PHP - Password Reset Being Bypassed, Why?

Hello

I've recently been made aware that I need to hash the token I use when allowing users to reset their password.

I have a working solution but I'm hoping someone could let me know if this is an adequate way of doing it;

1. User enters their email, I check whether their actually a member and then...     create a passcode (1)     create a salt (2)     hash them together to create a passcode_hash (3)     insert the (2) and (3) into the database     send an email to the user with a link using (1) and the userid in the address 2. When the link is followed...     $_GET the userid and lookup the salt and passcode_hash for that id     hash together the passcode in the URL with the salt, and compare that to passcode_hash     if that is successfull then allow an update of the password (show the update form) 3. The password update form is sent along with two hidden fields (the passcode and userid from the URL)     On the form processing script I perform the same check as on Step 2 to check the passcode and user id have not been messed with     Update the password and delete the passcode Hopefully that makes sense... is that correct?

Here is my code that compares the passcode with the passcode_hash....
 

// get the passcode and email from URL (I will sanitize these)
        $passcode = $_GET['passcode'];
        $member_id = $_GET['uid'];

        // find the salt associated with the userid
        $stmt = $db->prepare("SELECT passcode,salt FROM members_verify WHERE members_id = ?");
        $stmt->bind_param('i',$member_id);
        $stmt->execute();
        $stmt->bind_result($db_passcode,$salt);
        $stmt->fetch();
        $stmt->close();

        // Create salted password
        $passcode_hash = hash('sha512', $passcode . $salt);

        if($passcode_hash===$db_passcode){
            $allowUpdate = 'yes';
        }

Any advice would be great
Edited by paddyfields, 07 June 2014 - 08:18 AM.

for some reason the password reset part of my site has stopped working and I am very sure that nothing has been altered in the related files since they was created.

a visitor clicks 'reset password' link on our site and is taken to the following file which initiates the reset password routine.  the visitor would get a link they need to click for the password to be altered and emailed to them.

this first file does update the database with a `changeofpasswordcode`and this is emailed as it should be.

Code: [Select]
<?PHP
  include('includes/connection.php');
  include('includes/functions.php');
  date_default_timezone_set('Europe/London');

  if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset Password') {

    $email    = mysql_real_escape_string($_POST['email']);

    $checkConfirmed = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verifyCode != '' LIMIT 1");
$checkEmail = mysql_query("SELECT account_id FROM customers WHERE email='$email' LIMIT 1");
$checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
    $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

    if(!$email) {
      $thisError = 'Please enter your e-mail address.';
    } else if(! mysql_num_rows($checkEmail)) {
      $thisError = 'That email address is not registered with us.';
    } else if(mysql_num_rows($checkConfirmed)) {
      $thisError = 'Your email address has not been verified, please check your email and following instructions within.';
    } else if(mysql_num_rows($checkVerify)) {
      $thisError = 'Your account has not been approved by an Admin.';
    } else if(mysql_num_rows($checkBanned)) {
      $thisError = 'Your account has been suspended by an Admin.';
    } else {
      //
    }
  }

  include('includes/header.php');
?>
<body>

  <div class="headerBar">
<? include('includes/navigation.php');?>
  </div>

  <? headerText(); ?>

  <div class="content">
    <div class="widthLimiter contentStyle">
      <div class="formWrapper" style="width: 500px;">
        <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
        <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
        <span class="subHeader">Initiate Password Reset</span>
<? // password reset
$useremail  = isset($_POST['email']) != '' ? trim($_POST['email']) : '' ;
if ($useremail != "") {
// get email and password and email them
$sql = "SELECT * FROM `customers` WHERE (`email` = '" . mysql_real_escape_string($useremail) . "') LIMIT 1";
$res = mysql_query($sql);
$email = @mysql_result($res, 0 ,'email');
$customerName = @mysql_result($res, 0 ,'fullname');
if(@mysql_num_rows($res) && @mysql_result($res, 0 ,'verified') == "Yes" && @mysql_result($res, 0 ,'suspended') == "No") {
if(@mysql_result($res, 0 ,'changeofpasswordcode') != "") {
$randomcode = @mysql_result($res, 0 ,'changeofpasswordcode');
} else { $randomcode = CreatePasswordResetCode();
}
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['randomcode'] = $randomcode;
createEmailSend('passwordReset', 'Request to reset your password', 'customer');
$format = 'Y-m-d H:i:s'; $date = date( $format );
// set value in DB that email WAS sent
$sql = "UPDATE `customers` SET `changeofpasswordcode` = '" . $randomcode . "', `newpasswordrequestedon` = '" . $date . "' WHERE `email` = '" . mysql_real_escape_string($email) . "' LIMIT 1";
$res = mysql_query($sql);
?><br /><br /><div>You will shortly receive an email which contains a reset password link,<br>please check your email and click this link to reset your password.<br /><br />A new password will then be emailed to you.</div><?
} else { // not valid username entered.
?><br /><br /><div>If you are having trouble accessing your account please let us know<br />via <a href="mailto:admin@tm2cars.co.uk">email</a> and we shall look into this
    for you A.S.A.P.</div><?
}
} else { ?><br /><br /><div style=""><form method="post" action="">Please enter your Email Address for your account in the<br>field below and click 'Reset' to initiate a password reset.<br /><br /><input name="email" type="text" size="25"><input type="submit" name="reset" value=" Reset Password"></form></div>
  <?
  } ?>
      </div>
    </div>
  </div>
<? include('includes/footer.php');?>
</body>
</html>

once they get their email they click the link which taken them to the next page which would perform the change of password and have it emailed to them.  the link has the correct `changeofpasswordcode` which is in the database but when the link is clicked the page says that the code is not valid as it is not in the DB.  and then it removes the `changeofpasswordcode`

it should only remove the `changeofpasswordcode` once the new password is setup and emailed, so that the link can not be used again.

what i do not understand is why the second file does this, can anyone see what i might be doing wrong ?  or what could be causing this  ?

Code: [Select]
<?PHP
  include('includes/connection.php');
  include('includes/functions.php');
  date_default_timezone_set('Europe/London');

  if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset') {

    $email    = mysql_real_escape_string($_POST['email']);

    $checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
    $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

    if(!$email) {
      $thisError = 'Please enter your e-mail address.';
    } else if(!$password) {
      $thisError = 'Please enter your password.';
    } else if(mysql_num_rows($checkVerify)) {
      $thisError = 'Your account has not been approved by an Admin.';
    } else if(mysql_num_rows($checkBanned)) {
      $thisError = 'Your account has been suspended by an Admin.';
    } else {
      $password = md5($password);

      $checkAccount = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND password='$password' LIMIT 1");
      if(mysql_num_rows($checkAccount)) {
        $_SESSION['FM_user'] = $email;
        header('Location: members.php'); exit;
      } else {
        $thisError = 'Your e-mail address and/or password is incorrect.';
      }
    }
  }

  include('includes/header.php');
?>
<body>

  <div class="headerBar">
<? include('includes/navigation.php');?>
  </div>

  <? headerText(); ?>

  <div class="content">
    <div class="widthLimiter contentStyle">
      <div class="formWrapper">
        <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
        <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
        <span class="subHeader">Initiate Password Reset</span>
<?
// include("sendmail2010.php");
$securitycode = stripstring($_GET[pwr]);
if ($securitycode != "") { $sql = "SELECT * FROM `customers` WHERE `changeofpasswordcode` = '".mysql_real_escape_string($securitycode)."' LIMIT 1";
$res = mysql_query($sql);
if (@mysql_num_rows($res) && $securitycode != "") {
$customerName = @mysql_result($res, 0 ,'fullname');
$email = @mysql_result($res, 0 ,'email');
$yourpasswordtologin = CreateNewPassword();
$format = 'Y-m-d H:i:s'; $date = date( $format );
$sql = "UPDATE `customers` SET `password` = '" . md5(mysql_real_escape_string($yourpasswordtologin)) . "', `changeofpasswordcode` = '', `newpasswordrequestedon` = '' WHERE `changeofpasswordcode` = '" . mysql_real_escape_string($securitycode) . "' LIMIT 1";
$res = mysql_query($sql);
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['generatePass'] = $yourpasswordtologin;
createEmailSend('newPassword', 'Your new password', 'customer');
?><div style="margin: 30px;">Thank you for completing your password reset process.<br><br>An email with a randomly generated password has been sent to your email address, please check your email account for this email as you will need this password to access your <?=$_SESSION['siteName'];?> account.<br><br><strong><em>Please check your 'spam folder' in case our emails are showing up there.</em></strong><br><br>You may now <a href="<?=$_SESSION['webAddress'];?>">sign in</a> to your account.</div><?
} else { ?><div style="margin: 20px;">Sorry the link you clicked is and old password reset link or is not valid, please delete the email.<br><br>If you were trying to reset your password, please click the<br>'Member Login' link on our site and then click the 'Reset Password' link.</div><?
}
} ?>
      </div>
    </div>
  </div>
<? include('includes/footer.php');?>
</body>
</html>

Hi guys

I have this code, where it gets clicked from an email and then compares the tmp password etc and updates the new password in md5 format. I have been trying to find the issue why it doesnt update the password but i couldn't

can u help me to find out why? Please note all the db field names are correct in the code below. thanks in advance



<?php
include ("include/global.php");
include ("include/function.php");

$code = $_GET['code'];

    if (!$code){
Header("Location: forgotpassword.php");
}
else
{
 if (isset($_POST['reset']) && $_POST['reset'])
 {
 
$myemail=$row['email'];  
$mycurrentpass=$row['currentpass'];
$mynewpass=$row['newpassword'];
$myrepass=$row['repassword'];  
//


$getcurrentinfo=mysql_query("SELECT email,password FROM users WHERE email='$myemail'");
while($row = mysql_fetch_array($getcurrentinfo))
{
$currentemail=$row['email'];
$currentpass=$row['password'];
}  
//

  $newpassword = md5($mynewpass);
  $repeatpassword = md5($myrepass);


if($myemail==$currentemail&& $currentpass==$mycurrentpass)
 

 {

if($newpassword==$repeatpassword)

{

$updatepass=mysql_query("UPDATE users SET password='$newpassword' WHERE email='$myemail'");

}  
 else {echo "Information provided are not correct, please try again with correct information";}
 }
else {echo "Information provided are not correct, please try again with correct information";} 
 }

 
 }


?>
    
          <html>
        <head>
        <script type="text/javascript" src="/js/jquery.js"></script>
        <script type="text/javascript" src="/js/jquery.validate.js"></script>
<script type="text/javascript" src="/js/jquery.pstrength-min.1.2.js"></script>

<script type="text/javascript">
            
 $(function() {
$('.password').pstrength();
});

  $(document).ready(function(){
    $("#form").validate({
  rules: {
    email: {
      required: true,
      email: true
    }
  }
});
  });

  </script>
  
  </head>
        <body>
  
         <fieldset> 
     <form action='' method='POST' id='form'>
    
        <p>Enter Your Email: </p>
        <p>
          
          <input type='text' name='email' class="required"></td>




        <p>Enter Your Temporary Password: </p>
        <p>
          
          <input type='text' name='currentpass' class="required"></td>
          
            <p>Enter Your New Password: </p>      <p>
          
          <input type='text' name='newpassword' class="password"></td>
          
          
                      <p>Repeat Your New Password: </p>      <p>
          
          <input type='text' name='repassword' class="required"></td>
          
          
          </table>
        </p>
       <p>
         <input type='submit' name='reset' value='Submit' id='form'>
       </form>
    </fieldset>
    
    </body>
    </html>

I have tried resetting the password on my old account and the email never arrives , nor do my notifications for posts.

<?php

if (isset($_POST['reset-submit'])) {
    $selector = $_POST['selector'];
    $validator = $_POST['validator'];
    $password = $_POST['password'];
    $password2 = $_POST['password2'];

    // probably better to check this earlier
    if (empty($password) || empty($password2)) {
        header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator");
    } elseif ($password !== $password2) {
        header("Location: ../create-new-password.php?newpassword=passwordsnotmatch");
    }

    $currentDate = date("U");

    require "dbh.inc.php";
    
    $sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate";
    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo "SQL error 1";
        exit();
    } else {
        mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate);
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        
        if (!$row = mysqli_fetch_assoc($result)) {
            echo 'You need to re-submit your reset request.';
            exit();
        } else {
            $tokenBin = hex2bin($validator);
            $tokenCheck = password_verify($tokenBin, $row['token']);

            if (!$tokenCheck) {
                echo 'You need to re-submit your reset request.';
                exit();
            } else {
                $email = $row['email'];
                $sql = "SELECT * FROM users WHERE email = $email";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    echo "SQL error 2";
                    exit();
                } else {
                    mysqli_stmt_bind_param($stmt, 's', $email);
                    mysqli_stmt_execute($stmt);
                    $result = mysqli_stmt_get_result($stmt);
                    if (!$row = mysqli_fetch_assoc($result)) {
                        echo "SQL error 3";
                        exit();
                    } else {
                        $sql = "UPDATE users SET password=? WHERE email=?";
                        $stmt = mysqli_stmt_init($conn);
                        if (!mysqli_stmt_prepare($stmt, $sql)) {
                            echo "SQL error4 ";
                            exit();
                        } else {
                            $hashed_password = password_hash($password, PASSWORD_DEFAULT);
                            mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email);
                            mysqli_stmt_execute($stmt);
                            $sql = 'DELETE FROM reset_password WHERE email=?';
                            $stmt = mysqli_stmt_init($conn);
                            if (!mysqli_stmt_prepare($stmt, $sql)) {
                                echo 'SQL error5';
                                exit();
                            } else {
                                mysqli_stmt_bind_param($stmt, 's', $email);
                                mysqli_stmt_execute($stmt);
                                header("Location: ../signup.php?newpassword=updated");
                            }
                        }
                    }
                }
            }
        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);

    header('Location: ../reset-password.php?reset=success');
} else {
    header('Location: ../index.php');
}

I always get this errors:

Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 30
You need to re-submit your reset request.

 

But i dont find the mistake in the Code. Can someone help me please

Forgot Your Password Not working at the customer end, how to solve this error?  Reset Password Email not sending to the customer mail account.

Edited June 13, 2019 by aveeva

Code: [Select]
<?php 
include 'config.php';
//include 'dbc.php';
?>
<?php
function filter($data) {    // <--line 6 
$data = trim(htmlentities(strip_tags($data)));

if (get_magic_quotes_gpc())
$data = stripslashes($data);

$data = mysql_real_escape_string($data);

return $data;
}
?>
<?php
/******************* ACTIVATION BY FORM**************************/
if ($_POST['doReset']=='Reset')
{
$err = array();
$msg = array();

foreach($_POST as $key => $value) {
$data[$key] = filter($value);
}
if(!isEmail($data['email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}

$email = $data['email'];

//check if activ code and user is valid as precaution
$rs_check = mysql_query("select id from users where email='$email'") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num <= 0 ) { 
$err[] = "Error - Sorry no such account exists or registered.";
//header("Location: forgot.php?msg=$msg");
//exit();
}


if(empty($err)) {

$new_pass = GenPwd();
$pass_reset = MD5($new_pass);
//$sha1_new = sha1($new);
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pass='$pass_reset' WHERE 
 email='$email'") or die(mysql_error());
 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);  
 
//send email

$message = 
"Here are your new password details ...\n
User Email: $email \n
Passwd: $new_pass \n

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

mail($email, "Reset Password", $message,
    "From: \"Member Registration\" <auto-reply@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());  
 
$msg[] = "Your account password has been reset and a new password has been sent to your email address.";  
 
//$msg = urlencode();
//header("Location: forgot.php?msg=$msg");  
//exit();
 }
}
?>
<html>
<head>
<title>Forgot Password</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
  <script>
  $(document).ready(function(){
    $("#actForm").validate();
  });
  </script>
<link href="styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
  <tr>
    <td colspan="3">&nbsp;</td>
  </tr>
  <tr>
    <td width="160" valign="top"><p>&nbsp;</p>
      <p>&nbsp; </p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p></td>
    <td width="732" valign="top">
<h3 class="titlehdr">Forgot Password</h3>

      <p>
        <?php
  /******************** ERROR MESSAGES*************************************************
  This code is to show error messages 
  **************************************************************************/
if(!empty($err))  {
   echo "<div class=\"msg\">";
  foreach ($err as $e) {
    echo "* $e <br>";
    }
  echo "</div>";
   }
   if(!empty($msg))  {
    echo "<div class=\"msg\">" . $msg[0] . "</div>";

   }
  /******************************* END ********************************/   
  ?>
      </p>
      <p>If you have forgot the account password, you can <strong>reset password</strong>
        and a new password will be sent to your email address.</p>

      <form action="forgot.php" method="post" name="actForm" id="actForm" >
        <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform">
          <tr>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td width="36%">Your Email</td>
            <td width="64%"><input name="email" type="text" class="required email" id="txtboxn" size="25"></td>
          </tr>
          <tr>
            <td colspan="2"> <div align="center">
                <p>
                  <input name="doReset" type="submit" id="doLogin3" value="Reset">
                </p>
              </div></td>
          </tr>
        </table>
        <div align="center"></div>
        <p align="center">&nbsp; </p>
      </form>
 
      <p>&nbsp;</p>
   
      <p align="left">&nbsp; </p></td>
    <td width="196" valign="top">&nbsp;</td>
  </tr>
  <tr>
    <td colspan="3">&nbsp;</td>
  </tr>
</table>

</body>
</html>



Fatal error: Cannot redeclare filter() (previously declared in/forgot.php:6)

what is wrong ?

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];
               
            echo "
            
               <h4>Options for:</h4> &nbsp; $username
               <br />
               <br />
               First name: &nbsp; $firstname
            
               <br />Last name: &nbsp; $lastname       
   
   <br /><br /><h3>Want to change your password:</h3><br />
   
      <form action='?do=option' method='post'>
   
      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />
                  
      <center></div><input type='submit' value='Submit'/></center></form>";   
      
            
         }else{
            echo 'Please login to view your options!';
         }
      
      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];
      
      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }
      
      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }
      
      //Find if entered data is correct
      
      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];

            
         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")
      
      ?>          

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)                                                 
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>
  
</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
 kc = e.keyCode?e.keyCode:e.which;
 sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
 if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
 else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>
      
      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }
  
  
     
   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>


<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>


Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

i have two drop down lists in a form and some text fields and then the SUBMIT and RESET button...when i click my first dropdown the values are populated in the second dropdown by ajax call. the problem i face is when i click on the reset button the values in the textfields and my first dropdown get reset to default value.but the value in the second drop down does not reset to the default value i have given instead it still has the value of the ajax call....any ideas to sort it out?

i am using countdown timer,it gets remaining time in seconds and displays cont down.but when i changed the remaining time for the countdown it displays the same old timer and did not update its countdown time. i need a deperate help for it , can some help me.

I have a login.php that has a usual login form with a username and password textbox and a login button that redirects to index.php. when I login and go to the index.php, the welcome sign is on but after I click on a link that points to index.php itself, the "welcome, <myname>" sign is replaced with "sign in" again (the cookie disappears) even though I put a checking on top of the index.php page..

here's my code in index.php:

<?php
if ($_COOKIE['activeuser'] != '#') {
} else {
setcookie('activeuser','#',time()+60*100);
}
include('connect.php'); //this code connects to my database
if (isset($_POST['bLogin'])) {
$sql = 'SELECT * FROM user WHERE username = "'.$_POST['tfUsername'].'"';
$sql .= ' AND password = "'.$_POST['tfPassword'].'"';
$result = mysql_query($sql,$con);
if($result) {
$row = mysql_fetch_array($result);
$_COOKIE['activeuser'] = $row['name'];
} else {
echo 'query error';
}
}
if ($_COOKIE['useraktif'] != '#') {
echo '<div id="welcome">Welcome, ' . $_COOKIE['activeuser'];
echo '<br/><a href="logout.php">Logout</a></div>';
} else {
echo '<div class="signIn"><a href="login.php">sign in</a></div>';
echo '<div class="signIn"><a href="#">Register</a></div>';
}

I have an app that connects to a source safe server to perform a command via shell_exec(). I had used exec(), but shell_exec seems to work better since I am on Linux.

The command connects to the server and tells it to promote a file to the next level. On Windows this ran without a hitch, but on Linux I gat an error that reads:
Quote

Socket error when reading request from [172.20.22.1]: 3537808 ; Socket closed.

I am told that the reason for this error is that PHP broke the connection to the server before the server completed the job and was able to shutdown properly.

The only way I have found around this is to place a sleep(3) to the script. This is really not ideal since that means that there is at least 3 seconds between each command, which can really extend the time it takes to perform if there are numerous files.

If PHP breaks the connection before the program can close it will leave the program open and PHP cannot perform any more commands to the server since it is stuck on the last command. If too many are given the machine will lock up due to resources being eaten up.

I'm wanting to know if there is a way to tell PHP to not let go of a connection so quickly.

I tried "nohup", but that does not help.

I am new to Linux and am at a loss of what my options are beyond the sleep() method. I really feel that there has to be a better way or setting that can be manipulated to fix this issue altogether.

Thanks in advance for any help.

Cy

Is there a way to reset a session?

Here is my code...
Code: [Select]
<?php  
session_start(); 
if (!isset($_SESSION['logged_in'])) 
{
header("Location: login.php");
}

mysql_connect("localhost", "user", "password")or die("cannot connect"); 
mysql_select_db("database")or die("cannot select DB");

$bio = $_POST['Bio'];
$location = $_POST['Location'];
$username = $_SESSION["user_name"];

$sql = "UPDATE users SET bio = '$bio', location = '$location' WHERE username = '$username'";
$result = mysql_query($sql) or die ("Error in query: $sql. " . mysql_error());
?>
Now I have a session called bio that I need to reset so that it will store the new bio information. How can I do this? I tried to unset the session and start it again but this didn't work.

Code: [Select]
function my_fav_quote_show_optin_form() {

if (!empty($_POST['my_fav_quote_email'])) {

my_fav_quote_opt_in();
}
$out2 = '';

$out = '<form action="" name="myform "method="post" id="requestQuote">';
$out .= '<table style="padding="0px" width="40px">';
$out .= '<tr><td>Name:*</td><td><input type="text" name="my_fav_quote_name" id="my_fav_quote_name"/></td></tr>';
$out .= '';
$out .= '<tr><td>Email:*</td><td><input type="text" name="my_fav_quote_email" id="my_fav_quote_email"/></td></tr>';

$out .= '';
$out .= '<tr><td>Phone:*</td><td><input type="text" name="my_fav_quote_phone" id="my_fav_quote_phone"/></td></tr>';

$out .= '';

$out .= '<tr><td>Event Date(optional):</td><td><input type="text" name="my_fav_quote_date" id="my_fav_quote_date"/></td></tr>';
$out .= '';

$out .= '<tr><td>Estimated Number of Guests(optional):</td><td><input type="text" name="my_fav_quote_guest" id="my_fav_quote_guest"/></td></tr>';
$out .= '';

$out .= '<tr><td>Desired Price Range Per Person (optional):</td><td><input type="text" name="my_fav_quote_rate" id="my_fav_quote_rate"/></td></tr>';
$out .= '';
$out .= '<tr><td style="vertical-align: middle;">Message:<br>(List your special requests, any food allergies , event description , special menu items that are not listed or any other information you think will helpful) </td><td><textarea placeholder=""  name="my_fav_quote_message" id="my_fav_quote_message"></textarea></td></tr>';
$out .= '';
$out .= '<tr><td>Security code:*</td><td><img src='.get_bloginfo('wpurl').'/wp-content/plugins/quote-cart/captcha.php?width=60&height=30&characters=5" /></td></tr>';
$out .= '';
$out .= '<tr><td>Input Above Security Code He *</td><td><input type="text" name="security_code" id="security_code" size="5"></td></tr>';
$out .= '';

$out .='<tr><td colspan="2">';
if ( function_exists( 'my_fav_quote_display' ) ){
$out .= my_fav_quote_display();
}



if ( function_exists( 'my_fav_quote_display3' ) ){
$out .= my_fav_quote_display3();
}


$out .='</td></tr>';
$out .= '<tr><td colspan=2 align=center><input type="submit" value="Request Quote" onclick="return chk_validation()" style="background-color:#000;color:#FFF;padding:5px;margin-top:10px;border:none;cursor:pointer;"/> 
<input type="button" onclick="formReset()" value="Reset form" />

</td></tr>';

$out .='</table></form>';
echo $out;
?>
<script language="javascript" type="text/javascript">
//<![CDATA[
function validate_email(field,alerttxt)
{

  apos=field.indexOf("@");
// alert(apos);
  dotpos=field.lastIndexOf(".");
   //alert(dotpos);
  if (apos<1||dotpos-apos<2)
{ return false;}
  else {return true;}
 
}
function chk_validation()
{
if(document.getElementById("my_fav_quote_name") && document.getElementById("my_fav_quote_name").value == '')
{
alert("Please Enter Name");
document.getElementById("my_fav_quote_name").focus();
return false;
}

if(document.getElementById("my_fav_quote_email").value == '')
{
alert("Please Enter Email");
document.getElementById("my_fav_quote_email").focus();
return false;
}
else
{

//alert(validate_email(document.getElementById("my_fav_quote_email").value,"Not a valid e-mail address!");
if (validate_email(document.getElementById("my_fav_quote_email").value,"Please enter valid e-mail address!")==false) {
alert("Please enter valid e-mail address!");
document.getElementById("my_fav_quote_email").focus();
return false;
}
}
if(document.getElementById("security_code").value == '')
{
alert("Please Enter Security Code");
document.getElementById("security_code").focus();
return false;
}
if(document.getElementById("quotes").value == '')
{
alert("Please add atleast one request quote");
document.getElementById("quotes").focus();
return false;
}
//return true;
}



//]]>

</script>
<?php

}

i need a form reset the actual problem is the normal reset is only reseting the fields but i need the information displayed using functions should also be reseted