SitePoint Sponsor

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 60
  1. #1
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    weird issue PASSWORD RESET!

    Hi, i m trying to write a code for resetting password. I want this code to show in on the log in page (and the user should be able to open it without being logged in),,, however the problem i am facing is, whenever i open my recover form thus, localhost/pass.php , my recover form has a field for email and security question, ) it just shows the login page, which is localhost/login.php... i'm stuck on this now for days, and nothing seems to improve...


    and just to make helping easier, i'm planning to implement a recover function thus:
    1. when the user clicks on forgot password on localhost/login.php without already being logged in, it should take them to a page,
    pass.php (displaying an email and security question)...

    2.and when the users enter both( confirm if they exist in the sql table), then redirect to another form reset.php which shows two fields for "Enter new password" and "Confirm password", and when user enters both, his password is updated in the database...

    Pass.php has a template pass_form.php
    and reset.php has a template reset_form.phpp


    PHP Code:
    //code for pass.php:  
     
     
    <?php
     
     
      
    // configuration
        
    require("../includes/config.php"); 
        
         if (
    $_SERVER["REQUEST_METHOD"] == "POST")
      {
         if (empty(
    $_POST["forgotpassword"]))
         
    apologize("Please enter email address.");
         
         if (empty(
    $_POST["security"]))
         
    apologize("Please enter your security key.");
         
        
    $email $_POST["forgotpassword"]; 
        if(!(
    filter_var($emailFILTER_VALIDATE_EMAIL)))
        
         
    apologize("Please enter a valid email such as [email]example@domain.com[/email]");
         
         
    //check if email and securitykey exist in users table
         
        
    $checkquery("SELECT id, security FROM users WHERE email = ?"$_POST["forgotpassword"]);
        if (
    $check === false)
        
    apologize("No such user in database");
      
       
        
    render("reset.php", ["title" => "Reset Password""check" => $check]);
        
      }
      
      else  
    render("login_form.php", ["title" => "Login"]);
      
      
      
    ?>
    3. another problem is when i log in, and then i open localhost/pass.php, it always keeps on rendering the above template called login_form.php( which is linked to the controller login.php...) instead of displaying the pass_form.php
    template...
    HTML Code:
    ///  pass_form.php  is as follows:
     
    <form action="pass.php" method="post">
        <fieldset>
            <div class="control-group">
                <input name="forgotpassword" placeholder="Email" type="text"/>
            </div>
            <div class="control-group">
                <input name="security" placeholder="Security Keyword" type="text"/>
            </div>
            <div class="control-group">
                <button type="submit" class="btn">Reset</button>
            </div>
        </fieldset>
    </form>




    RENDER() is a function as follows


    PHP Code:
    function render($template$values = [])
        {
            
    // if template exists, render it
            
    if (file_exists("../templates/$template"))
            {
                
    // extract variables into local scope
                
    extract($values);
     
                
    // render header
                
    require("../templates/header.php");
     
                
    // render template
                
    require("../templates/$template");
     
                
    // render footer
                
    require("../templates/footer.php");
            }
     
            
    // else err
            
    else
            {
                
    trigger_error("Invalid template: $template"E_USER_ERROR);
            } 
    Last edited by cpradio; Feb 27, 2013 at 12:25. Reason: Added [php] and [html] tags

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Look at your else in pass.php you are telling it to load the login_form....

  3. #3
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for the reply...yeah, i tried removing that, but when i do that, i get a complete blank screen... i have no idea what causes that...(this happens when i'm logged in and i open pass.php, however, the other problem of redirecting to login.php too remains, when i'm logged out...

  4. #4
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    I think you need to tell it to render your forgot pass form template.

    PHP Code:
     else  render("pass_form.php", ["title" => "Forgot Password"]); 

  5. #5
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    why didnt i think of that before.!!! i really appreciate your help...i'm sorry to be bothering you, another question, what do you think regarding the second issue,...not being able to access the pass.php from the login.php page?? it's still happening, when ever i click on the hyperlink "forgot password" which links to pass.php, instead of that page opening, i get the login.php page???

  6. #6
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    found the solution to that problem, in my config.php file declared at the top, i was initializing SESSION...hence the problem...

    however, the new issue now is my render function works for only templates, so it is rejecting render.php as an invalid template...

    is there a way i can pass the values in the array $check to my reset.php (which is a controller , not template) , so i could access them in reset.php thus.. (boldened)...
    and is my logic right??


    PHP Code:
    <?php
      
        
        
    // configuration
        
    require("../includes/config.php");

        
    // if form was submitted
       
    if(isset($_POST["submit"]))
        {
        
             if (empty(
    $_POST["password"]))
            
    apologize("Please enter password.");
            
            
            if (
    $_POST["password"] != $_POST["confirmation"])
            
    apologize("Passwords do not match!");
            
            
             
    $result query("UPDATE users SET hash = ? WHERE id = ?"crypt($_POST["password"], [B]$check[0]["id"]));[/B]
            
            if(
    $result===false)
            
    apologize("Could not register. Please retry.");
            
            else
              {
              
              
    $rows query("SELECT id FROM users WHERE hash = ?"crypt($_POST["password"]));
              
    $id $rows[0]["id"];
              
              
    // remember that user's now logged in by storing user's ID in session
              
    $_SESSION["id"]= $rows[0]["id"];

             
            }
            
             
    // redirect to portfolio
              
    redirect("register.php");
           }
               
        
        else
        {
            
    // else render form
            
    render("register_form.php", ["title" => "Register"]);
        }
        
    ?>
    Last edited by cpradio; Feb 28, 2013 at 04:18. Reason: Added [php] tags

  7. #7
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    I'm not sure I understand your question.

    You have the following pages (that we know of) login.php, register.php, and reset.php. All of those pages should be built the same, meaning they should have a controller and template associated to them. Login template would have a link to reset.php and register.php, I would imagine you can setup reset.php exactly how you have register.php...

  8. #8
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well,login.php, register.php, and reset.php are the controllers themselves ... i'm planning to implement a recover function thus:
    1. when the user clicks on forgot password on localhost/login.php without already being logged in, it should take them to a page,
    pass.php ;inked to a template called pass_form.php displaying an email and security question)...

    2.and when the users enter both( confirm if they exist in the sql table), then redirect to another form reset.php which shows two fields for "Enter new password" and "Confirm password", and when user enters both, his password is updated in the database...

    Pass.php has a template pass_form.php
    and reset.php has a template reset_form.php

    did i make myself clearer??
    and it is this line in reset.php (code in my 3rd post)
    $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $check[0]["id"]));


    which i want to get value for id in the array $check from the pass.php function (code in my first post) via this line in pass.php

    render("reset.php", ["title" => "Reset Password", "check" => $check]); .... but this fails because reset.php is not a template, and the function works for only templates,...


    what can i do??

  9. #9
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    So you are struggling with getting the data from pass.php to reset.php?

    In other words, pass.php has its form submitted asking for e-mail and security question, the user submits that data and pass.php uses it to look up the user's associated member ID. Then the user is redirected to reset.php where they are asked to enter their new password and confirm it. They submit the form and the reset.php should update the user's password using member ID discovered on pass.php and the password they entered on reset.php.

    Is that correct?

  10. #10
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    exactly!! that's precisely what i'm trying to do... i'm new to php and this is kind of my first website, someone else suggested that i change everything, and make something new like a form that emails users a token, which is valid for sometime, which they ll use to reset their password...

    i literally spent days on this one and don't want to give up on this current one without knowing where i'm going wrong... thanks and looking forward to your reply...

  11. #11
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Okay, my first suggestion is in the form processing of pass.php, store the member ID in session, something like
    PHP Code:
    $_SESSION['ResetMemberId'] = $memberId
    Then in your reset.php form processing, read the value from session to use in your query, and then unset it.
    PHP Code:
    $memberId $_SESSION['ResetMemberId'];
    unset(
    $_SESSION['ResetMemberId']); 

  12. #12
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for your help cpradio.. i understood that perfectly, but there are several issues now,
    1. if i enter an email, and a security question that does not correspond to the one i entered during registration, it still goes ahead and displays the reset.php file, instead
    of displaying "No such user in database".

    2. $_SESSION['ResetMemberId'] ... the ResetMemberId, can i use any other variable instead of ResetMemberId, or should it be the heading of id in my sql... for instance in my sql, the headings are id, email, security, hash (contains the hashed password").

    3. similar to 1, when i enter a new password in the "Enter new password" field on reset.php, and i try to enter another random password that doesnt match in the "Confirm Password" field, nothing happens, i mean no error is displayed, and instead of redirecting to my index.php file (the file that opens after users log in) , it keeps on displaying the same reset.php page...

    this is what i've currently got for pass.php and reset.php ...i ve cut the code down to the relevant parts...
    Code:
    //check if email and securitykey exist in users table
         
        $check= query("SELECT id FROM users WHERE email = ? AND security=?", $email, $_POST["security"]);
        if ($check === false)
        {
        apologize("No such user in database");
        }
        
         else
         {
        $_SESSION["id"] = $check[0]["id"];  
        redirect("reset.php");                      /////////////////////////////////////////////  SHOULD I REDIRECT TO RESET.PHP, OR SHOULD I RENDER the template, reset_form.php           
                                                                                                              instead??
        }
      }
      
      else  render("pass_form.php", ["title" => "Forgot Password"]);
      
      
    ?>

    and my reset.php file is thus..

    Code:
         
            $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $_SESSION["id"]));
            unset($_SESSION["id"]);  
            
            
            if($result===false)
            {
            apologize("Could not register. Please retry.");
            }
            else
              {
              
              $rows = query("SELECT id FROM users WHERE hash = ?", crypt($_POST["password"]));
              $id = $rows[0]["id"];
              
              // remember that user's now logged in by storing user's ID in session
              $_SESSION["id"]= $rows[0]["id"];
              // redirect to portfolio
              redirect("index.php");
             
            }
            
           }
                  
        else
        {
            // else render form
            render("reset_form.php", ["title" => "Register"]);
        }
        
    ?>

  13. #13
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for your help cpradio.. i understood that perfectly, but there are several issues now,
    1. if i enter an email, and a security question that does not correspond to the one i entered during registration, it still goes ahead and displays the reset.php file, instead
    of displaying "No such user in database".

    2. $_SESSION['ResetMemberId'] ... the ResetMemberId, can i use any other variable instead of ResetMemberId, or should it be the heading of id in my sql... for instance in my sql, the headings are id, email, security, hash (contains the hashed password").

    3. similar to 1, when i enter a new password in the "Enter new password" field on reset.php, and i try to enter another random password that doesnt match in the "Confirm Password" field, nothing happens, i mean no error is displayed, and instead of redirecting to my index.php file (the file that opens after users log in) , it keeps on displaying the same reset.php page...

    this is what i've currently got for pass.php and reset.php ...i ve cut the code down to the relevant parts...
    Code:
    //check if email and securitykey exist in users table
         
        $check= query("SELECT id FROM users WHERE email = ? AND security=?", $email, $_POST["security"]);
        if ($check === false)
        {
        apologize("No such user in database");
        }
        
         else
         {
        $_SESSION["resetmemberid"] = $check[0]["id"];  
        redirect("reset.php");                      /////////////////////////////////////////////  SHOULD I REDIRECT TO RESET.PHP, OR SHOULD I RENDER the template, reset_form.php           
                                                                                                              instead??
        }
      }
      
      else  render("pass_form.php", ["title" => "Forgot Password"]);
      
      
    ?>

    and my reset.php file is thus..

    Code:
         
            $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $_SESSION["id"]));
            unset($_SESSION["id"]);  
            
            
            if($result===false)
            {
            apologize("Could not register. Please retry.");
            }
            else
              {
              
              $rows = query("SELECT id FROM users WHERE hash = ?", crypt($_POST["password"]));
              $id = $rows[0]["id"];
              
              // remember that user's now logged in by storing user's ID in session
              $_SESSION["id"]= $rows[0]["id"];
              // redirect to portfolio
              redirect("index.php");
             
            }
            
           }
                  
        else
        {
            // else render form
            render("reset_form.php", ["title" => "Register"]);
        }
        
    ?>

  14. #14
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Okay,
    1. put
      PHP Code:
      var_dump($check); 
      after your call to query() so you can see what value is returned when the email and security question do not match.
      Also, yes, I recommend using redirect to reset.php instead of just rendering the template. It is nice to have a physical page.
    2. I used ResetMemberId so it wouldn't get confused with any SESSIONS you may be using for a Logged in user. I made it specific to Reset so there was little to no chance of it getting confused/conflicted with other pages. Think of it this way, if you use $_SESSION['id'] for a logged in user, and you just set it in pass.php to use $_SESSION['id'] as well, there is a good chance (depending on your validation) that I can go to a page that requires authentication without ever logging in.
    3. I don't see where you are validating the password and confirm password match in your reset.php code. Can you provide more of the code for that page?


    Hope this helps.

  15. #15
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1. i did that, and in fact this is what i did,
    $check= query("SELECT id FROM users WHERE email = ? AND security=?", $email, $_POST["security"]);
    var_dump($check);
    if ($check === false),
    but it still goes ahead and displays the reset.php page...


    this is my code for reset.php. sorry to bothering you...

    Code:
    <?php
      
            // display errors, warnings, and notices
        ini_set("display_errors", true);
        error_reporting(E_ALL);
      // configuration
        require("../includes/constants.php"); 
        require("../includes/functions.php");
    
        // if form was submitted
       if(isset($_POST["submit"]))
        {
        
             if (empty($_POST["password"]))
            apologize("Please enter password.");
            
            
            if ($_POST["password"] != $_POST["confirmation"])
            apologize("Passwords do not match!");
            
            
            $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $_SESSION["resetmemberid"]));
            unset($_SESSION["resetmemberid"]);  
            
            
            if($result===false)
            {
            apologize("Could not register. Please retry.");
            }
            else
              {
              
              $rows = query("SELECT id FROM users WHERE hash = ?", crypt($_POST["password"]));
              $id = $rows[0]["id"];
              
              // remember that user's now logged in by storing user's ID in session
              $_SESSION["id"]= $rows[0]["id"];
              // redirect to portfolio
              redirect("index.php");
             
            }
            
           }
               
        
        else
        {
            // else render form
            render("reset_form.php", ["title" => "Register"]);
        }
        
    ?>

  16. #16
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    What did the var_dump produce? What was the output? Was $check actually set to false or something else?

    As for the validation on reset.php, what does apologize do? Does it end execution? Otherwise, you need to make everything not apart of that if, in an else statement.

    PHP Code:
    <?php
      
            
    // display errors, warnings, and notices
        
    ini_set("display_errors"true);
        
    error_reporting(E_ALL);
      
    // configuration
        
    require("../includes/constants.php"); 
        require(
    "../includes/functions.php");

        
    // if form was submitted
       
    if(isset($_POST["submit"]))
        {
        
             if (empty(
    $_POST["password"]))
               
    apologize("Please enter password.");
            else {
            
                    if (
    $_POST["password"] != $_POST["confirmation"])
                            
    apologize("Passwords do not match!");
                    else {
            
                            
    $result query("UPDATE users SET hash = ? WHERE id = ?"crypt($_POST["password"], $_SESSION["resetmemberid"]));
                            unset(
    $_SESSION["resetmemberid"]);  
            
            
                            if(
    $result===false)
                            {
                                    
    apologize("Could not register. Please retry.");
                            }
                            else
                            {
              
                                    
    $rows query("SELECT id FROM users WHERE hash = ?"crypt($_POST["password"]));
                                    
    $id $rows[0]["id"];
              
                                    
    // remember that user's now logged in by storing user's ID in session
                                    
    $_SESSION["id"]= $rows[0]["id"];
                                    
    // redirect to portfolio
                                    
    redirect("index.php");
             
                            }
                    }
               }        
           }
               
        
        else
        {
            
    // else render form
            
    render("reset_form.php", ["title" => "Register"]);
        }
        
    ?>

  17. #17
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    var_dump produced nothing,when i went to localhost/pass.php and entered the email and security key, it just went ahead and displayed reset.php, and no output for
    var_dump...

  18. #18
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this is the function apolgize declaraed in functions.php

    function apologize($message)
    {
    render("apology.php", ["message" => $message]);
    exit;
    }
    and the apology .php file is as follows...

    Code:
    <p class="lead text-error">
        Sorry!
    </p>
    <p class="text-error">
        <?= htmlspecialchars($message) ?>
    </p>
    
    <a href="javascript:history.go(-1);">Back</a>

  19. #19
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jay93 View Post
    var_dump produced nothing,when i went to localhost/pass.php and entered the email and security key, it just went ahead and displayed reset.php, and no output for
    var_dump...
    Try this:
    PHP Code:
    //check if email and securitykey exist in users table
         
        
    $checkquery("SELECT id FROM users WHERE email = ? AND security=?"$email$_POST["security"]);
    var_dump($check); die(); // comment this out afterwards, so you page processes
        
    if ($check === false)
        {
        
    apologize("No such user in database");
        }
        
         else
         {
        
    $_SESSION["resetmemberid"] = $check[0]["id"];  
        
    redirect("reset.php");                      /////////////////////////////////////////////  SHOULD I REDIRECT TO RESET.PHP, OR SHOULD I RENDER the template, reset_form.php           
                                                                                                              
    instead??
        }
      }
      
      else  
    render("pass_form.php", ["title" => "Forgot Password"]);
      
      
    ?> 

  20. #20
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    I'm not sure why this isn't working:
    PHP Code:
            if ($_POST["password"] != $_POST["confirmation"])
            
    apologize("Passwords do not match!"); 
    That looks right to me, so long as the form names are correct, the apologize message should be invoked.

  21. #21
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this is what it shows:::::::::::::;

    array (size=0)
    empty

  22. #22
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jay93 View Post
    this is what it shows:::::::::::::;

    array (size=0)
    empty
    empty does not equal false.

    Change your check to:
    PHP Code:
    if (sizeof($check) === 0

  23. #23
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow, you're a genius! at least and at last my pass.php page seems to be working fine!!!!!!!!!!1 it printed an error whne i entered a wrong security question, and when i entered a right security question, it proceeded to the reset.php page..... my heart is beating faster now!! the last hurdle, is the reset.php page, when i enter different passwords in the confiramtion field , nothing happens, and even when both paasswords are same, it still doesnt proceed but stays on the same page...

  24. #24
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,162
    Mentioned
    152 Post(s)
    Tagged
    0 Thread(s)
    Okay, I can explain the latter of your problem, I still can't explain the first part (yet).

    So let's start with the latter, when the passwords are the same. Here is your existing code:
    PHP Code:
    <?php
      
            
    // display errors, warnings, and notices
        
    ini_set("display_errors"true);
        
    error_reporting(E_ALL);
      
    // configuration
        
    require("../includes/constants.php"); 
        require(
    "../includes/functions.php");

        
    // if form was submitted
       
    if(isset($_POST["submit"]))
        {
        
             if (empty(
    $_POST["password"]))
            
    apologize("Please enter password.");
            
            
            if (
    $_POST["password"] != $_POST["confirmation"])
            
    apologize("Passwords do not match!");
            
            
            
    $result query("UPDATE users SET hash = ? WHERE id = ?"crypt($_POST["password"], $_SESSION["resetmemberid"]));
            unset(
    $_SESSION["resetmemberid"]);  
            
            
            if(
    $result===false)
            {
            
    apologize("Could not register. Please retry.");
            }
            else
              {
              
              
    $rows query("SELECT id FROM users WHERE hash = ?"crypt($_POST["password"]));
              
    $id $rows[0]["id"];
              
              
    // remember that user's now logged in by storing user's ID in session
              
    $_SESSION["id"]= $rows[0]["id"];
              
    // redirect to portfolio
              
    redirect("index.php");
             
            }
            
           }
               
        
        else
        {
            
    // else render form
            
    render("reset_form.php", ["title" => "Register"]);
        }
        
    ?>
    I want to draw focus on
    PHP Code:
            $result query("UPDATE users SET hash = ? WHERE id = ?"crypt($_POST["password"], $_SESSION["resetmemberid"])); 
    Look at your number of arguments, you are missing one. I believe you meant to use
    PHP Code:
            $result query("UPDATE users SET hash = ? WHERE id = ?"crypt($_POST["password"], $_SESSION["resetmemberid"]), $_SESSION["resetmemberid"]); 
    However, if you are not using a salt with crypt, then you'll want to use:
    PHP Code:
            $result query("UPDATE users SET hash = ? WHERE id = ?"crypt($_POST["password"]), $_SESSION["resetmemberid"]); 

  25. #25
    SitePoint Zealot
    Join Date
    Feb 2013
    Posts
    107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ooops, i never saw that, i indeed meant to use this....

    $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"]), $_SESSION["resetmemberid"]);


    sad to say, it still remains same... when i enter two same passwords, nothing happens...


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •