(mysql_error()); while($r=mysql_fetch_array($result)){ $id=$r["id"]; $plantloc=$r["plantloc"]; $results = mysql_query("SELECT * FROM users WHERE plant = '$id'") or DIE(mysql_error()); while($s=mysql_fetch_array($results)){ $user_id=$s["user_id"]; $plant=$s["plant"]; $email=$s["email"]; $password = makePass(); $password2 = md5($password); mysql_query("UPDATE users SET password='$password2' WHERE plant=$id LIMIT 1") or DIE(mysql_error()); $row_color = ($row_count % 2) ? $color1 : $color2; echo "<tr height=20><td bgcolor=\"$row_color\">$plantloc</td><td bgcolor=\"$row_color\">$password</td><td bgcolor=\"$row_color\">$email</td></tr>"; $row_count++; } } echo "</table>"; ?> login: <?php if(isset($_SESSION["id"])) { header("Location: /accounthome/"); exit(); } include "connect/todb.php"; if(isset($_POST['submit'])) { if(empty($_POST['password'])) { $error .= 'You must fill in a password <br />'; } if(!strlen($error)) { $result = mysql_query("SELECT * FROM `users` WHERE `plant` = '".mysql_real_escape_string($_POST['dropdown'])."' AND `password` = '".md5($_POST['password'])."'") or die("Query error: ".mysql_error()); if(mysql_num_rows($result) == 0) { $error .= "The pasword you entered did not match the plant location you chose."; } else { $worked = mysql_fetch_array($result); $_SESSION["id"] = $worked['plant']; header("Location: /accounthome/"); exit; } } } $content .= '<center><table><tr><td><form action="/login/" method="post">Location: </td><td><select name="dropdown">'; $result = mysql_query("SELECT * FROM `plants` ORDER BY `plantloc` ASC") or DIE(mysql_error()); while($r = mysql_fetch_array($result)) { $id = $r['id']; $plantloc = $r['plantloc']; $content .= "<option value=\"{$id}\">{$plantloc}</option>\n"; } $content .= '</select></td></tr><tr><td> Password: </td><td> <input type="password" name="password" size="6" /> </td></tr><tr><td></td><td> <input type="submit" name="submit" value="login" /> </td></tr></table></center></form>'; ?> Quote Link to comment Share on other sites More sharing options...
puritania Posted March 7, 2008 Share Posted March 7, 2008 You probably can't start a new query (your update) while fetching. You have to read it first into an array and then foreach it. Another thing: Why do you mix PHP and HTML like this and don't break with its tags? Columns also should be written into backticks ` in queries. The location header is also incorrect: an absolute url is needed! PS: Sorry about the bad english Quote Link to comment Share on other sites More sharing options...
aebstract Posted March 7, 2008 Author Share Posted March 7, 2008 Well I mean, it is updating every row correctly, every password is getting changed in that table.. Quote Link to comment Share on other sites More sharing options...
aebstract Posted March 7, 2008 Author Share Posted March 7, 2008 Okay I did a few tests and looked at what was being set as passwords to make sure everything was working right. It seems that if we have: PLANT A user 1 - pass1 user 2 - pass2 pass1 will work for user 2 and pass2 doesn't work at all. This is as far as what is displayed out as results. If I knew what it was encrypting to, then it wouldn't be a problem (so its no the login). Whenever there is more than one user for a plant, it does something odd with the displaying what it sets? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.