aebstract Posted March 7, 2008 Share Posted March 7, 2008 I got a script that resets every user's password in a db. In my db I have a plants table, and each plant has several users, which I have a users table for. Now everything seems to work. If I run my reset script, it creates a new pw for every user.. here is the weird part. I'm trying to log in to a plant that has two users, I can login as one but not the other. Returns a false password (no results returned from db). Now if I get the md5 of something random, like let's say "pencil" and insert it manually in to my db as the user that I couldn't log in as.. it then lets me with that new password. However, I can no longer log in as the first user that was working..? reset: <?php include "connect/todb.php"; function makePass () { $length = 6; $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; for($i = 0;$i < $length;$i++) $password .= substr($possible, mt_rand(0, strlen($possible)-1), 1); return $password; } $color1 = "#dddddd"; $color2 = "#c0c0c0"; $row_count = 0; echo "<table bgcolor=\"#000000\" cellpadding=\"5\" cellspacing=\"1\">"; $result = mysql_query("SELECT * FROM plants ORDER BY plantloc ASC") or DIE(mysql_error()); while($r=mysql_fetch_array($result)){ $id=$r["id"]; $plantloc=$r["plantloc"]; $results = mysql_query("SELECT * FROM users WHERE plant = '$id'") or DIE(mysql_error()); while($s=mysql_fetch_array($results)){ $user_id=$s["user_id"]; $plant=$s["plant"]; $email=$s["email"]; $password = makePass(); $password2 = md5($password); mysql_query("UPDATE users SET password='$password2' WHERE plant=$id LIMIT 1") or DIE(mysql_error()); $row_color = ($row_count % 2) ? $color1 : $color2; echo "<tr height=20><td bgcolor=\"$row_color\">$plantloc</td><td bgcolor=\"$row_color\">$password</td><td bgcolor=\"$row_color\">$email</td></tr>"; $row_count++; } } echo "</table>"; ?> login: <?php if(isset($_SESSION["id"])) { header("Location: /accounthome/"); exit(); } include "connect/todb.php"; if(isset($_POST['submit'])) { if(empty($_POST['password'])) { $error .= 'You must fill in a password <br />'; } if(!strlen($error)) { $result = mysql_query("SELECT * FROM `users` WHERE `plant` = '".mysql_real_escape_string($_POST['dropdown'])."' AND `password` = '".md5($_POST['password'])."'") or die("Query error: ".mysql_error()); if(mysql_num_rows($result) == 0) { $error .= "The pasword you entered did not match the plant location you chose."; } else { $worked = mysql_fetch_array($result); $_SESSION["id"] = $worked['plant']; header("Location: /accounthome/"); exit; } } } $content .= '<center><table><tr><td><form action="/login/" method="post">Location: </td><td><select name="dropdown">'; $result = mysql_query("SELECT * FROM `plants` ORDER BY `plantloc` ASC") or DIE(mysql_error()); while($r = mysql_fetch_array($result)) { $id = $r['id']; $plantloc = $r['plantloc']; $content .= "<option value=\"{$id}\">{$plantloc}</option>\n"; } $content .= '</select></td></tr><tr><td> Password: </td><td> <input type="password" name="password" size="6" /> </td></tr><tr><td></td><td> <input type="submit" name="submit" value="login" /> </td></tr></table></center></form>'; ?> Link to comment https://forums.phpfreaks.com/topic/94886-weird-loginpw-reset-issues/ Share on other sites More sharing options...
puritania Posted March 7, 2008 Share Posted March 7, 2008 You probably can't start a new query (your update) while fetching. You have to read it first into an array and then foreach it. Another thing: Why do you mix PHP and HTML like this and don't break with its tags? Columns also should be written into backticks ` in queries. The location header is also incorrect: an absolute url is needed! PS: Sorry about the bad english Link to comment https://forums.phpfreaks.com/topic/94886-weird-loginpw-reset-issues/#findComment-486054 Share on other sites More sharing options...
aebstract Posted March 7, 2008 Author Share Posted March 7, 2008 Well I mean, it is updating every row correctly, every password is getting changed in that table.. Link to comment https://forums.phpfreaks.com/topic/94886-weird-loginpw-reset-issues/#findComment-486063 Share on other sites More sharing options...
aebstract Posted March 7, 2008 Author Share Posted March 7, 2008 Okay I did a few tests and looked at what was being set as passwords to make sure everything was working right. It seems that if we have: PLANT A user 1 - pass1 user 2 - pass2 pass1 will work for user 2 and pass2 doesn't work at all. This is as far as what is displayed out as results. If I knew what it was encrypting to, then it wouldn't be a problem (so its no the login). Whenever there is more than one user for a plant, it does something odd with the displaying what it sets? Link to comment https://forums.phpfreaks.com/topic/94886-weird-loginpw-reset-issues/#findComment-486213 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.