PHP - Password Reset Logic

Hi guys

I have this code, where it gets clicked from an email and then compares the tmp password etc and updates the new password in md5 format. I have been trying to find the issue why it doesnt update the password but i couldn't

can u help me to find out why? Please note all the db field names are correct in the code below. thanks in advance



<?php
include ("include/global.php");
include ("include/function.php");

$code = $_GET['code'];

    if (!$code){
Header("Location: forgotpassword.php");
}
else
{
 if (isset($_POST['reset']) && $_POST['reset'])
 {
 
$myemail=$row['email'];  
$mycurrentpass=$row['currentpass'];
$mynewpass=$row['newpassword'];
$myrepass=$row['repassword'];  
//


$getcurrentinfo=mysql_query("SELECT email,password FROM users WHERE email='$myemail'");
while($row = mysql_fetch_array($getcurrentinfo))
{
$currentemail=$row['email'];
$currentpass=$row['password'];
}  
//

  $newpassword = md5($mynewpass);
  $repeatpassword = md5($myrepass);


if($myemail==$currentemail&& $currentpass==$mycurrentpass)
 

 {

if($newpassword==$repeatpassword)

{

$updatepass=mysql_query("UPDATE users SET password='$newpassword' WHERE email='$myemail'");

}  
 else {echo "Information provided are not correct, please try again with correct information";}
 }
else {echo "Information provided are not correct, please try again with correct information";} 
 }

 
 }


?>
    
          <html>
        <head>
        <script type="text/javascript" src="/js/jquery.js"></script>
        <script type="text/javascript" src="/js/jquery.validate.js"></script>
<script type="text/javascript" src="/js/jquery.pstrength-min.1.2.js"></script>

<script type="text/javascript">
            
 $(function() {
$('.password').pstrength();
});

  $(document).ready(function(){
    $("#form").validate({
  rules: {
    email: {
      required: true,
      email: true
    }
  }
});
  });

  </script>
  
  </head>
        <body>
  
         <fieldset> 
     <form action='' method='POST' id='form'>
    
        <p>Enter Your Email: </p>
        <p>
          
          <input type='text' name='email' class="required"></td>




        <p>Enter Your Temporary Password: </p>
        <p>
          
          <input type='text' name='currentpass' class="required"></td>
          
            <p>Enter Your New Password: </p>      <p>
          
          <input type='text' name='newpassword' class="password"></td>
          
          
                      <p>Repeat Your New Password: </p>      <p>
          
          <input type='text' name='repassword' class="required"></td>
          
          
          </table>
        </p>
       <p>
         <input type='submit' name='reset' value='Submit' id='form'>
       </form>
    </fieldset>
    
    </body>
    </html>

for some reason the password reset part of my site has stopped working and I am very sure that nothing has been altered in the related files since they was created.

a visitor clicks 'reset password' link on our site and is taken to the following file which initiates the reset password routine.  the visitor would get a link they need to click for the password to be altered and emailed to them.

this first file does update the database with a `changeofpasswordcode`and this is emailed as it should be.

Code: [Select]
<?PHP
  include('includes/connection.php');
  include('includes/functions.php');
  date_default_timezone_set('Europe/London');

  if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset Password') {

    $email    = mysql_real_escape_string($_POST['email']);

    $checkConfirmed = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verifyCode != '' LIMIT 1");
$checkEmail = mysql_query("SELECT account_id FROM customers WHERE email='$email' LIMIT 1");
$checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
    $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

    if(!$email) {
      $thisError = 'Please enter your e-mail address.';
    } else if(! mysql_num_rows($checkEmail)) {
      $thisError = 'That email address is not registered with us.';
    } else if(mysql_num_rows($checkConfirmed)) {
      $thisError = 'Your email address has not been verified, please check your email and following instructions within.';
    } else if(mysql_num_rows($checkVerify)) {
      $thisError = 'Your account has not been approved by an Admin.';
    } else if(mysql_num_rows($checkBanned)) {
      $thisError = 'Your account has been suspended by an Admin.';
    } else {
      //
    }
  }

  include('includes/header.php');
?>
<body>

  <div class="headerBar">
<? include('includes/navigation.php');?>
  </div>

  <? headerText(); ?>

  <div class="content">
    <div class="widthLimiter contentStyle">
      <div class="formWrapper" style="width: 500px;">
        <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
        <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
        <span class="subHeader">Initiate Password Reset</span>
<? // password reset
$useremail  = isset($_POST['email']) != '' ? trim($_POST['email']) : '' ;
if ($useremail != "") {
// get email and password and email them
$sql = "SELECT * FROM `customers` WHERE (`email` = '" . mysql_real_escape_string($useremail) . "') LIMIT 1";
$res = mysql_query($sql);
$email = @mysql_result($res, 0 ,'email');
$customerName = @mysql_result($res, 0 ,'fullname');
if(@mysql_num_rows($res) && @mysql_result($res, 0 ,'verified') == "Yes" && @mysql_result($res, 0 ,'suspended') == "No") {
if(@mysql_result($res, 0 ,'changeofpasswordcode') != "") {
$randomcode = @mysql_result($res, 0 ,'changeofpasswordcode');
} else { $randomcode = CreatePasswordResetCode();
}
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['randomcode'] = $randomcode;
createEmailSend('passwordReset', 'Request to reset your password', 'customer');
$format = 'Y-m-d H:i:s'; $date = date( $format );
// set value in DB that email WAS sent
$sql = "UPDATE `customers` SET `changeofpasswordcode` = '" . $randomcode . "', `newpasswordrequestedon` = '" . $date . "' WHERE `email` = '" . mysql_real_escape_string($email) . "' LIMIT 1";
$res = mysql_query($sql);
?><br /><br /><div>You will shortly receive an email which contains a reset password link,<br>please check your email and click this link to reset your password.<br /><br />A new password will then be emailed to you.</div><?
} else { // not valid username entered.
?><br /><br /><div>If you are having trouble accessing your account please let us know<br />via <a href="mailto:admin@tm2cars.co.uk">email</a> and we shall look into this
    for you A.S.A.P.</div><?
}
} else { ?><br /><br /><div style=""><form method="post" action="">Please enter your Email Address for your account in the<br>field below and click 'Reset' to initiate a password reset.<br /><br /><input name="email" type="text" size="25"><input type="submit" name="reset" value=" Reset Password"></form></div>
  <?
  } ?>
      </div>
    </div>
  </div>
<? include('includes/footer.php');?>
</body>
</html>

once they get their email they click the link which taken them to the next page which would perform the change of password and have it emailed to them.  the link has the correct `changeofpasswordcode` which is in the database but when the link is clicked the page says that the code is not valid as it is not in the DB.  and then it removes the `changeofpasswordcode`

it should only remove the `changeofpasswordcode` once the new password is setup and emailed, so that the link can not be used again.

what i do not understand is why the second file does this, can anyone see what i might be doing wrong ?  or what could be causing this  ?

Code: [Select]
<?PHP
  include('includes/connection.php');
  include('includes/functions.php');
  date_default_timezone_set('Europe/London');

  if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset') {

    $email    = mysql_real_escape_string($_POST['email']);

    $checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
    $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

    if(!$email) {
      $thisError = 'Please enter your e-mail address.';
    } else if(!$password) {
      $thisError = 'Please enter your password.';
    } else if(mysql_num_rows($checkVerify)) {
      $thisError = 'Your account has not been approved by an Admin.';
    } else if(mysql_num_rows($checkBanned)) {
      $thisError = 'Your account has been suspended by an Admin.';
    } else {
      $password = md5($password);

      $checkAccount = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND password='$password' LIMIT 1");
      if(mysql_num_rows($checkAccount)) {
        $_SESSION['FM_user'] = $email;
        header('Location: members.php'); exit;
      } else {
        $thisError = 'Your e-mail address and/or password is incorrect.';
      }
    }
  }

  include('includes/header.php');
?>
<body>

  <div class="headerBar">
<? include('includes/navigation.php');?>
  </div>

  <? headerText(); ?>

  <div class="content">
    <div class="widthLimiter contentStyle">
      <div class="formWrapper">
        <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
        <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
        <span class="subHeader">Initiate Password Reset</span>
<?
// include("sendmail2010.php");
$securitycode = stripstring($_GET[pwr]);
if ($securitycode != "") { $sql = "SELECT * FROM `customers` WHERE `changeofpasswordcode` = '".mysql_real_escape_string($securitycode)."' LIMIT 1";
$res = mysql_query($sql);
if (@mysql_num_rows($res) && $securitycode != "") {
$customerName = @mysql_result($res, 0 ,'fullname');
$email = @mysql_result($res, 0 ,'email');
$yourpasswordtologin = CreateNewPassword();
$format = 'Y-m-d H:i:s'; $date = date( $format );
$sql = "UPDATE `customers` SET `password` = '" . md5(mysql_real_escape_string($yourpasswordtologin)) . "', `changeofpasswordcode` = '', `newpasswordrequestedon` = '' WHERE `changeofpasswordcode` = '" . mysql_real_escape_string($securitycode) . "' LIMIT 1";
$res = mysql_query($sql);
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['generatePass'] = $yourpasswordtologin;
createEmailSend('newPassword', 'Your new password', 'customer');
?><div style="margin: 30px;">Thank you for completing your password reset process.<br><br>An email with a randomly generated password has been sent to your email address, please check your email account for this email as you will need this password to access your <?=$_SESSION['siteName'];?> account.<br><br><strong><em>Please check your 'spam folder' in case our emails are showing up there.</em></strong><br><br>You may now <a href="<?=$_SESSION['webAddress'];?>">sign in</a> to your account.</div><?
} else { ?><div style="margin: 20px;">Sorry the link you clicked is and old password reset link or is not valid, please delete the email.<br><br>If you were trying to reset your password, please click the<br>'Member Login' link on our site and then click the 'Reset Password' link.</div><?
}
} ?>
      </div>
    </div>
  </div>
<? include('includes/footer.php');?>
</body>
</html>

Hi

I have the code below when users firget their password, they fill forrgot password form and an email will be sent to them which directs them to a page where (code below) they can reset their password.

When i fill the form I get the msg it says password has been changed however it wont change it in database. I have checked the code, current entries in database etc but still it wont change the password. Can u please what im doing wrong?


<?php 

include 'global.php';
 $account_reference = $_GET['code'];
echo "$account_reference";
    
    
if (isset($_POST['resetpassword']) && $_POST['resetpassword'])
    {

$email = addslashes(strip_tags($_POST['email']));
$username = addslashes(strip_tags($_POST['username']));
$password = addslashes(strip_tags($_POST['password']));
$newpasswordnomd = addslashes(strip_tags($_POST['newpassword']));
$repasswordnomd = addslashes(strip_tags($_POST['repassword']));
$code = addslashes(strip_tags($_POST['code']));


$getdata=mysql_query("SELECT * FROM users WHERE username='$username' AND email='$email' AND code='$code'");
while($row = mysql_fetch_array($getdata))
{
$got_username=$row['username'];
$got_email=$row['email'];
$got_ref=$row['code'];
$got_pass=$row['password'];
}

$newpassword = md5($newpasswordnomd);
$repassword = md5($repasswordnomd);

if($password==$got_pass)

{
if ($email==$got_email)
{
if ($username==$got_username)
{
if($newpassword==$repassword)

{ $resetpass=mysql_query("UPDATE users SET password='$repassword' WHERE email=='$email' AND username=='$username'");

echo "Your Password has been reset";
}

else {echo "Your New Password and Repeat Password do not match";}
}
else {echo "Your Username does not match our records";}
}
else {echo "Your Email does not match our records";}
}


}


    ?>

    <form action='' method='POST' enctype='multipart/form-data'>

<input type="hidden" name='code' value="<?php echo "$account_reference";?>"><p />

Email: <br/>

<input type="email" name='email'><p />

Username: <br/>
<input type='text' name='username'><p />

Password: <br/>
<input type='text' name='password'><p />

New Password: <br/>
<input type='text' name='newpassword'><p />

Repeat New Password: <br/>
<input type='text' name='repassword'><p />

<input type='submit' name='resetpassword' value='Update'>

I have tried resetting the password on my old account and the email never arrives , nor do my notifications for posts.

Forgot Your Password Not working at the customer end, how to solve this error?  Reset Password Email not sending to the customer mail account.

Edited June 13, 2019 by aveeva

<?php

if (isset($_POST['reset-submit'])) {
    $selector = $_POST['selector'];
    $validator = $_POST['validator'];
    $password = $_POST['password'];
    $password2 = $_POST['password2'];

    // probably better to check this earlier
    if (empty($password) || empty($password2)) {
        header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator");
    } elseif ($password !== $password2) {
        header("Location: ../create-new-password.php?newpassword=passwordsnotmatch");
    }

    $currentDate = date("U");

    require "dbh.inc.php";
    
    $sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate";
    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo "SQL error 1";
        exit();
    } else {
        mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate);
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        
        if (!$row = mysqli_fetch_assoc($result)) {
            echo 'You need to re-submit your reset request.';
            exit();
        } else {
            $tokenBin = hex2bin($validator);
            $tokenCheck = password_verify($tokenBin, $row['token']);

            if (!$tokenCheck) {
                echo 'You need to re-submit your reset request.';
                exit();
            } else {
                $email = $row['email'];
                $sql = "SELECT * FROM users WHERE email = $email";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    echo "SQL error 2";
                    exit();
                } else {
                    mysqli_stmt_bind_param($stmt, 's', $email);
                    mysqli_stmt_execute($stmt);
                    $result = mysqli_stmt_get_result($stmt);
                    if (!$row = mysqli_fetch_assoc($result)) {
                        echo "SQL error 3";
                        exit();
                    } else {
                        $sql = "UPDATE users SET password=? WHERE email=?";
                        $stmt = mysqli_stmt_init($conn);
                        if (!mysqli_stmt_prepare($stmt, $sql)) {
                            echo "SQL error4 ";
                            exit();
                        } else {
                            $hashed_password = password_hash($password, PASSWORD_DEFAULT);
                            mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email);
                            mysqli_stmt_execute($stmt);
                            $sql = 'DELETE FROM reset_password WHERE email=?';
                            $stmt = mysqli_stmt_init($conn);
                            if (!mysqli_stmt_prepare($stmt, $sql)) {
                                echo 'SQL error5';
                                exit();
                            } else {
                                mysqli_stmt_bind_param($stmt, 's', $email);
                                mysqli_stmt_execute($stmt);
                                header("Location: ../signup.php?newpassword=updated");
                            }
                        }
                    }
                }
            }
        }
    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);

    header('Location: ../reset-password.php?reset=success');
} else {
    header('Location: ../index.php');
}

I always get this errors:

Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26

Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 30
You need to re-submit your reset request.

 

But i dont find the mistake in the Code. Can someone help me please

Code: [Select]
<?php 
include 'config.php';
//include 'dbc.php';
?>
<?php
function filter($data) {    // <--line 6 
$data = trim(htmlentities(strip_tags($data)));

if (get_magic_quotes_gpc())
$data = stripslashes($data);

$data = mysql_real_escape_string($data);

return $data;
}
?>
<?php
/******************* ACTIVATION BY FORM**************************/
if ($_POST['doReset']=='Reset')
{
$err = array();
$msg = array();

foreach($_POST as $key => $value) {
$data[$key] = filter($value);
}
if(!isEmail($data['email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}

$email = $data['email'];

//check if activ code and user is valid as precaution
$rs_check = mysql_query("select id from users where email='$email'") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num <= 0 ) { 
$err[] = "Error - Sorry no such account exists or registered.";
//header("Location: forgot.php?msg=$msg");
//exit();
}


if(empty($err)) {

$new_pass = GenPwd();
$pass_reset = MD5($new_pass);
//$sha1_new = sha1($new);
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pass='$pass_reset' WHERE 
 email='$email'") or die(mysql_error());
 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);  
 
//send email

$message = 
"Here are your new password details ...\n
User Email: $email \n
Passwd: $new_pass \n

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

mail($email, "Reset Password", $message,
    "From: \"Member Registration\" <auto-reply@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());  
 
$msg[] = "Your account password has been reset and a new password has been sent to your email address.";  
 
//$msg = urlencode();
//header("Location: forgot.php?msg=$msg");  
//exit();
 }
}
?>
<html>
<head>
<title>Forgot Password</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
  <script>
  $(document).ready(function(){
    $("#actForm").validate();
  });
  </script>
<link href="styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
  <tr>
    <td colspan="3">&nbsp;</td>
  </tr>
  <tr>
    <td width="160" valign="top"><p>&nbsp;</p>
      <p>&nbsp; </p>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p></td>
    <td width="732" valign="top">
<h3 class="titlehdr">Forgot Password</h3>

      <p>
        <?php
  /******************** ERROR MESSAGES*************************************************
  This code is to show error messages 
  **************************************************************************/
if(!empty($err))  {
   echo "<div class=\"msg\">";
  foreach ($err as $e) {
    echo "* $e <br>";
    }
  echo "</div>";
   }
   if(!empty($msg))  {
    echo "<div class=\"msg\">" . $msg[0] . "</div>";

   }
  /******************************* END ********************************/   
  ?>
      </p>
      <p>If you have forgot the account password, you can <strong>reset password</strong>
        and a new password will be sent to your email address.</p>

      <form action="forgot.php" method="post" name="actForm" id="actForm" >
        <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform">
          <tr>
            <td colspan="2">&nbsp;</td>
          </tr>
          <tr>
            <td width="36%">Your Email</td>
            <td width="64%"><input name="email" type="text" class="required email" id="txtboxn" size="25"></td>
          </tr>
          <tr>
            <td colspan="2"> <div align="center">
                <p>
                  <input name="doReset" type="submit" id="doLogin3" value="Reset">
                </p>
              </div></td>
          </tr>
        </table>
        <div align="center"></div>
        <p align="center">&nbsp; </p>
      </form>
 
      <p>&nbsp;</p>
   
      <p align="left">&nbsp; </p></td>
    <td width="196" valign="top">&nbsp;</td>
  </tr>
  <tr>
    <td colspan="3">&nbsp;</td>
  </tr>
</table>

</body>
</html>



Fatal error: Cannot redeclare filter() (previously declared in/forgot.php:6)

what is wrong ?

Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

Here is the code below.

<?php
         if(isset($_SESSION['username']))
         {
            $username = $_SESSION['username'];
            $lastname = $_SESSION['lastname'];
            $firstname = $_SESSION['firstname'];
            $email = $_SESSION['email'];
               
            echo "
            
               <h4>Options for:</h4> &nbsp; $username
               <br />
               <br />
               First name: &nbsp; $firstname
            
               <br />Last name: &nbsp; $lastname       
   
   <br /><br /><h3>Want to change your password:</h3><br />
   
      <form action='?do=option' method='post'>
   
      Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />
                  <br />
      New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />
                  <br />
      Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />
                  
      <center></div><input type='submit' value='Submit'/></center></form>";   
      
            
         }else{
            echo 'Please login to view your options!';
         }
      
      $password = $_REQUEST['password'];
      $pass_conf = $_REQUEST['newpass'];
      $email = $_REQUEST['passconf'];
      
      $connect = mysql_connect("Host", "User", "Password");
      if(!$connect){
      die(mysql_error());
      }
      
      //Selecting database
      $select_db = mysql_select_db("My Database", $connect);
      if(!$select_db){
      die(mysql_error());
      }
      
      //Find if entered data is correct
      
      $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
      $row = mysql_fetch_array($result);
      $id = $row['id'];

            
         mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")
      
      ?>          

And i do know that i dont have a

if(Empty($newpass)){
Die(Please fill out the new password)                                                 
}

Or any security on the others, but the problem just seems that it resets the password into nothing

Hope i can get this fixed

Best Regards

William Pfaffe

<?php
require_once('upper.php');
require_once('database.php');
echo $error_msg='';
if(isset($_POST['submit']))
{
$LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId']));
$Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1']));
$Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2']));
$Name=mysqli_real_escape_string($dbc,trim($_POST['Name']));
$Age=mysqli_real_escape_string($dbc,trim($_POST['Age']));
$BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup']));
if(!isset($_POST['Sex']))
{
echo 'Please enter Sex<br>';
}
else{
$Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex']));
}
$Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification']));
$ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber']));
$Email=mysqli_real_escape_string($dbc,trim($_POST['Email']));
$Address=mysqli_real_escape_string($dbc,trim($_POST['Address']));
$AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself']));
//$countCheck=count($_POST['checkbox']);
//echo $countCheck;
//$checkbox=$_POST['checkbox'];
//$countCheck=count($checkbox);
if(empty($LoginId)){echo 'Please enter Login Id';}
elseif(empty($Password1)){echo 'Please enter Password';}
elseif(empty($Password2)){echo 'Please confirm Password';}
elseif($Password1!==$Password2){echo 'Password didn\'t match';}
elseif(empty($Name)){echo 'Please enter Name';}
elseif(empty($Age)){echo 'Please enter Age';}
elseif(!isset($_POST['Sex'])){}
elseif(empty($Qualification)){echo 'Please enter Qualification';}
elseif(empty($ContactNumber)){echo 'Please enter Contact Number';}
elseif(empty($Email)){echo 'Please enter Email';}
elseif(empty($Address)){echo 'Please enter Address';}
elseif(empty($AboutYourself)){echo 'Please enter About Yourself';}
elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';}
elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';}
else
{
require_once('database.php');
$query="select * from registration where LoginId='$LoginId'";
$result=mysqli_query($dbc,$query);
if(mysqli_num_rows($result)==0)
{
$checkbox=$_POST['checkbox'];
$countCheck=count($_POST['checkbox']);
$reg_id=' ';
for($i=0;$i<$countCheck;$i++)
{
$reg_id=$reg_id.$checkbox[$i].',';
$query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())";
$result=mysqli_query($dbc,$query) or die("Not Connected");
}
$query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')";
$result=mysqli_query($dbc,$query) or die("Not Connect");

echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>';
$from= 'Elite Brigade';
$to='ankitp@rsquareonline.com';
$subject='New User Registration';
$message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro";
mail($to,$subject,$message,'From:'.$from);
//header('Location: index.php');
// header('Location: Registration.php');
}
else
{
echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id';
}}
}
?>

<html>
<head>
<script src="jquery-latest.js"></script>
  <script type="text/javascript" src="jquery-validate.js"></script>
<style type="text/css">
* { font-family: Verdana;  }

label.error {  color: white;  padding-left: .5em; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>
  
</head>

<body>

<?php
echo $error_msg; ?>

<form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'>
<div class="registration_and_activity">

<table border="0" width="380">
<tr><td colspan="2">
<h3>New User?</h3></td></tr>
<tr><td width="120">

<em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId'  minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Password</td> <td><head>
   <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div>
   <SCRIPT language=Javascript>

function capLock(e){
 kc = e.keyCode?e.keyCode:e.which;
 sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false);
 if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk))
  document.getElementById('divMayus').style.visibility = 'visible';
 else
  document.getElementById('divMayus').style.visibility = 'hidden';
}

</SCRIPT>
   </HEAD>
<input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr>

<tr><td>
<em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr>
<tr><td width="120">
<em>*</em>Enter Name</td> <td><input type='text'  name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr>
<tr><td>
<em>*</em>Enter Age</td><HEAD>
   <SCRIPT language=Javascript>
      
      function isNumberKey(evt)
      {
         var charCode = (evt.which) ? evt.which : event.keyCode
         if (charCode > 31 && (charCode < 48 || charCode > 57))
            return false;

         return true;
      }
  
  
     
   </SCRIPT>
   </HEAD>
<td><INPUT onkeypress='return isNumberKey(event)'  type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr>

<tr><td>
<em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Sex</td><td><input type='radio' name='Sex'  style='width:16px; border:0;' 'value='Male' />Male   <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr>

<tr><td>
<em>*</em>Enter Qualification</td><td><input type='text' name='Qualification'  value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr>

<tr><td>
<em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text'  name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr>

<tr><td>
<em>*</em>Enter Address</td><td><input type='text'   name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr>


<tr ><td >
<em>*</em>About Yourself </td></tr>
<tr><td colspan="2"><textarea rows='10' cols='40'  name='AboutYourself'  /><?php if(!empty($Address))echo $Address;?></textarea></td></tr>
<tr><td>

<?php echo"
<tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>";

require_once('database.php');
$query="select * from activity";
$result=mysqli_query($dbc,$query);
while($row=mysqli_fetch_array($result)){
$Title=$row['Title'];
$ActivityId=$row['ActivityId'];
echo "<tr><td>$Title</td>";
echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox"
echo "<br/>";
}
echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions'  style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>";
echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>";

echo " </td></tr></table>

</div>

</form>
</body>
</html>";
require_once('lower.php');

?>


Hi Friends ....
I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it.
Please help me........

I have a file sharing script, where each file has a certain number of points. I need to subtract a set number of points from the total. I'm unsure about the logic of it.

This is how I total the number of points:
Code: [Select]
<?php
$fq = "SELECT * FROM `files` WHERE owner='$username' AND active=1";
$fw = $sql->query($fq);
$reward = 0;
while($fr = $fw->fetch_assoc()){
$reward = $fr['points'] + $reward;
}?>
I'm thinking I should use a loop, while a the number to subtract is greater than or equal than 0.

Can anyone help?

Hi all, Its been a while since I looked at PHP and I have forgotten some basics
What I am trying to achieve is display category names, sub categories and results into a list

Code: [Select]
<ul id="nav">
<li><a href="#">Main Cat</a>
<ul>
<li><a href="#">Sub Cat 1</a>
<ul>
<li><a href="#">result</a></li>
<li><a href="#">result</a></li>

</ul>
</li>
                <li><a href="#">Sub Cat 2</a>
<ul>
              <li><a href="#">result</a></li>
              <li><a href="#">result</a></li>
        </ul>
</ul>
</li>

What would be the best way to organise my database? Have everything in one entry like:

main_id / sub_id / listing_id / listing_name

or separate them into a table for cats, one for sub cats and what parent it belongs to, then a table for the listings linking to the sub cat it belongs to?

I have confused myself no end on how then to display the results, so any help with would be gratefully received!

Thanks

Dave

I want to ask the user questions by using a form. I have a text field where the user inputs either 1 or 2 and then they press submit. I can get this to work but I need to keep asking them questions based off there last answer to the previus question.   I am making a game where you start with a number ex 5 and then you either choose to take away 1 or two from that number. so we take away 2 now the number is 3 and then the computer has his go using the same number. He chooses to take away 1 which makes the number 2. Now we take away 2 and win the game for being the first one to get the number down to 0. Its a very simple game that im trying to do just to brush up on my php skills.   my code so far....

<p> please enter a number to begin the subtraction game</p>
<form name="submit1" method="post">
	<input type="text" name="startingNumber">
	<input type="submit" name='submit1'>
</form>
<?php if (!empty($_POST['startingNumber'])) {?> 
		<p>your starting number is: <?php echo $_POST['startingNumber']?></p>
		<?php 
		while(!$_POST['startingNumber'] == 0){?>
		<p> Would you like to minus one or two from <?php echo $_POST['startingNumber'];
		?></p>
		<form name="submit2" method="post">
			<input type="text" name="oneOrTwo">
			<input type="submit" name='submit2'>
	    </form>
	    
<?php } }?>

As you can see i am no where near close to getting this right. Im thinking i have to use a while loop to keep asking the question minus 1 or 2 until they reach 0. Inside this while loop im thinking i need something like a waituntil user has clicked submit.   In fact i have written the same game in c++ so if it helps here is that. (it works just how i want it too)   the problem im having is that in c++ you can use cin to get a input from the user and it waits until the user types in a value but im struggling to find anything like  that in php. Any help would be greatly appreciated thank you.

#include <cstdlib>
#include <iostream>

using namespace std;

int main(int argc, char *argv[])
{   int number, oneOrTwo, remainder;
    cout << "please enter a number to begin the subtraction game";
    cin >> number;
    while (number != 0){
          cout <<"your turn, subtract 1 or 2 from " << number << endl;
          cin >> oneOrTwo;
          if (oneOrTwo == 1 || oneOrTwo == 2){
             number = number - oneOrTwo;
          }else{
            cout << "sorry you have entered a incorrect number. Please enter either 1 or 2" << endl;
            continue;      
          }
          if (number == 0){
             cout << "congratulations! you won the game"; 
             break;          
          }
          remainder = number % 3;
          if (remainder % 3 == 0){
             remainder = 2;              
          }
          cout << "now my turn im going to subtract " << remainder << " from " << number << endl;
          number = number - remainder;
          if (number == 0){
             cout << "sorry the computer won this time";      
          }
    }
    system("PAUSE");
    return EXIT_SUCCESS;
}

Edited by yacobm8, 16 May 2014 - 12:14 AM.

Logic problem:  Current directory listing at: http://www.nmlta.org...member_list.php shows the format I need.  The only way I have previously been able to accomplish that format is by running four separate queries in a loop, which I understand is not good.  Trying to simplify this, I need to explain my data. There are companies, and contact people at those companies, and some companies have branches, and most branches have contact people at them. There are four tables: company, co_contact, branch, br_contact. The company, co_contact and branch tables all have a field called “company_id” to match the ones that go together, and the branch table also has a “branch_id” field to match with the people in the br_contact table. I am successful with running separate JOIN queries for company/co_contact matching on “company_id”, and for branch/br_contact matching on “branch_id”, and have successful processes for listing the data properly. My problem is I can’t find the logic to run them all in one query or loop that will produce the desired output I’m getting with my current four-query mess. The process should go like this: List company1 info List all contacts at company1 List branch1 connected to company1 (if applicable) List all contacts at branch1 of company1 List branch2 connected to company1 (if applicable) List all contacts at branch2 of company1 Etc. until all branches are listed for company1 Start over with company2… Here is the code for my first attempt:

<?php

function listCompany($row) {
    echo $row['comp_name'],"<br />";
	if (!empty($row['comp_uw'])) {
	echo $row['comp_uw'],"<br />";}
	echo "</b>",$row['comp_street'],"<br />";
	if (!empty($row['comp_pobox'])) {
	echo $row['comp_pobox'],"<br />";}
	echo $row['comp_csz'],"<br />";
	echo $row['comp_ph'],"&nbsp&nbsp&nbsp;Fax: ",$row['comp_fx'],"<br />";
	if (!empty($row['comp_tfree'])) {
	echo "Toll Free: ",$row['comp_tfree'],"<br />";}
	if (!empty($row['comp_email'])) {
	echo "Email: <a href='mailto:",$row['comp_email'],"'>",$row['comp_email'],"</a><br />";}
	if (!empty($row['comp_web'])) {
	echo "<a href='http://",$row['comp_web'],"' target='_blank'>",$row['comp_web'],"</a><br />";}
	echo "</p>";
}

function listBranch($row2) {
	if (!empty($row2['br_name'])) {
	echo "<p>&nbsp&nbsp&nbsp&nbsp&nbsp;<b>",$row2['br_name'],"</b><br />";}
	echo "&nbsp&nbsp&nbsp&nbsp&nbsp;",$row2['br_street'],"<br />";
	echo "&nbsp&nbsp&nbsp&nbsp&nbsp;",$row2['br_csz'],"<br />";
	echo "&nbsp&nbsp&nbsp&nbsp&nbsp;",$row2['br_ph'],"&nbsp&nbsp&nbsp;",$row2['br_fx'],"<br /></p>";
}

function listContact($row) {
    if (!empty($row['cont_name'])) {
	echo "<p>&nbsp&nbsp&nbsp&nbsp&nbsp;<b>",$row['cont_name'],"</b>, ",$row['cont_title'],"<br />";}
	if (!empty($row['cont_email'])) {
	echo "&nbsp&nbsp&nbsp&nbsp&nbsp;Email: <a href='mailto:",$row['cont_email'],"'>",$row['cont_email'],"</a><br />";}
	echo "</p>";
}

function listBranchContact($row2) {
    if (!empty($row2['cont_name'])) {
	echo "<p>&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp;<b>",$row2['cont_name'],"</b>, ",$row2['cont_title'],"<br />";}
	if (!empty($row2['cont_email'])) {
	echo "&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp;Email: <a href='mailto:",$row2['cont_email'],"'>",$row2['cont_email'],"</a><br />";}
	echo "</p>";
}

// Connection to DB
$mysqli = new mysqli("localhost", "nmlta_admin", "trooper", "nmlta_agents");
if($mysqli->connect_errno > 0){
    die('Unable to connect to database [' . $db->connect_error . ']');
}

// Retrieve all the data from the "company" table for County and join matching people from the "co_contact" table
$query = "SELECT * FROM company LEFT JOIN co_contact ON company.company_id = co_contact.company_id WHERE comp_county = 'BERNALILLO' ORDER BY company.comp_name, co_contact.cont_rank"; 

$result = $mysqli->query($query) or die($mysqli->error.__LINE__);

// Initialize variable
$lastCompany = '';

// Start building the table to show results
echo "<table border='1' cellpadding='10' cellspacing='0' bgcolor='#f0f0f0' style='margin-left:100px; margin-bottom:20px'>";

// Begin the Company "while" loop for rows in the $result

while($row = $result->fetch_assoc()) { // Company - Loop 1

    // Check if this is a different company than the last one
    if ($lastCompany != $row['company_id']) { // New Company Check - Loop 2
    
    // If this is a different company - change the $lastCompany variable   
    $lastCompany = $row['company_id'];
    
    echo "<tr><td><p><b>";
    // List the company info only if it is not the $lastCompany
    listCompany($row);
	
    } // End New Company Check - Loop 2
    
	// List all Contacts in the Company
	
    listContact($row);
    
    if ($row[next($row['company_id'] != $lastCompany)]) {
		// Start Branch
		// Retrieve all the data from the "branch" table for County and join matching people from the "br_contact" table
$query2 = "SELECT * FROM branch LEFT JOIN br_contact ON branch.branch_id = br_contact.branch_id WHERE company_id = '".$row['company_id']."' ORDER BY branch.comp_name, branch.br_street, br_contact.cont_rank"; 

$result2 = $mysqli->query($query2) or die($mysqli->error.__LINE__);

// Initialize variable
$lastBranch = 'xxx'; //Initialize $lastBranch variable 

// Begin the Branch "while" loop for rows in the $result2
while($row2 = $result2->fetch_assoc()) { // Branch - Loop 1
	
   // Check if this is a different branch than the last one
    if ($lastBranch != $row2['branch_id']) { // New Branch Check - Loop 2
    
    // If this is a different branch - change the $lastBranch variable   
    $lastBranch = $row2['branch_id'];
    
    echo "<tr><td>";
    // List the branch info only if it is not the $lastBranch
    listBranch($row2);
	
    } // End New Branch Check - Loop 2
    
	// List all Contacts in the Branch
	
	listBranchContact($row2);
		
	} // End Branch - Loop 1

	}
		
	} // End Company - Loop 1
		
	echo "</td></tr>";

// Free result set
mysqli_free_result($result);

echo "</table>";

mysqli_close($mysqli);

?>

My first thought was to insert the "if ($row[next($row['company_id'] != $lastCompany)]) {" qualifier after listing the contact for the company being processed, that way when I know a new company is on the next row, I can pause and run my second query to find any applicable branches that match the current company_id.  The syntax must be wrong the way I have it, because I get an error with this, saying: "Fatal error: Only variables can be passed by reference in..." referencing that call in my code. I don't know if there is a syntax change that would make this work, or not.   I have thought about, and tried different ways to run a query using JOIN on all four of my tables, but the resulting rows do not correspond with the order in which I need to process them, if that makes sense.  I am not opposed to any suggestions that will make this work - I just can't seem to think it through and find the correct solution, if there is one. The difficulty seems to me to be that the process of listing company/contact info needs to know when it has reached the last row containing a contact tied to the company, so that the branch routine can be processed for the same company.  Any help or suggestions would be appreciated.  Thanks!

i have two multi-dimensional arrays that i'd like to manipulate to check a few things.

Their structures are different and i'm giving myself headaches trying to think through this.

I have a $sums array which has information on a product in a purchase order. The second array consists of items(products) that are going to update the purchase order. So the first array key of $sums correlates with the "order" of the $items array.

I'd like to write a function that:

1. Makes sure the first array key of $sums exists as an "order" value in the $items array.
2. Makes sure the $items price is greater than the $sums price

Code: [Select]
<?php
$sums['23']['collected']['price'] = 30;
$sums['73']['collected']['price'] = 60;
$sums['89']['collected']['price'] = 90;

$items['abc123']['order'] = '23';
$items['abc123']['price'] = 14;
$items['321cba']['order'] = '73';
$items['321cba']['price'] = 79;

function check_items($sums,$items)
{
$error = "";

//Makes sure the first array key of $sums exists as "order" value in the $items array.
//If not -> 
$error = "Item #".$key." is not found in the items array.";

//where $key is either the first array key of $sums or the "order" value in $items because they are the same thing

//if found in $sums
if($items[$hash]['price'] < $sums[$items[$hash]['collected']['price'] )
{
    $error = "Item #".$items[$hash]['order']."'s price must not be lower than ".$sums[$items[$hash]['order']]['collected']['price'];
}

return $error;
}

// $sums['23'] would cause an error because its price of 14 is less than 30
// $sums['73'] would pass because it exists in $items and its price of 79 is greater than the $sums price of 60.
// $sums['89'] would cause an error because there is no $item corresponding to it
?>
I just don't know where to put the foreach loops or where to even start really :/

I am trying to understand PHP While Loops.

For example.
$info=mysql_fetch_array($query);
will create an array of a mysql query.

how does while($info=mysql_fetch_array($query)
{
echo $info['1'];
}

ensure that each element of the array is echoed.  It seems that $info is a one time statement that grabs an array,
how does adding While make it capable of being extended into rows? To me this says While this is true, do this.
But if it is true once, how does PHP know when to stop?