What the - that user does exist.9c5c7e79a2d17ca57911871290a4e8a6 > That user does not exist.
Results 11 to 20 of 20
Thread: Not adding to the DB [PHP]
-
-
Could you add a die() under the echo I added sorry!
If it outputs "9c5c7e79a2d17ca57911871290a4e8a6 >" then obviously the issue is $c_pass doesn't have a value.
Thanks,
Simon
-
"1That user does not exist. "
And the 'die' code should be:
right?PHP Code:echo ( $password . ' > ' . $c_pass ) or die();
-
Hi,
Sorry, the code at the moment should be:
Please report back the resultsPHP Code:<?php
if($logged['in'] === 1){
header("Location: index.php");
}
if($_POST['login']){
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$password = enc($password);
$errors = 0;
$error_message = '';
if(empty($username) || empty($password)){
$errors++;
$error_message = 'Both fields must be filled in.';
}
if(!row_exists('users','username','$username')){
$errors++;
$error_message = 'That user does not exist.';
} else{
$query = mysql_query("SELECT `id`, `username`, `password` FROM `users` WHERE `username` = '".$username."' LIMIT 1");
$u = mysql_fetch_object($query);
}
if($u->password_reset == $password){
$c_pass = $u->password_reset;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
} else {
$c_pass = $u->password;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
}
if($password != $c_pass)
{
echo ( $password . ' > ' . $c_pass );
die();
}
if($errors == 0){
$_SESSION['id'] = $u->id;
$_SESSION['username'] = $u->username;
$_SESSION['password'] = $u->password;
header("Location: index.php");
} else{
echo $error_message;
}
}
?>
-Invent
-
Ooh, stupid me. ;l
9c5c7e79a2d17ca57911871290a4e8a6 >
-
Hi,
So the issue is $c_pass has no value, which means the error lies in this block of code:
Please check over your MySQL database structure to see if you can find the error.PHP Code:if($u->password_reset == $password){
$c_pass = $u->password_reset;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
} else {
$c_pass = $u->password;
$update = mysql_query("UPDATE `users` SET `password`='".$c_pass."', `password_reset`='' WHERE `id`='".$u->id."' LIMIT 1");
}
I've got to go now (to sleep - it's 4:33AM here!), if you can't fix it I'll help you tomorrow
Thanks,
Invent
-
Alrighty, thanks for the help. (I'll post tomorrow morning if I've fixed it or not - probably not as I'm going to sleep now too)
-
Yeah, I still need help. I tried a couple things before I went to sleep and none of them worked.
-
Your problem is here:
'' will treat the string as literal, i.e it will check for "$username" not "Bill" or "Hello", remove the quotes and it should work.PHP Code:!row_exists('users','username','$username')
You might also want to consider changing this:PHP Code:!row_exists('users','username',$username)
To this:PHP Code:`username` = '".$username."'
for case insensitive matching of usernames, also you'll want to change % to \% and _ to \_ in your mysql cleaning function to stop wildcards.PHP Code:`username` LIKE '".$username."'
Last edited by Jewish Bear; 25-07-2008 at 04:53 PM.
visit my internet web site on the internet
http://dong.engineer/
it is just videos by bill wurtz videos you have been warned
-
Instead of using a LIKE statement like Dan suggested you could just change
toPHP Code:`username` = '".$username."'
I'm not completely sure if Dan's method is more efficient, but this way you wouldn't have to deal with cleaning the $username variable against SQL vulnerabilities through the LIKE statement.PHP Code:LOWER( `username` ) = '". strtolower( $username )."'
Thanks,
Invent
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts