|
PHP - Update Password Script
I have a script to let the user update their password, when I submit it i get a 500 error and I'm not sure.
Here is the code: If (isset($_POST['update-password'])) { //This makes sure they did not leave any fields blank if (!$_POST['oldpw'] || !$_POST['pass'] || !$_POST['pass2'] ) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "You did not complete all of the required fields"; $error .="</span>"; setcookie('Errors', $error, time()+20); header('Location /useredit.php'); exit; } // checks if the password is correct $pass = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $pass = addslashes($pass); } $check = mysql_real_escape_string("SELECT * FROM YBK_Login WHERE pass = '{$pass}'"); mysql_query($check) or die( 'Query string: ' . $check . '<br />Produced an error: ' . mysql_error() . '<br />' ); // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= 'Your passwords did not match.'; $error .="</span>"; setcookie('Errors', $error, time()+20); header('Location: /useredit.php'); exit; } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['pass2'] = addslashes($_POST['pass2']); } // now we insert it into the database mysql_real_escape_string($insert = "UPDATE `YBK_Login` SET `pass` = '{$_POST['pass']}', `HR` = '{$_POST['pass2']}', `comment` = '{$_POST['oldpw']}' WHERE `ID` = {$_COOKIE['UID_WatsonN']}"); mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "<p>Thank you, your password has been updated.</p>"; $error .="</span>"; setcookie('Errors', $error, time()+20); header('Location: /useredit.php'); exit; } Similar TutorialsHello I have this script that I have been getting support on on other forums and I would really love some help. What this script does is reset your password to a randomly generated one, but for security it asks you a secret question that you have to answer correctly, for it to generate a random password, update that password into the database table and then email you it. Everything works, like the security question part, finding the email works, and sending the email works. But the only part that doesnt work is the updating the table with the randomly generated password. Here is the code. <?php function checkUNEmail($uname,$email) { global $mySQL; $userID = 'X'; $error = array('status'=>false,'userID'=>0); if (isset($email) && trim($email) != '') { //email was entered if ($SQL = $mySQL->prepare("SELECT `ID` FROM `users` WHERE `Email` = ? LIMIT 1")) { $SQL->bind_param('s',trim($email)); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->bind_result($userID); $SQL->fetch(); $SQL->close(); if ($numRows >= 1) return array('status'=>true,'userID'=>$userID); } else { return $error; } } elseif (isset($uname) && trim($uname) != '') { //username was entered if ($SQL = $mySQL->prepare("SELECT `ID` FROM users WHERE Username = ? LIMIT 1")) { $SQL->bind_param('s',trim($uname)); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->bind_result($userID); $SQL->fetch(); $SQL->close(); if ($numRows >= 1) return array('status'=>true,'userID'=>$userID); } else { return $error; } } else { //nothing was entered; return $error; } } function getSecurityQuestion($userID) { global $mySQL; $questions = array(); $questions[0] = "What is your mother's maiden name?"; $questions[1] = "What city were you born in?"; $questions[2] = "What is your favorite color?"; $questions[3] = "What year did you graduate from High School?"; $questions[4] = "What was the name of your first boyfriend/girlfriend?"; $questions[5] = "What is your favorite model of car?"; if ($SQL = $mySQL->prepare("SELECT `secQ` FROM `users` WHERE `ID` = ? LIMIT 1")) { $SQL->bind_param('i',$userID); $SQL->execute(); $SQL->store_result(); $SQL->bind_result($secQ); $SQL->fetch(); $SQL->close(); return $questions[$secQ]; } else { return false; } } function checkSecAnswer($userID,$answer) { global $mySQL; if ($SQL = $mySQL->prepare("SELECT `Username` FROM `users` WHERE `ID` = ? AND LOWER(`secA`) = ? LIMIT 1")) { $answer = strtolower($answer); $SQL->bind_param('is',$userID,$answer); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->close(); if ($numRows >= 1) { return true; } } else { return false; } } function sendPasswordEmail($userID) { global $mySQL; changePassword($userID); if ($SQL = $mySQL->prepare("SELECT `Username`,`Email`,`Password` FROM `users` WHERE `ID` = ? LIMIT 1")) { $SQL->bind_param('i',$userID); $SQL->execute(); $SQL->store_result(); $SQL->bind_result($uname,$email,$password); $SQL->fetch(); $SQL->close(); $message = "Dear $uname,\r\n"; $message .= "Here is your requested lost password for your account at our site:\r\n"; $message .= "-----------------------\r\n"; $message .= "$password\r\n"; $message .= "-----------------------\r\n"; $message .= "Our login page: <a href=\"login.php\">http://www.oursite.com/login.php</a>\r\n\r\n"; $message .= "Thanks,\r\n"; $message .= "-- Our site team"; $headers .= "From: Our Site <webmaster@oursite.com> \n"; $headers .= "To-Sender: \n"; $headers .= "X-Mailer: PHP\n"; // mailer $headers .= "Reply-To: webmaster@oursite.com\n"; // Reply address $headers .= "Return-Path: webmaster@oursite.com\n"; //Return Path for errors $headers .= "Content-Type: text/html; charset=iso-8859-1"; //Enc-type $subject = "Your Lost Password"; @mail($email,$subject,$message,$headers); return str_replace("\r\n","<br/ >",$message); } } function genRandomString() { $length = 10; $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $string = ''; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } function changePassword($userID){ global $mySQL; $password = genRandomString(); $SQL = $mySQL->prepare('UPDATE `users` SET `Password`="'.$password.'" WHERE `ID`="?" LIMIT 1'); $SQL->bind_param('s',$password); $SQL->bind_param('i',$userID); $SQL->execute(); return $password; } ?> The last 2 functions in the code are where the passwords are supposed to get changed and updated in the table, but it doesn't work... Can anyone help me out please Good morning. I am looking fo some help with an update script to update all rows in a table. This is what I have for a form and all looks well. form.php <?php // run the query and put the results in an array variable called $result $result = mysql_query("SELECT * FROM table ORDER BY 'id', 'title', 'text', 'number'"); print "<form method='post' action='update.php'> <table width='100%' border='0' cellspacing='1' cellpadding='1'><tr> <td align='center'><strong>ID</strong></td> <td align='center'><strong>Title</strong></td> <td align='center'><strong>text</strong></td> <td align='center'><strong>Number</strong></td> </tr>\n"; // start a loop to print all of the courses with their book information // the mysql_fetch_array function puts each record into an array. each time it is called, it moves the array counter up until there are no more records left while ($Update = mysql_fetch_array($result)) { // start displaying the info; the most important part is to make the name an array (notice bookinfo[$i]) print "<td align='center'><p>{$Update['id']}</p></td>\n"; print "<td align='center'><input type='text' name='title' value='{$Update['title']}' /></td>"; print "<td align='center'><input type='text' size='40' name='text' value='{$Update['text']}' /></td>\n"; print "<td align='center'><input type='text' size='40' name='number' value='{$Update['number']}' /></td>\n"; print "</tr>\n"; // add 1 to the count, close the loop, close the form, and the mysql connection } print "<tr> <td colspan='4' align='center'><input type='submit' value='submit' />"; print "</td> </tr> </table> </td> </tr> </form> </table>"; print "</tr>\n"; ?><br /><br /> My question is. How do I update this info into the database with the proper info. ie. Update.php? Hi i have this upload script which works fine it uploads image to a specified folder and sends the the details to the database. but now i am trying to instead make a modify script which is Update set so i tried to change insert to update but didnt work can someone help me out please this my insert image script which works fine but want to change to modify instead Code: [Select] <?php mysql_connect("localhost", "root", "") or die(mysql_error()) ; mysql_select_db("upload") or die(mysql_error()) ; // my file the name of the input area on the form type is the extension of the file //echo $_FILES["myfile"]["type"]; //myfile is the name of the input area on the form $name = $_FILES["image"] ["name"]; // name of the file $type = $_FILES["image"]["type"]; //type of the file $size = $_FILES["image"]["size"]; //the size of the file $temp = $_FILES["image"]["tmp_name"];//temporary file location when click upload it temporary stores on the computer and gives it a temporary name $error =array(); // this an empty array where you can then call on all of the error messages $allowed_exts = array('jpg', 'jpeg', 'png', 'gif'); // array with the following extension name values $image_type = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif'); // array with the following image type values $location = 'images/'; //location of the file or directory where the file will be stored $appendic_name = "news".$name;//this append the word [news] before the name so the image would be news[nameofimage].gif // substr counts the number of carachters and then you the specify how how many you letters you want to cut off from the beginning of the word example drivers.jpg it would cut off dri, and would display vers.jpg //echo $extension = substr($name, 3); //using both substr and strpos, strpos it will delete anything before the dot in this case it finds the dot on the $name file deletes and + 1 says read after the last letter you delete because you want to display the letters after the dot. if remove the +1 it will display .gif which what we want is just gif $extension = strtolower(substr($name, strpos ($name, '.') +1));//strlower turn the extension non capital in case extension is capital example JPG will strtolower will make jpg // another way of doing is with explode // $image_ext strtolower(end(explode('.',$name))); will explode from where you want in this case from the dot adn end will display from the end after the explode $myfile = $_POST["myfile"]; if (isset($image)) // if you choose a file name do the if bellow { // if extension is not equal to any of the variables in the array $allowed_exts error appears if(in_array($extension, $allowed_exts) === false ) { $error[] = 'Extension not allowed! gif, jpg, jpeg, png only<br />'; // if no errror read next if line } // if file type is not equal to any of the variables in array $image_type error appears if(in_array($type, $image_type) === false) { $error[] = 'Type of file not allowed! only images allowed<br />'; } // if file bigger than the number bellow error message if($size > 2097152) { $error[] = 'File size must be under 2MB!'; } // check if folder exist in the server if(!file_exists ($location)) { $error[] = 'No directory ' . $location. ' on the server Please create a folder ' .$location; } } // if no error found do the move upload function if (empty($error)){ if (move_uploaded_file($temp, $location .$appendic_name)) { // insert data into database first are the field name teh values are the variables you want to insert into those fields appendic is the new name of the image mysql_query("INSERT INTO image (myfile ,image) VALUES ('$myfile', '$appendic_name')") ; exit(); } } else { foreach ($error as $error) { echo $error; } } //echo $type; ?> here is my change password script (This is being done by the admin)
<?php
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
require 'connect.php';
if(isset($_POST['change'])) {
$newp = trim($_POST['npass']);
$confp = trim($_POST['cpass']);
if(empty(trim($newp))) {
echo "<h3><center>You did not enter a new password!</center></h3>";
exit();
} if(empty(trim($confp))) {
echo "<h3><center>You must confirm the password!</center></h3>";
exit();
} if($confp !== $newp) {
echo "Passwords do not match!, try again.";
} else {
$sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '";
echo " ".$row['username']."\s password has been reset! ";
}
}
?>
<html><title> Change password </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head>
<body>
<div id="form">
<form action='' method='POST'>
<h2><b><center>Change Password</center></b></h2><br>
<tr>
<td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br>
<td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br>
<td><input type="submit" name="change" value="Change!" /></td>
</tr>
</form>
</div><!-- end of form div -->
</body>
</html>
I'm getting
Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30 Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32And it say's \s password has been reset!It's saying that the variable row is undefined, it's defined in my edit user / select user page
<?php
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
session_start();
require 'connect.php';
echo "<title> Edit a user </title>";
$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
echo "<div id='l'><tr><td>{$row['username']}</td> |
<td><a href='editUser.php?id={$row['id']}'>Edit User</a> |</td>
<td><a href='changepassword.php?id={$row['id']}'>Change Password</a> |</td>
<td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br>
</tr></div>\n";
}
?>
Also it doesn't actually UPDATE the password.
This works up until if (email == email2){ What is wrong? Is it a problem with the queries? if(isset($_SESSION['rest']) || isset($_SESSION['chef'])){ header('Location:index.php');} if (isset($_POST['submit'])) { $errors = array(); // VALIDATION SCRIPT HERE $newpass = generatepassword(); $link = mysql_connect("****","*****","******") or die ("Could not connect!"); mysql_select_db("****"); $query = "SELECT `username`, `type` FROM `users` WHERE `username`='$username'"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) {$type = $row['type'];} $numrows = mysql_num_rows($result); if ($numrows!=1){ $errors[] = 'Username not Found (Usernames are case sensitive)';} if($email == '' || $username == ''){ $errors[] = 'Please Fill in all Fields';} if (empty($errors)){ if ($type = 1){ $res1 = mysql_query("SELECT `username`,`email` FROM `rests` WHERE `username`='$username'"); while($row1 = mysql_fetch_array($res1)) {$email2 = $row1['email'];} }else{ $res2 = mysql_query("SELECT `username`,`email` FROM `chefs` WHERE `username`='$username'"); while($row2 = mysql_fetch_array($res2)) {$email2 = $row2['email'];} if ($email2 == $email) { echo $newpass; mysql_query("UPDATE `users` SET `password` = '$newpass' WHERE `username`='$username'"); //SEND EMAIL $my_email = 'enquiries@bakerdesigns.co.uk'; $email_from = 'Chef Match'; $email_subject = "Your New Password :: Chef Match"; $message = "Your new password is $newpass<br>You may change this via your control panel later."; $referer = $_SERVER['HTTP_REFERER']; $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"]; if ($referer != $this_url) { echo "You do not have permission to use this script from another URL."; exit; } $from = "From: $email2\r\n"; mail($email2, $email_subject, $message, $from); $thanks = 'An email has been sent to $email2 containing your new password. Please check your junk folder.'; }} }else{$errors[] = 'Email did not match Username'; $thanks = 'Email could not be sent.';} } Okay I am a beginner and haven't coded in months. I am trying to find a tutorial or help figuring out how to build a lost password script for user log-in system I built a while ago. Can anyone help with either something that works that I can learn from, a tutorial somewhere? thanks Tim Hi, I'm very new to PHP. I've been working on this code for password recovery for a week and I'm pretty close, but I'm having problems understanding why I keep getting the: "Can not send password to your email address". I know for certain that it has found the email in the table, but why is it still having problems sending? There are no other error messages thrown. Code: [Select] function frm_lostpass() { global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo; if(isset($_GET['check']) and trim($_GET['check'])=='ok') { $email = $In->get('email',0,''); $sql_check ="SELECT Count(m.Email) AS numrows FROM tbl_member AS m\n" ."WHERE m.Email = '$email'\n"; $numrow=$db->sql_get_first($sql_check); if($numrow['numrows']!=1) { return "<center>Email not found !</center>"; } else { global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo; // value sent from form $email_to=$_POST['email_to']; // retrieve password from table where e-mail = $email_to $sql ="SELECT m.Password FROM tbl_member AS m\n" ."WHERE m.Email = '$email'\n"; $result=mysql_query($sql); // if found this e-mail address, row must be 1 row // keep value in variable name "$count" $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email_to; // Your subject $subject="Your password here"; // From $header="example@example.com"; // Your message $messages= "Your password for login to our website \r\n"; $messages.="Your password is $your_password \r\n"; $messages.="more message... \r\n"; // send email $sentmail = mail($to,$subject,$messages,$header); } // else if $count not equal 1 else { return "That email address is not found in our database"; } // if your email succesfully sent if($sentmail){ return "  Your Password Has Been Sent To Your Email Address."; } else { return "  Cannot send password to your e-mail address"; } } } else { $skn ->set_file( 'lost_pass', 'member/frm_lostpass.html' ); return $skn -> output('lost_pass'); } } I've never actually done a username password, retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW? thanks! I'm having a little issue with this script. It's returning: "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89" (Line 89 is: $num_rows1 = mysql_num_rows($result1) and "New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance." I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why? I also checked what is returned in the $result1 variable and it's the number 1. Code: [Select] elseif($_GET['forgot']=="password"){ function &generatePassword($length=9, $strength=0) { $vowels = 'aeiuy'; $consonants = 'bcdfghjkmnpqrstwz'; if ($strength & 1) { $consonants .= 'BCDFGJLMNPQRSTVXZ'; } if ($strength & 2) { $vowels .= "AEIUY"; } if ($strength & 4) { $consonants .= '23456789'; } if ($strength & 8) { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; } $new_password =& generatePassword(); $username=$_POST['username']; $sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if($num_rows==1){ $sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1 = mysql_affected_rows($result1); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ $content.='New password could not be generated. If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.'; } } else{ header("Location: ./index.php?forgot&e=1"); } } Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code : <?php session_start(); include "connection.php"; //include_once('header1.php'); $msg=""; if($_SERVER['REQUEST_METHOD']=='POST' && empty($_POST['username']) || empty($_POST['password']) || empty($_POST['newpass']) || empty($_POST['newpassconfirm']) ) { $msg="empty fields"; } { $user=$_POST['username']; $pass=$_POST['password']; $newpass=$_POST['newpass']; $confirmpass=$_POST['newpassconfirm']; $result=mysql_query("SELECT password FROM user WHERE username='$user'"); if(!$result) { $msg="The Username You Entered Does not Exist"; } elseif($pass!= mysql_result($result,0)) { echo $msg="You Entered An Incorrect Password"; } if($newpass != $confirmpass) { $msg = "Passwords do not match"; } elseif($newpass=$confirmpass) $sql=mysql_query("update user set password='$newpass' where username ='$user'"); if($sql) { echo "Congrats you have successfully changed your password."; } header('refresh:3 databases.php'); } { ?> <html> <body> <?php echo $msg ; ?> <form class="changepass" action="changepass.php" method="POST"><P> <table><tr><td> Enter ur username :</td> <td> <input type="text" name="username" /></td></tr> <tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr> <tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr> <tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr> <tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr> </table> </form> </body> </html> <?php }?> Hi. I have made a login script, but I would wan't to encrypt the password. I followed a tutorial and got this: login.php <?php $password = "secret"; echo $password; /* displays secret */ $password = sha1($password); echo $password; /* displays e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 */ ?> <form action="validate.php" method="post"> <label for="username">Username</label> <input type="text" name="username" id="username" /> <br /> <label for="password">Password</label> <input type="password" name="password" id="password" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> <?php ?> validate.php <?php include "setup.php"; /* get the incoming ID and password hash */ $username=$_POST['username']; $password=$_POST['password']; $password=md5($password); // Encrypted Password /* establish a connection with the database */ $server = mysql_connect("$db_host", "$db_username","$db_password"); if (!$server) die(mysql_error()); mysql_select_db("$database"); /* SQL statement to query the database */ $query = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'"; /* query the database */ $result = mysql_query($query); /* Allow access if a matching record was found, else deny access. */ if (mysql_fetch_row($result)) echo "Access Granted: Welcome, $username!"; else echo "Access Denied: Invalid Credentials."; mysql_close($server); ?> Its the line $password=md5($password); // Encrypted Password that messes everything up. If I delete it and login, everything is fine, if I add it it says Code: [Select] Access Denied: Invalid Credentials I need help with this one! And if someone have time, give me some ideas how to make PHP scripts safer! Regards Worqy I am needing help designing password recover script. This script must include a password recovery script. I am needing for the person to reset there password, need to first answer a form named: Your Email. If the email is found, it goes to another form that asks for the secret answer. Then it goes to a form that asks the answer of there secret question that they entered when they first signed up. If the answer is correct it updates the database table value of the password with a random string generated with: abcdefghijklmnopqrstuvwxyz023456789 And it also, sends that password to the email provided. What I am wanting to know, is how would the code with the if statements would be structured like and the column types and names. Or if anyone has ever created something like this, and would be glad to post a snippet of there code would be great.
<?php
if (isset($_POST['reset-submit'])) {
$selector = $_POST['selector'];
$validator = $_POST['validator'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
// probably better to check this earlier
if (empty($password) || empty($password2)) {
header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator");
} elseif ($password !== $password2) {
header("Location: ../create-new-password.php?newpassword=passwordsnotmatch");
}
$currentDate = date("U");
require "dbh.inc.php";
$sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error 1";
exit();
} else {
mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo 'You need to re-submit your reset request.';
exit();
} else {
$tokenBin = hex2bin($validator);
$tokenCheck = password_verify($tokenBin, $row['token']);
if (!$tokenCheck) {
echo 'You need to re-submit your reset request.';
exit();
} else {
$email = $row['email'];
$sql = "SELECT * FROM users WHERE email = $email";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error 2";
exit();
} else {
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo "SQL error 3";
exit();
} else {
$sql = "UPDATE users SET password=? WHERE email=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error4 ";
exit();
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email);
mysqli_stmt_execute($stmt);
$sql = 'DELETE FROM reset_password WHERE email=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo 'SQL error5';
exit();
} else {
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpassword=updated");
}
}
}
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
header('Location: ../reset-password.php?reset=success');
} else {
header('Location: ../index.php');
}
I always get this errors:
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26
But i dont find the mistake in the Code. Can someone help me please This is my registering script: <?php include('connectvars.php'); $user_email = strip_tags(trim($_POST['email'])); $firstname = strip_tags(trim($_POST['firstname'])); $lastname = strip_tags(trim($_POST['lastname'])); $nickname = strip_tags(trim($_POST['nickname'])); $password = strip_tags($_POST['password']); $repassword = strip_tags($_POST['repassword']); $dob = $_POST['dob']; $find_us_question = strip_tags(trim($_POST['find_us_question'])); if (isset($_POST['submit_signup'])) { if ((empty($user_email)) || (empty($firstname)) || (empty($lastname)) || (empty($nickname)) || (empty($password)) || (empty($dob))) { echo "Please fill out all the fields!"; } else { // check char length of input data if (($nickname > 30) || ($firstname > 30) || ($lastname > 30) || ($user_email > 50)) { echo "Your nickname, first- and/or lastname seem to be too long, please make sure you have them below the maximum allowed length of 30 characters!"; } else { // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { // encrypt password $password = sha1($password); $repassword = sha1($repassword); if ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $query = sprintf("INSERT INTO user (firstname, lastname, nickname, password, email, dob, doj) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', now())", mysqli_real_escape_string($dbc, $firstname), mysqli_real_escape_string($dbc, $lastname), mysqli_real_escape_string($dbc, $nickname), mysqli_real_escape_string($dbc, $password), mysqli_real_escape_string($dbc, $user_email), $dob); mysqli_query($dbc, $query); mysqli_close($dbc); echo "You have been successfully registered!"; } } } } } ?> A bunch of nested if statements, the read-ability gets worse after a while, I'm new to programming so I don't know if there's a better more read-able solution. Anyway, every time I try to sign up it's printing out the echo message: "Your password must be between 6 and 25 characters!" Which derives from: // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { EVEN if I stay between 6 and 25 characters it's still printing out this error message, let's say I have a password of 8 characters, and I've entered everything else correctly, it's still giving me all the time this error message, and I can not figure out why. Please could some1 just point out why this php code is not updating the my-sql db? It displays the content of the db but does not update accordingly.. Code: [Select] <?php include("cn.php"); //$username=$_GET['username']; if (!@$_SESSION['username']){ header("location:Not_Logged.php"); } if (isset($_POST['update'])) { $update=$_GET['update'];} else {$update=0;} if ($update = "1") { $username=$_GET['username']; $id=$_GET['id']; $username=$_POST['username']; $password=$_POST['password']; $select="select * from users where username='$_SESSION[username]'"; $rs_cat=mysqli_query($con,$select); $row=mysqli_fetch_array($rs_cat); $username=$row['username']; $password=$row['password']; $update="UPDATE users SET username='$username', password='$password' where id='$id'"; $ur=mysqli_query($con,$update) or die (mysql_error()); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>UPDATE</title> </head> <body> <?php //echo $_SESSION['username'];?> <table align="center" > <form name="login" action="" method="post"/> <tr> <td> <th scope="col"><strong>UPDATE</strong></th> </td> </tr> <tr> <td> USERNAME <th scope="col"><input name="username" type="text" value="<?php echo ("$row[username]");?>"/></th> </td> </tr> <tr> <td> PASSWORD <th scope="col"><input name="password" type="password" value="<?php echo ("$row[password]");?>" /></th> </td> </tr> <tr> <td> <th scope="col"><input name="update" type="submit" value="UPDATE" /></th> </td> </tr> <tr> <td> <th scope="col"><input name="id" type="hidden" value="<?php echo $row[id];?>" /></th> </td> </form> </table> </body> </html> Any sharp locator would be appreciated... Hi
i've got a script to migrate some tables.
This is most of it.. just missing the db connection (not needed here)
$link = mysql_connect($host,$user,$pass) or die(mysql_error());
mysql_selectdb($db,$link) or die(mysql_error());
$ag_forums_to_kunena_categories = array();
mysql_query("TRUNCATE bzhv8_kunena_messages");
mysql_query("TRUNCATE bzhv8_kunena_messages_text");
$sql = "
SELECT
p.id AS messages_id,
u.name AS messages_name,
a.jos_id AS messages_userid,
p.message AS messages_text_message,
p.posted AS messages_time,
p.edited AS messages_modified_time,
p.edited_by AS messages_modified_by,
p.topic_id AS messages_thread,
t.forum_id AS messages_catid
FROM jos_agora_posts AS p
LEFT JOIN jos_agora_users AS a ON a.username = p.poster
LEFT JOIN jos_agora_topics AS t ON t.id = p.topic_id
LEFT JOIN bzhv8_users AS u ON u.id = a.jos_id
ORDER BY p.id ASC
";
$res = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_object($res))
{
echo $row->messages_id;
//echo "<br />";
//echo $row->messages_name;
//echo "<br />";
//echo $row->messages_userid;
//echo "<br />";
//echo $row->messages_text_message;
//echo "<br />";
//echo $row->messages_time;
//echo "<br />";
//echo $row->messages_modified_time;
//echo "<br />";
//echo $row->messages_modified_by;
//echo "<br />";
//echo $row->messages_thread;
//echo "<br />";
//echo $row->messages_catid;
//echo "<br />";
//if($row->messages_userid == '')
//echo "userid er nul";
//{
// $row->messages_userid = 0;
//}
$cat_id = $ag_forums_to_kunena_categories[$row->messages_catid];
if ($cat_id != 0)
{
echo $cat_id;
echo "kategori id";
echo "<br />";
echo "lige før den skal indsætte";
$sql = "INSERT INTO `bzhv8_kunena_messages` VALUES (".$row->messages_id.", 0, ".$row->messages_thread.", ".$cat_id.", '".$row->messages_name."', ".$row->messages_userid.", '', '', ".$row->messages_time.", NULL, 0, 0, 0, 0, 0, 0, 0, 0, '')";
echo "her bør den køre sql(1)";
$sql2 = "INSERT INTO `bzhv8_kunena_messages_text` VALUES (".$row->messages_id.", '".mysql_escape_string($row->messages_text_message)."')";
echo $sql;
echo "lige efter anden insert echo sql";
echo "<br />";
echo $sql2;
echo "<br />";
echo "her skulle den vise anden insert";
mysql_query($sql) or die(mysql_error());
mysql_query($sql2) or die(mysql_error());
}
else
{
}
}
mysql_close();
But something is not working..
first.. ignore the echo's of course.. just me trying to debug.. same with the else statement...
from what I can tell.. and my php knowledge is non-existant.. this part:
$cat_id = $ag_forums_to_kunena_categories[$row->messages_catid];
it what's causing the problem.. it appears that the $cat_id is not getting any data..
if copy the sql line and run it against my database via phpmyadmin then it works as it should.. but well.. something isn't right..
there are some other stuff in the script that does the same as the above.. but with different tables and they work just fine..
example:
mysql_query("TRUNCATE bzhv8_kunena_topics");
$sql = "
SELECT
t.id AS topic_id,
t.poster AS topic_poster,
t.subject AS topic_subject,
t.posted AS topic_first_post_time,
t.last_post AS topic_last_post_time,
t.last_post_id AS topic_last_post_id,
t.last_poster AS topic_last_poster,
t.num_views AS topic_hits,
t.num_replies AS topic_posts,
t.closed AS topic_locked,
t.sticky AS topic_hold,
t.moved_to AS topic_moved_id,
t.forum_id AS topic_category_id,
t.question AS topic_poll_id,
p.id AS topic_first_post_id,
p.posted AS topic_first_post_time,
a.jos_id AS topic_first_post_userid,
p.message AS topic_first_post_message
FROM jos_agora_topics AS t
LEFT JOIN jos_agora_users AS a ON a.username = t.poster
LEFT JOIN jos_agora_posts AS p ON t.posted = p.posted
ORDER BY t.id ASC
";
$res = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_object($res))
{
echo $row->topic_id;
echo "<br />";
if($row->topic_first_post_userid == '')
{
$row->topic_first_post_userid = 0;
}
$cat_id = $ag_forums_to_kunena_categories[$row->topic_category_id];
echo $cat_id;
echo "<br />";
$sql = "INSERT INTO `bzhv8_kunena_topics` VALUES (".$row->topic_id.", ".$cat_id.", '".mysql_escape_string($row->topic_subject)."', 0, ".$row->topic_locked.", ".$row->topic_hold.", 0, ".$row->topic_posts.", ".$row->topic_hits.", 0, 0, 0, ".$row->topic_first_post_id.", ".$row->topic_first_post_time.", ".$row->topic_first_post_userid.", '".mysql_escape_string($row->topic_first_post_message)."', NULL, ".$row->topic_last_post_id.", ".$row->topic_last_post_time.", 0, NULL, NULL, '')";
echo $sql;
echo "<br />";
mysql_query($sql) or die(mysql_error());
}
the above works fine..
Can someone take a look and give a hint or 2.. or just point at whatever the solution is :-)
I plan to be releasing some scripts and will update the version of the script on my website. Users will be able to download the script and run it on there website. The latest version will be checked by checking my website and compared with the version of the user's script to see if its out of date. I can't get it to work correctly. On http://www.phpfusionmods.com/updates/check.php I have the latest version set to 1.4. In the script the version is set at 1.3 so its obviously out of date. However, its showing that its up to date. Please offer your support. My script is below. <?php $version = "1.3"; function new_version() { $url = "http://www.phpfusionmods.com/updates/check.php"; $url_p = @parse_url($url); $host = $url_p['host']; $port = isset($url_p['port']) ? $url_p['port'] : 80; $fp = @fsockopen($url_p['host'], $port, $errno, $errstr, 5); if (!$fp) return false; @fputs($fp, 'GET ' . $url_p['path'] . ' HTTP/1.1' . chr(10)); @fputs($fp, 'HOST: ' . $url_p['host'] . chr(10)); @fputs($fp, 'Connection: close' . chr(10) . chr(10)); $response = @fgets($fp, 1024); $content = @fread($fp, 1024); $content = preg_replace("#(.*?)text/plain(.*?)$#is", "$2", $content); @fclose($fp); if (preg_match("#404#", $response)) return "Timeout"; else return trim(str_replace("X-Pad: avoid browser bug", "", $content)); } $newversion = str_replace("X-Pad: avoid browser bug", "", new_version()); $new_version = $newversion != "Timeout" && intval(str_replace(".", "", $newversion)) > intval(str_replace(".", "", $version)) ? true : false; if ($new_version) { echo "Download the latest version <a href='http://www.phpfusionmods.com/' target='_blank'>here</a>. <b>v" . str_replace("X-Pad: avoid browser bug", "", $newversion) . "</b>"; } elseif ($newversion == "Timeout") { echo "PHPFusionMods.com has timed out. Check for updates <a href='http://www.phpfusionmods.com/' target='_blank'>here</a>."; } else { echo ("You have the latest version"); } ?> Having trouble with this upload script, it grabs and displays the content from the database fine. It won't however update the database although the code is throwing up no errors; this is the script that displays the content Code: [Select] ############### Code <?php include("includes/connection.php"); $sql="SELECT * FROM mot"; $result=mysql_query($sql); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <td> <table width="400" border="1" cellspacing="0" cellpadding="3"> <tr> <td colspan="4"><strong>List data from mysql </strong> </td> </tr> <tr> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> <td align="center"><strong>Update</strong></td> </tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td><? echo $rows['header']; ?></td> <td><? echo $rows['content']; ?></td> // link to update.php and send value of id <td align="center"><a href="update_content.php?id=<? echo $rows['id']; ?>">update</a></td> </tr> <?php } ?> </table> </td> </tr> </table> this next bit of code is the code that user updates the content; Code: [Select] <?php include("includes/connection.php"); $id=$_GET['id']; $sql="SELECT * FROM mot WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <form name="form1" method="post" action="update_ac.php"> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td> </td> <td colspan="3"><strong>Update data in mysql</strong> </td> </tr> <tr> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> </tr> <tr> <td align="center"> </td> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> </tr> <tr> <td> </td> <td align="center"><input name="name" type="text" id="name" value="<? echo $rows['header']; ?>"></td> <td align="center"><input name="lastname" type="text" id="lastname" value="<? echo $rows['content']; ?>" size="15"></td> </tr> <tr> <td> </td> <td><input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>"></td> <td align="center"><input type="submit" name="Submit" value="Submit"></td> <td> </td> </tr> </table> </td> </form> </tr> </table> this final bit is the update code for the database which isnt working but not throwing up any errors Code: [Select] <?php include("includes/connection.php"); if(isset($_POST['update'])){ $id = $_GET['id']; $header = $_POST['header']; $content = $_POST['content']; $sql="UPDATE mot SET header = '$header', content = '$content' WHERE id='$id'"; $result=mysql_query($sql); if($result){ echo "Successful"; echo "<BR>"; echo "<a href='mot_edit.php'> View result</a>"; } else { echo "ERROR"; } } ?> Any help would be much appreciated I am attempting to update selected records using '$row[' elements in where clauses. I recieve message 'Record Updated but when I check data base it hasn't changed. CODE: $query = "SELECT cr_num, cr_ci_num, cr_dte, cr_flag, ci_desc, ci_authority, ce_name, ce_email, ce_phone_ext FROM c_record, c_info, c_employee WHERE cr_num = ce_num AND cr_ci_num = ci_num AND cr_dte > '{$dte60}' and cr_dte <= '{$dte90}' AND cr_flag = '00'"; $result = mysqli_query($dbc, $query) or die('ERROR querying database'); while($row = mysqli_fetch_array($result)) { $query = "UPDATE c_record SET cr_flag = '90' WHERE cr_num = '{$row[cr_num]}' AND cr_ci_num = '{$row[cr_ci_num]}'" or die('ERROR UPDATE'); echo 'Update succesfull'; echo "<br />\n" OK I have no idea why this will not update the table but here is the code I wrote. I just can't see it Code: [Select] <?php //CONNECT TO DATABASE include("sharons_dbinfo.inc.php"); mysql_connect(localhost,$user,$password); mysql_select_db($database) or die( "Unable to select database"); //OPEN THE ZIP FILE $handle = gzopen('Newegg_com-Daily_Deals_Feed.txt.gz', 'r'); //READ THE WHOLE FILE LINE BY LINE while (!gzeof($handle)) { $buffer = gzgets($handle, 4096); $buffer = str_replace("'" , "" , $buffer); $buffer = str_replace("\"" , "" , $buffer); $data = explode(",", $buffer); //SKIP THE FIRST LINE OF COLUMN NAMES if ($data[4] == "NAME"){} else{ //PUT THIS IN TO MAKE SURE IT WAS LOOKING FOR THE RIGHT RECORD print "Looking for: ". $data['4'] . " to update with new date " . $data['3']."<br>"; $item_name = $data['4']; //QUERY THE TABLE FOR PRODUCT NAME FROM ZIP FILE $query = ("SELECT * FROM `computer_memory` WHERE `NAME` = '$item_name'"); $results = mysql_query($query) or die(mysql_error()."<br /><br />".$query); $result = mysql_fetch_array($results); $num=mysql_numrows($results); //IF THE NAME EXISTS PROCEED TO UPDATE THE RECORD WITH THE NEW INFORMATION if ($num >0) { //UPDATE TABLE WITH THE NEW INFORMATION $update = ("UPDATE `computer_memory` SET `PROGRAMNAME`= '$data[0]', `PROGRAMURL`= '$data[1]', `CATALOGNAME`= '$data[2]', `LASTUPDATED`= '$data[3]', `NAME`= '$data[4]', `KEYWORDS`= '$data[5]', `DESCRIPTION`= '$data[6]', `SKU`= '$data[7]', `MANUFACTURER`= '$data[8]', `MANUFACTURERID`= '$data[9]', `UPC`= '$data[10]', `ISBN`= '$data[11]', `CURRENCY`= '$data[12]', `SALEPRICE`= '$data[13]', `PRICE`= '$data[14]', `RETAILPRICE`= '$data[15]', `FROMPRICE`= '$data[16]', `BUYURL`= '$data[17]', `IMPRESSIONURL`= '$data[18]', `IMAGEURL`= '$data[19]', `ADVERTISERCATEGORY`= '$data[20]', `THIRDPARTYID`= '$data[21]', `THIRDPARTYCATEGORY`= '$data[22]', `AUTHOR`= '$data[23]', `ARTIST`= '$data[24]', `TITLE`= '$data[25]', `PUBLISHER`= '$data[26]', `LABEL`= '$data[27]', `FORMAT`= '$data[28]', `SPECIAL`= '$data[29]', `GIFT`= '$data[30]', `PROMOTIONALTEXT`= '$data[31]', `STARTDATE`= '$data[32]', `ENDDATE`= '$data[33]', `OFFLINE`= '$data[34]', `ONLINE`= '$data[35]', `INSTOCK`= '$data[36]', `CONDITION`= '$data[37]', `WARRANTY`= '$data[38]', `STANDARDSHIPPINGCOST`= '$data[39]' WHERE `ID`= '$id'"); mysql_query($update) or die(mysql_error()."<br /><br />".$update); //if ($update){print "UPDATED ".$result['ID'];} }else{ //IF THE NAME DID NOT EXIST INSERT A NEW RECORD INTO THE TABLE $import="INSERT into computer_memory (`ID`,`PROGRAMNAME`,`PROGRAMURL`,`CATALOGNAME`,`LASTUPDATED`,`NAME`,`KEYWORDS`,`DESCRIPTION`,`SKU`,`MANUFACTURER`,`MANUFACTURERID`,`UPC`,`ISBN`,`CURRENCY`,`SALEPRICE`,`PRICE`,`RETAILPRICE`,`FROMPRICE`,`BUYURL`,`IMPRESSIONURL`,`IMAGEURL`,`ADVERTISERCATEGORY`,`THIRDPARTYID`,`THIRDPARTYCATEGORY`,`AUTHOR`,`ARTIST`,`TITLE`,`PUBLISHER`,`LABEL`,`FORMAT`,`SPECIAL`,`GIFT`,`PROMOTIONALTEXT`,`STARTDATE`,`ENDDATE`,`OFFLINE`,`ONLINE`,`INSTOCK`,`CONDITION`,`WARRANTY`,`STANDARDSHIPPINGCOST`) values('','$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]','$data[10]','$data[11]','$data[12]','$data[13]','$data[14]','$data[15]','$data[16]','$data[17]','$data[18]','$data[19]','$data[20]','$data[21]','$data[22]','$data[23]','$data[24]','$data[25]','$data[26]','$data[27]','$data[28]','$data[29]','$data[30]','$data[31]','$data[32]','$data[33]','$data[34]','$data[35]','$data[36]','$data[37]','$data[38]','$data[39]')"; mysql_query($import) or die(mysql_error()); } } } gzclose($handle); ?> I hope someone can see what I can't Thanks everyone |
|||||||