PHP - Trouble With Password Recovery Script
Hi,
I'm very new to PHP. I've been working on this code for password recovery for a week and I'm pretty close, but I'm having problems understanding why I keep getting the: "Can not send password to your email address". I know for certain that it has found the email in the table, but why is it still having problems sending? There are no other error messages thrown. Code: [Select] function frm_lostpass() { global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo; if(isset($_GET['check']) and trim($_GET['check'])=='ok') { $email = $In->get('email',0,''); $sql_check ="SELECT Count(m.Email) AS numrows FROM tbl_member AS m\n" ."WHERE m.Email = '$email'\n"; $numrow=$db->sql_get_first($sql_check); if($numrow['numrows']!=1) { return "<center>Email not found !</center>"; } else { global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo; // value sent from form $email_to=$_POST['email_to']; // retrieve password from table where e-mail = $email_to $sql ="SELECT m.Password FROM tbl_member AS m\n" ."WHERE m.Email = '$email'\n"; $result=mysql_query($sql); // if found this e-mail address, row must be 1 row // keep value in variable name "$count" $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email_to; // Your subject $subject="Your password here"; // From $header="example@example.com"; // Your message $messages= "Your password for login to our website \r\n"; $messages.="Your password is $your_password \r\n"; $messages.="more message... \r\n"; // send email $sentmail = mail($to,$subject,$messages,$header); } // else if $count not equal 1 else { return "That email address is not found in our database"; } // if your email succesfully sent if($sentmail){ return "  Your Password Has Been Sent To Your Email Address."; } else { return "  Cannot send password to your e-mail address"; } } } else { $skn ->set_file( 'lost_pass', 'member/frm_lostpass.html' ); return $skn -> output('lost_pass'); } } Similar TutorialsI am needing help designing password recover script. This script must include a password recovery script. I am needing for the person to reset there password, need to first answer a form named: Your Email. If the email is found, it goes to another form that asks for the secret answer. Then it goes to a form that asks the answer of there secret question that they entered when they first signed up. If the answer is correct it updates the database table value of the password with a random string generated with: abcdefghijklmnopqrstuvwxyz023456789 And it also, sends that password to the email provided. What I am wanting to know, is how would the code with the if statements would be structured like and the column types and names. Or if anyone has ever created something like this, and would be glad to post a snippet of there code would be great. Hi, im having trouble with the below code which is used in case user forgets password. If i enter username and ANY email, it will send there "Username" and "Password". off course i just want it to be sent only to existing email in db. any ideas? Thank you. <? include("fns.php"); include "config.php"; if(isset($_POST['Submit'])){ //1. Check if form fields are filled in if(!filledin($_POST)){ header( "Location:Messages.php?msg=7" ); exit(); } $name=$_POST['name']; $em=$_POST['mail']; //2. Check if entered name exist $query="Select pw from user where uname='$name'" or die(mysql_error()); $result= mysql_query($query); if(mysql_num_rows($result)>0){ for ($i=0; $i<mysql_num_rows($result); $i++) { $row = mysql_fetch_assoc($result); $pass=$row['pw']; $to="$em\r\n"; $from="From: \r\n"; $msg="Password:$pass\r\n"; $msg .="Username:$name\r\n"; $msg .="Your login information\r\n"; $subject=" Your Login Password\r\n"; } }else{ header( "Location:Messages.php?msg=8" ); exit(); } //4. Send password to user if(mail($to,$subject,$msg,$from)){ header( "Location:Messages.php?msg=9&email=<?php echo $em; ?>" ); exit(); //echo "Please click here to log"; }else{ header( "Location:Messages.php?msg=10"); exit(); } } I'm having trouble echoing $year in my script. Listed below is the script, just below ,$result = mysql_query("SELECT * FROM $dbname WHERE class LIKE '%$search%'") or die(mysql_error());, in the script I try to echo $year. It doesn't show up in the table on the webpage. Everything else works fine. Any help wold be appreciated greatly. Thanks in advance. <?php include 'config2.php'; $search=$_GET["search"]; // Connect to server and select database. mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect"); mysql_select_db("vetman")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $dbname WHERE class LIKE '%$search%'") or die(mysql_error()); // store the record of the "" table into $row //$current = ''; echo "<table align=center border=1>"; echo "<br>"; echo "<tr>"; echo "<td align=center>"; ?> <div style="float: center;"><a><h1><?php echo $year; ?></h1></a></div> <?php echo "</td>"; echo "</tr>"; echo "</table>"; // keeps getting the next row until there are no more to get if($result && mysql_num_rows($result) > 0) { $i = 0; $max_columns = 2; echo "<table align=center>"; echo "<br>"; while($row = mysql_fetch_array($result)) { // make the variables easy to deal with extract($row); // open row if counter is zero if($i == 0) echo "<tr>"; echo "<td align=center>"; ?> <div style="float: left;"> <div><img src="<?php echo $image1; ?>"></div> </div> <?php echo "</td>"; // increment counter - if counter = max columns, reset counter and close row if(++$i == $max_columns) { echo "</tr>"; $i=0; } // end if } // end while } // end if results // clean up table - makes your code valid! if($i > 0) { for($j=$i; $j<$max_columns;$j++) echo "<td> </td>"; echo '</tr>'; } mysql_close(); ?> </table> I generate php form lines from a database but cannot work out how to recover the text fields for lines 1, 2 & 4 using get or post - can anyone help? The url string below(get to see what is happening) contains titles BF and SG in lines 1 and 2 for the field name 'book' and then TG for line 4 but no title for line 3: http://localhost/test/test.php ?book%5BArray%3F%5D=BF&row_count=Array%3F &book%5BArray%3F%5D=SG&row_count=Array%3F &book%5BArray%3F%5D=&row_count=Array%3F &book%5BArray%3F%5D=TG&row_count=Array%3F This works up until if (email == email2){ What is wrong? Is it a problem with the queries? if(isset($_SESSION['rest']) || isset($_SESSION['chef'])){ header('Location:index.php');} if (isset($_POST['submit'])) { $errors = array(); // VALIDATION SCRIPT HERE $newpass = generatepassword(); $link = mysql_connect("****","*****","******") or die ("Could not connect!"); mysql_select_db("****"); $query = "SELECT `username`, `type` FROM `users` WHERE `username`='$username'"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) {$type = $row['type'];} $numrows = mysql_num_rows($result); if ($numrows!=1){ $errors[] = 'Username not Found (Usernames are case sensitive)';} if($email == '' || $username == ''){ $errors[] = 'Please Fill in all Fields';} if (empty($errors)){ if ($type = 1){ $res1 = mysql_query("SELECT `username`,`email` FROM `rests` WHERE `username`='$username'"); while($row1 = mysql_fetch_array($res1)) {$email2 = $row1['email'];} }else{ $res2 = mysql_query("SELECT `username`,`email` FROM `chefs` WHERE `username`='$username'"); while($row2 = mysql_fetch_array($res2)) {$email2 = $row2['email'];} if ($email2 == $email) { echo $newpass; mysql_query("UPDATE `users` SET `password` = '$newpass' WHERE `username`='$username'"); //SEND EMAIL $my_email = 'enquiries@bakerdesigns.co.uk'; $email_from = 'Chef Match'; $email_subject = "Your New Password :: Chef Match"; $message = "Your new password is $newpass<br>You may change this via your control panel later."; $referer = $_SERVER['HTTP_REFERER']; $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"]; if ($referer != $this_url) { echo "You do not have permission to use this script from another URL."; exit; } $from = "From: $email2\r\n"; mail($email2, $email_subject, $message, $from); $thanks = 'An email has been sent to $email2 containing your new password. Please check your junk folder.'; }} }else{$errors[] = 'Email did not match Username'; $thanks = 'Email could not be sent.';} } I have a script to let the user update their password, when I submit it i get a 500 error and I'm not sure. Here is the code: If (isset($_POST['update-password'])) { //This makes sure they did not leave any fields blank if (!$_POST['oldpw'] || !$_POST['pass'] || !$_POST['pass2'] ) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "You did not complete all of the required fields"; $error .="</span>"; setcookie('Errors', $error, time()+20); header('Location /useredit.php'); exit; } // checks if the password is correct $pass = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $pass = addslashes($pass); } $check = mysql_real_escape_string("SELECT * FROM YBK_Login WHERE pass = '{$pass}'"); mysql_query($check) or die( 'Query string: ' . $check . '<br />Produced an error: ' . mysql_error() . '<br />' ); // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= 'Your passwords did not match.'; $error .="</span>"; setcookie('Errors', $error, time()+20); header('Location: /useredit.php'); exit; } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['pass2'] = addslashes($_POST['pass2']); } // now we insert it into the database mysql_real_escape_string($insert = "UPDATE `YBK_Login` SET `pass` = '{$_POST['pass']}', `HR` = '{$_POST['pass2']}', `comment` = '{$_POST['oldpw']}' WHERE `ID` = {$_COOKIE['UID_WatsonN']}"); mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "<p>Thank you, your password has been updated.</p>"; $error .="</span>"; setcookie('Errors', $error, time()+20); header('Location: /useredit.php'); exit; } Okay I am a beginner and haven't coded in months. I am trying to find a tutorial or help figuring out how to build a lost password script for user log-in system I built a while ago. Can anyone help with either something that works that I can learn from, a tutorial somewhere? thanks Tim here is my change password script (This is being done by the admin)
<?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); require 'connect.php'; if(isset($_POST['change'])) { $newp = trim($_POST['npass']); $confp = trim($_POST['cpass']); if(empty(trim($newp))) { echo "<h3><center>You did not enter a new password!</center></h3>"; exit(); } if(empty(trim($confp))) { echo "<h3><center>You must confirm the password!</center></h3>"; exit(); } if($confp !== $newp) { echo "Passwords do not match!, try again."; } else { $sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '"; echo " ".$row['username']."\s password has been reset! "; } } ?> <html><title> Change password </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head> <body> <div id="form"> <form action='' method='POST'> <h2><b><center>Change Password</center></b></h2><br> <tr> <td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br> <td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br> <td><input type="submit" name="change" value="Change!" /></td> </tr> </form> </div><!-- end of form div --> </body> </html>I'm getting Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30 Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32And it say's \s password has been reset!It's saying that the variable row is undefined, it's defined in my edit user / select user page <?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); session_start(); require 'connect.php'; echo "<title> Edit a user </title>"; $sql = "SELECT id, username FROM $tbl_name ORDER BY username"; $result = $con->query($sql); while ($row = $result->fetch_assoc()) { echo "<div id='l'><tr><td>{$row['username']}</td> | <td><a href='editUser.php?id={$row['id']}'>Edit User</a> |</td> <td><a href='changepassword.php?id={$row['id']}'>Change Password</a> |</td> <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br> </tr></div>\n"; } ?>Also it doesn't actually UPDATE the password. I'm having a little issue with this script. It's returning: "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89" (Line 89 is: $num_rows1 = mysql_num_rows($result1) and "New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance." I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why? I also checked what is returned in the $result1 variable and it's the number 1. Code: [Select] elseif($_GET['forgot']=="password"){ function &generatePassword($length=9, $strength=0) { $vowels = 'aeiuy'; $consonants = 'bcdfghjkmnpqrstwz'; if ($strength & 1) { $consonants .= 'BCDFGJLMNPQRSTVXZ'; } if ($strength & 2) { $vowels .= "AEIUY"; } if ($strength & 4) { $consonants .= '23456789'; } if ($strength & 8) { $consonants .= '@#$%'; } $password = ''; $alt = time() % 2; for ($i = 0; $i < $length; $i++) { if ($alt == 1) { $password .= $consonants[(rand() % strlen($consonants))]; $alt = 0; } else { $password .= $vowels[(rand() % strlen($vowels))]; $alt = 1; } } return $password; } $new_password =& generatePassword(); $username=$_POST['username']; $sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if($num_rows==1){ $sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'"; $result1=mysql_query($sql1); $num_rows1 = mysql_affected_rows($result1); if($num_rows1==1){ $content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />'; $message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen. Below is the newly generated password: Password: '.$new_password.' Once you log-in, please change your password. Thank You, Make the Movie Happen Support Team '; mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com'); } else{ $content.='New password could not be generated. If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.'; } } else{ header("Location: ./index.php?forgot&e=1"); } } Hi. I have made a login script, but I would wan't to encrypt the password. I followed a tutorial and got this: login.php <?php $password = "secret"; echo $password; /* displays secret */ $password = sha1($password); echo $password; /* displays e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 */ ?> <form action="validate.php" method="post"> <label for="username">Username</label> <input type="text" name="username" id="username" /> <br /> <label for="password">Password</label> <input type="password" name="password" id="password" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> <?php ?> validate.php <?php include "setup.php"; /* get the incoming ID and password hash */ $username=$_POST['username']; $password=$_POST['password']; $password=md5($password); // Encrypted Password /* establish a connection with the database */ $server = mysql_connect("$db_host", "$db_username","$db_password"); if (!$server) die(mysql_error()); mysql_select_db("$database"); /* SQL statement to query the database */ $query = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'"; /* query the database */ $result = mysql_query($query); /* Allow access if a matching record was found, else deny access. */ if (mysql_fetch_row($result)) echo "Access Granted: Welcome, $username!"; else echo "Access Denied: Invalid Credentials."; mysql_close($server); ?> Its the line $password=md5($password); // Encrypted Password that messes everything up. If I delete it and login, everything is fine, if I add it it says Code: [Select] Access Denied: Invalid Credentials I need help with this one! And if someone have time, give me some ideas how to make PHP scripts safer! Regards Worqy I've never actually done a username password, retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW? thanks! Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code : <?php session_start(); include "connection.php"; //include_once('header1.php'); $msg=""; if($_SERVER['REQUEST_METHOD']=='POST' && empty($_POST['username']) || empty($_POST['password']) || empty($_POST['newpass']) || empty($_POST['newpassconfirm']) ) { $msg="empty fields"; } { $user=$_POST['username']; $pass=$_POST['password']; $newpass=$_POST['newpass']; $confirmpass=$_POST['newpassconfirm']; $result=mysql_query("SELECT password FROM user WHERE username='$user'"); if(!$result) { $msg="The Username You Entered Does not Exist"; } elseif($pass!= mysql_result($result,0)) { echo $msg="You Entered An Incorrect Password"; } if($newpass != $confirmpass) { $msg = "Passwords do not match"; } elseif($newpass=$confirmpass) $sql=mysql_query("update user set password='$newpass' where username ='$user'"); if($sql) { echo "Congrats you have successfully changed your password."; } header('refresh:3 databases.php'); } { ?> <html> <body> <?php echo $msg ; ?> <form class="changepass" action="changepass.php" method="POST"><P> <table><tr><td> Enter ur username :</td> <td> <input type="text" name="username" /></td></tr> <tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr> <tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr> <tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr> <tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr> </table> </form> </body> </html> <?php }?> <?php if (isset($_POST['reset-submit'])) { $selector = $_POST['selector']; $validator = $_POST['validator']; $password = $_POST['password']; $password2 = $_POST['password2']; // probably better to check this earlier if (empty($password) || empty($password2)) { header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator"); } elseif ($password !== $password2) { header("Location: ../create-new-password.php?newpassword=passwordsnotmatch"); } $currentDate = date("U"); require "dbh.inc.php"; $sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate"; $stmt = mysqli_stmt_init($conn); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "SQL error 1"; exit(); } else { mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); if (!$row = mysqli_fetch_assoc($result)) { echo 'You need to re-submit your reset request.'; exit(); } else { $tokenBin = hex2bin($validator); $tokenCheck = password_verify($tokenBin, $row['token']); if (!$tokenCheck) { echo 'You need to re-submit your reset request.'; exit(); } else { $email = $row['email']; $sql = "SELECT * FROM users WHERE email = $email"; $stmt = mysqli_stmt_init($conn); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "SQL error 2"; exit(); } else { mysqli_stmt_bind_param($stmt, 's', $email); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); if (!$row = mysqli_fetch_assoc($result)) { echo "SQL error 3"; exit(); } else { $sql = "UPDATE users SET password=? WHERE email=?"; $stmt = mysqli_stmt_init($conn); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "SQL error4 "; exit(); } else { $hashed_password = password_hash($password, PASSWORD_DEFAULT); mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email); mysqli_stmt_execute($stmt); $sql = 'DELETE FROM reset_password WHERE email=?'; $stmt = mysqli_stmt_init($conn); if (!mysqli_stmt_prepare($stmt, $sql)) { echo 'SQL error5'; exit(); } else { mysqli_stmt_bind_param($stmt, 's', $email); mysqli_stmt_execute($stmt); header("Location: ../signup.php?newpassword=updated"); } } } } } } } mysqli_stmt_close($stmt); mysqli_close($conn); header('Location: ../reset-password.php?reset=success'); } else { header('Location: ../index.php'); } I always get this errors:
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26
But i dont find the mistake in the Code. Can someone help me please This is my registering script: <?php include('connectvars.php'); $user_email = strip_tags(trim($_POST['email'])); $firstname = strip_tags(trim($_POST['firstname'])); $lastname = strip_tags(trim($_POST['lastname'])); $nickname = strip_tags(trim($_POST['nickname'])); $password = strip_tags($_POST['password']); $repassword = strip_tags($_POST['repassword']); $dob = $_POST['dob']; $find_us_question = strip_tags(trim($_POST['find_us_question'])); if (isset($_POST['submit_signup'])) { if ((empty($user_email)) || (empty($firstname)) || (empty($lastname)) || (empty($nickname)) || (empty($password)) || (empty($dob))) { echo "Please fill out all the fields!"; } else { // check char length of input data if (($nickname > 30) || ($firstname > 30) || ($lastname > 30) || ($user_email > 50)) { echo "Your nickname, first- and/or lastname seem to be too long, please make sure you have them below the maximum allowed length of 30 characters!"; } else { // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { // encrypt password $password = sha1($password); $repassword = sha1($repassword); if ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $query = sprintf("INSERT INTO user (firstname, lastname, nickname, password, email, dob, doj) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', now())", mysqli_real_escape_string($dbc, $firstname), mysqli_real_escape_string($dbc, $lastname), mysqli_real_escape_string($dbc, $nickname), mysqli_real_escape_string($dbc, $password), mysqli_real_escape_string($dbc, $user_email), $dob); mysqli_query($dbc, $query); mysqli_close($dbc); echo "You have been successfully registered!"; } } } } } ?> A bunch of nested if statements, the read-ability gets worse after a while, I'm new to programming so I don't know if there's a better more read-able solution. Anyway, every time I try to sign up it's printing out the echo message: "Your password must be between 6 and 25 characters!" Which derives from: // check password char length if (($password > 25) || ($password < 6)) { echo "Your password must be between 6 and 25 characters!"; } else { EVEN if I stay between 6 and 25 characters it's still printing out this error message, let's say I have a password of 8 characters, and I've entered everything else correctly, it's still giving me all the time this error message, and I can not figure out why. I want to id each comment so that where any member response on a comment, the INSERT and the SELECT knows where to display the responses, to what comment the responses belong to. t. it is like creating an id for each comment so the SELECT display each responses below in its messages. but i don't know if it is an html, php or javascript issue to handle below there are two forms, the parent form and the responses form below each comment form, I want the responses to display below each comment to what it belongs too. I have some tables structure problems and some html issues. the javascript is working for the parent comment it is working perfectly but for the second form the responses form it is not displaying below the comments. Code: [Select] <?php $id = $_GET['id']; // this id of the user being commented in the user table I guess I will need that id to identify which user is being commented "profile" that's the id of his profile if (isset($_SESSION['id'])) { $userid = $_SESSION['id']; $username = $_SESSION['name']; } else { // do this } // the userid contains the id and name of the user commenting "the user logged in". if ($_POST['comment_field_1'] != ""){ $comment_field_1 = $_POST['comment_field_1']; $comment_field_1 = stripslashes($comment_field_1); $comment_field_1 = strip_tags($comment_field_1); $comment_field_1 = mysql_real_escape_string($comment_field_1); $comment_field_1 = eregi_replace("'", "&#38;#39;", $comment_field_1); $sql = mysql_query("INSERT INTO comments (mem_id,commented_men_id, the_message,parent_id, message_date) VALUES('$userid','$idc','$comment_field_1', $parent_id now())") or die (mysql_error()); // i guess the $parent_id should be initialize somewhere in the top with a value of 0 or 1 depending weather it is a response or a comment. } // men_id is the field of the $userid, commented_men_id is the field for the commented on, $idc variable etc... if ($_POST['comment_field_2'] != ""){ // responses form field $comment_field_2 = $_POST['comment_field_2']; $comment_field_2 = stripslashes($comment_field_2); $comment_field_2 = strip_tags($comment_field_2); $comment_field_2 = mysql_real_escape_string($comment_field_2); $comment_field_2 = eregi_replace("'", "&#38;#39;", $comment_field_2); $sql = mysql_query("INSERT INTO comments (mem_id,commented_men_id, the_message,sub_commented_id, message_date) VALUES('$userid','$idc','$comment_field_1', $sub_commented_id now())") or die (mysql_error()); // here instead of $parent_id I use field created for responses to tag a comment as a response should be initialize somewhere in the top with a value of 0 or 1 depending weather it is a response or a comment. I am not sure weather I should leave the parent_id variable or come with this new field $sub_commented_id. What do you think? } // men_id is the field of the $userid, commented_men_id is the field for the commented on, $idc variable etc... if (isset($_SESSION['id'])) { if ($_SESSION['id'] == $userid ) { $the_message_form = ' comment (220 char max) <form align="left" id="comment" action="profile.php?id='.$idc.'" method="post" enctype="multipart/form-data" name="message_from"> <textarea type="text" id="text1" name="comment_field_1" rows="3" style="width:97%;"></textarea> <input class="commentinput" name="submit" type="button" value="submit comment" align="left" /> </form>'; } } $sql1 = mysql_query("SELECT id, mem_id, commented_men_id, the_message,parent_id, message_date FROM comments WHERE commented_men_id='$idc' ORDER BY message_date DESC LIMIT 20")or die ( mysql_error () ); $i = 0; while($row = mysql_fetch_array($sql1)){ $j = $i++; $message_id = $row["id"]; $uid = $row["mem_id"]; $the_message= $row["the_message"]; $message_date = $row["message_date"]; $message_date = strftime("%b %d, %Y, %Y %I:%M:%S %p", strtotime($message_date)); $sql_mem_data = mysql_query("SELECT id, name FROM users WHERE id='$uid' LIMIT 1"); while($row2 = mysql_fetch_array($sql_mem_data)){ $uid = $row2["id"]; $ufirstname = $row2["name"]; $ufirstname = mb_strimwidth($ufirstname, 0, 20, '…'); } $messageDisplayList .= ' <table width="100%" align="center" cellpadding="4" bgcolor="#CCCCCC" style="margin-bottom:0.5em"> <tr> <td width="auto" height="auto" bgcolor="#EFEFEF" style="vertical-align:top"><a width="auto" height="auto" title="'.$row2["name"] .' "href="profile.php?id='.$uid .'&name='.$row2["name"].'">' .$user_pic. '</a><br /> </td> <td width="93%" bgcolor="#EFEFEF"><a href="profile.php?id='.$uid.'">' . $ufirstname . ' </a> • <span style="font-size:10px; font-weight:bold; color:#A6A6A6;">' . $message_date . '</span><br /> <p id="only"> ' . $the_message . '</p><span class="comment">•<a style="padding-left:3.5px; color:#0099ff" href ="">Comment</a></span><div class="commentForm"><form align="left" id="bring" action="profile.php?id='. $uid .'" method="post" enctype="multipart/form-data" name="message_from"> <textarea name="comment_field_2" type="text" id="text2" rows="3" style="width:100%; height:30px;"></textarea> <input id="bringinput" name="submit" type="button" value="submit" align="left" /> </form></div> </td> </tr> </table> <br/>'; } $sql_sub_coment = mysql_query ("SELECT id, mem_id, commented_men_id, sub_commented_id, the_message, message_date FROM comments WHERE sub_commented_id='$blabid3' AND sub_commented_id != 0 ORDER BY blab_date DESC LIMIT 20"); while($row3= mysql_fetch_array($sql_sub_coment)){ $$message_id3 = $row3_sub["id"]; $uid3 = $row3_sub["mem_id"] ; $the_message3 = $row3_sub["the_message"]; $message_date3 = $row3_sub["message_date"]; $message_date3 = strftime("%b %d, %Y, %Y %I:%M:%S %p", strtotime($blab_date3)); $sql_mem_data = mysql_query("SELECT id, name FROM user WHERE id='$uid3' LIMIT 1"); while($row4 = mysql_fetch_array($sql_mem_data)){ $uid4 = $row4["category_id"]; $ufirstname2 = $row4["name"]; $ufirstname2 = mb_strimwidth($ufirstname2, 0, 20, '…'); } $$messageDisplayList2 .= '<table width="100%" align="center" cellpadding="4" bgcolor="#CCCCCC" style="margin-bottom:0.5em"> <tr> <td width="auto" height="auto" bgcolor="#FFFFFF"><a width="auto" height="auto" title="'.$row3["name"] .' "href="profile.php?category_id='.$uid4 .'">' .$blabber_pic2. '</a><br /> </td> <td width="93%" bgcolor="#EFEFEF"><a href="profile.php?id='.$uid4.'">' . $ufirstname2 . ' </a> • <span style="font-size:10px; font-weight:bold; color:#A6A6A6;">' . $message_date3 . '</span><br /><p id="submessage">' . $the_message3 . '</p> </td> </tr> </table>'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title> <link rel="stylesheet" href="style/style.css" type="text/css" media="screen" /> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript"> $(document).ready(function(){ $(".commentForm").hide(); $(".comment").bind('click', function(){ $(this).nextAll(".commentForm:first").slideToggle(); return false; }); var html = $("#text1").html(); $(".blabinput").click(function() { console.log("AJAX EVENT OCCURED") $.post($('#comment').attr("action"), $("#comment").serialize(), function(html) { // Find the first table after the form in the HTML from the server and append it to the form on the page. $(html) .find('form + table').insertAfter('#comment').after('<br />'); }); }); var html2 = $("#text2").html(); $(".bringinput").click(function() { console.log("AJAX EVENT OCCURED") $.post($('#bring').attr("action"), $("#bring").serialize(), function(html2) { // Find the first table after the form in the HTML from the server and append it to the form on the page. $(html2) .find('form + table').insertAfter('#bring').after('<br />'); }); }); }); That's what I have so far. the first form the parent form is submitting and posting with the jquery of id #message, then the #bring id for the id of the second form or the response form is not working properly, it is inserting but posting the comment in the p tags with id only., that's where the parent comment post not the response comment form. it should post below but, somehow I have the html and the jquery mess up. Need help in there. the comment text is sliding toggling but the second time I click on, meaning sometimes it won't toggle the first time I click on it. But the main issue now is getting the responses form displaying below and Ajaxing without browser refresh. My website is being overrun with spam and I am trying to install a php captcha script. I have installed php 5 on my website askthephysicist.com which is hosted on a 1&1 Windows server, but I think the problem is that I do not know where to point my script to find the lib. I have very little fluency with any scripting languages. Anyhow, the beginning of the script reads: <?php require 'CaptchasDotNet.php'; // Required Parameters // Replace the values you receive upon registration at http://captchas.net. // // client: 'demo' // // secret: 'secret' // and when I run it I get the message: Fatal error: require(): Failed opening required 'CaptchasDotNet.php' (include_path='.:/usr/lib/php5.5') in /homepages/29/d191906528/htdocs/askthephysicist/query.php on line 4 The whole code may be found at http://captchas.net/sample/php/ if that is helpful, but the error occurs with the first statement require 'CaptchasDotNet.php'; I'm have trouble getting my script to show images in a table across the screen. I want to show the picture and have the description shown below it. Right now it shows it in a column with the name next to it. Any help would be greatly appreciated. Thanks in advance. Below is the script. <?php include 'config1.php'; // Connect to server and select database. mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect"); mysql_select_db("vetman")or die("cannot select DB"); $result = mysql_query("SELECT * FROM $dbname WHERE year = '1954'") or die(mysql_error()); // store the record of the "" table into $row //$current = ''; // keeps getting the next row until there are no more to get if($result && mysql_num_rows($result) > 0) { $i = 0; $max_columns = 3; echo "<table>"; echo "<br>"; while($row = mysql_fetch_array($result)) { // make the variables easy to deal with extract($row); // open row if counter is zero if($i == 0) echo "<tr>"; echo "<td align=center>"; ?> <div> <a><img src="<?php echo $tn; ?>"</a><a><?php echo $title; ?></a></div> <?php echo "</td>"; // increment counter - if counter = max columns, reset counter and close row if(++$i == $max_columns) { echo "</tr>"; $i=0; } // end if } // end while } // end if results // clean up table - makes your code valid! if($i > 0) { for($j=$i; $j<$max_columns;$j++) echo "<td> </td>"; echo '</tr>'; } mysql_close(); ?> </table> Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 |