SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Need help locating my mistake in a change password script

    Everything is working down to the update query. I have the userid, I have the password, and then nothing happens.

    PHP Code:
    if ($p) { // If everything's OK.
             
    echo $u.'<br />'; echo $p.'<br />'; ?this echos the correct information

        
    // Make the query.
            
    $query "UPDATE users_tbl SET pass = SHA('$p'+'salt') WHERE user_id='$u'";
             echo 
    $query; echo '<br />';
             
    $result mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " mysql_error());

        if (
    mysql_affected_rows() == 1) { // If it ran OK.
                // Send an email, if desired.
                    
    echo '<h3>Your password has been changed.</h3><br /><p>Return to <a href="/">home</a></p>';
                    
    $query3 "UPDATE users_tbl SET chng_pass=('no') WHERE user_id='$u'";
                    
    $result3 mysql_query ($query3) or trigger_error("Contact site administrator");
                    } 
    // end of the if it ran ok conditional
                      
    // end of the if ($p) conditional 
    I get the echo of userid and password. I get the echo of the query. The password does not change.

    I suspect I have done something stupid, but I cannot see it.
    Each day is a learning experience.

  2. #2
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try

    PHP Code:
    $result mysql_query ($query) or die(mysql_error()); 
    and see what the error message is.

  3. #3
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    echo $query;

    Similarly, copy and paste the output of that directly into your database and see what messages you get.

  4. #4
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,216
    Mentioned
    58 Post(s)
    Tagged
    3 Thread(s)
    i'm going to guess that your problem is here --
    Code:
    SHA('$p'+'salt')
    in mysql, you are not allowed to add two strings
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  5. #5
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks. I suspect I now have to go through all me code and locate every location that I did a $p+salt and modify that code.

    I added a line of $ps=$p.'salt' and changed the MySQL to fit that and it worked.
    Each day is a learning experience.

  6. #6
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Crikey, I bet you wish you had centralised that particular piece of code then ...

  7. #7
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,216
    Mentioned
    58 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by CSU-Bill View Post
    I added a line of $ps=$p.'salt' and changed the MySQL to fit that and it worked.
    or you could just do this --
    Code:
    SHA(CONCAT('$p','salt'))
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  8. #8
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cups - Yes, but when I started this project, I didn't know very much at all. This has been a major learning project and now that I am about finished, I will go through and centralize the code. I did know enough to do that with the database log-in information and a log-in verification.

    r937 - cool. I will give that a test tonight when I get home to my computer.
    Each day is a learning experience.

  9. #9
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    @CSU-Bill the good lessons are the hard lessons.

  10. #10
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @Cups ouch!!!

    You are so correct. But, the information gained this way is likely to stick for at least a day or two.
    Each day is a learning experience.

  11. #11
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Well, hopefully they stay with you all your working life!

    I think a lot depends how quickly you find a dependable solution you should have adopted, and whether you take the time/trouble to refactor your code -- well with me it does, but I am aware of my own shortcomings -- many people just learn the lesson and move on, I have to really etch it on granite before it sticks.

  12. #12
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I now have commented out all of my testing echo statements, and verified that it all works. Now I start learning how I should have been writing the code.

    I used the SHA($p+'salt') three times in this project. Twice was changing the password and then once verifying the password during log-in.

    How would I centralize this code?
    Each day is a learning experience.

  13. #13
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Only 3 times? Don't over-worry about that then.

    The general rule I am aware of runs something like this:

    If you write something you already wrote somewhere else, wince, but ignore it and carry on.

    If you then write it again -- seriously consider going back and writing a function/class/include that does this work.

    From what you said I guess you are setting/resetting a password.

    Not thoroughly sure, but perhaps you should be looking along the lines of accomplishing this in your user-land code.

    PHP Code:
    <?php

    include 'setpassword.php';

    if( 
    setPassword($u$p) ){

    // emailConfirmation(); //?

    }

  14. #14
    SitePoint Evangelist
    Join Date
    Apr 2009
    Location
    South Carolina
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for pointing me in the correct direction. I should have me code cleaned up by the end of this weekend and move on to some of my wife's honey do list.
    Each day is a learning experience.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •