Jump to content
Larry Ullman's Book Forums

Recommended Posts

I am having problems with password.php script. I believe that I have followed the book precisely, but maybe not since I am here. Nonetheless, I continue to receive an error msg after I submit the form for the new password. the msg is that - The email address and the password do not match those on file. I have double and triple, and quadruple checked to make sure that I am submitting the correct info that I registered with. My other two scripts associated with the password.php are operating properly (view_users.php & register.php); including populating the correct error msgs when forms are not correctly filled in.

 

The only thing that I believe might be an issue outside of the script, is that it calls for an interaction with the user_id (database I'm guessing), which was not coded for per the book (I double checked a number of times). I did update the view_users.php so that it counts the number of users but I still do not see where it calls for an id in the script.

 

And also, how do I get my script to show up as the colors of my text editor without manually changing. I use TextWrangler and have a Mac - Thanx again 

<?php # script 9.7 - password.php
// this script allows users to change password

 $page_title = 'Change Your Password';
 include ('include/header.html');
 
 	//check for submission:
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	
	
		require ('mysqli_connect.php'); // connect to database

		
		$errors = array(); // initalize an error array
		
		
		if (empty($_POST['email'])) {			
			$errors[] = 'you forgot to enter a email.';
		} else {
			$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
		}
		
		// Check for the current password
		if (empty($_POST['pass'])) {			
			$errors[] = 'you forgot to enter your current password.';
		} else {
			$p = mysqli_real_escape_string($dbc, trim($_POST['pass']));
		}
		
		// check for a new password and match against the confirmed password
		if (!empty($_POST['pass1'])) {
			if ($_POST['pass1'] != $_POST['pass2']) {
			$errors[] = 'your new password does not match your confirmed password.';
			} else {
			$np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
			}
		} else {			
			$errors[] = 'you forgot to enter your a new password.';
		}
		
		
	if (empty($errors)) { // if there are no errors
	
		// Check that they've enetered the right email address/password combination
				
			
			 //make the query
		$q = "SELECT users_id FROM users_info WHERE (email='$e' AND pass=SHA1('$p') )"; 
		$r = mysqli_query($dbc, $q); //@
		$num = mysqli_num_rows($r);  //@
		if ($num == 1) { // match was made
		
			// get user_id
			$row = mysqli_fetch_array($r, MYSQLI_NUM);
			
			// make the UPDATE query
			$q = "UPDATE users_info SET pass=SHA1('$np') WHERE user_id=$row[0]";
			$r = mysqli_query($dbc, $q);  //@
			
		if (mysqli_affected_rows($dbc) == 1) { // if it ran ok 
		
			// print a message
			echo '<h3>Thank You!</h3>
			<p>Your password has been changed/updated.</p>
			<p><br /></p>';
		
		} else { // if it did not run OK
		
		// public message
			echo '<h2>system error</h2>
			<p class="error"> your password could not be changed due to a system error. We
			 apologize for any inconvenience.</p>';
		
			//debugging msg
			echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
		}
		
		
		mysqli_close($dbc); // //close db connection
		include ('include/footer.html'); // include the footer and quit the script (to not show the form).
		exit();
	
	
		
		} else { // Invalid email address/password combination - return error

			echo '<h1>Error!</h1>
			<p class="error">The email address and the password do not match those on file<p/>';
			}		
		} else {
		
			echo '<h1>Error!</h1>
			<p class="error">The following error(s) occurred:<br />';
			foreach ($errors as $msg) { // print each error.
				echo " - $msg<br />\n";
			}
			echo '</p><p>Please try again.</p><p><br /><p>'; 
		
		} // end of if (empty($error)) IF.
		
		mysqli_close($dbc); // close database connection	
		
	} // end of main submit conditional.
?> 
	<h1>Change your password</h1>
	<form action="password.php" method="post">
		<p>Email: <input type="text" name="email" size="19" maxlength="16" 
		placeholder="email" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p>
		<p>Current Password: <input type="password" name="pass" size="15" maxlength="10" 
		placeholder="current" value="<?php if (isset($_POST['pass'])) echo $_POST['pass']; ?>" /></p>
		<p>New Password: <input type="password" name="pass1" size="15" maxlength="10" 
		placeholder="password" value="<?php if (isset($_POST['pass1'])) echo $_POST['pass1']; ?>" /></p>
		<p>Confirm Password: <input type="password" name="pass2" size="15" maxlength="15" 
		placeholder="re-password" value="<?php if (isset($_POST['pass2'])) echo $_POST['pass2']; ?>" /></p>	
		<p><input type="submit" value="update/change" /></p>	
	</form>
	<?php include ('include/footer.html');  ?>
Link to comment
Share on other sites

Okay. I would first start by confirming that the SELECT query works if only the email address is used in the WHERE. Then I'd check what the two password values are: the stored one and the submitted, hashed one.

Link to comment
Share on other sites

Okay. I would first start by confirming that the SELECT query works if only the email address is used in the WHERE. Then I'd check what the two password values are: the stored one and the submitted, hashed one.

 

I tried that which you have instructed and still came up short; now with that being said, I am a complete novice and the error could lie there. This is my second book on php, the first one was PHP for the Web (authored by you), and am still trying to come to grips with it all. I say this in hopes that my rudiment understanding does not anger you. I watched one of your presentation on youtube and you stated to ask questions in a smart fashion and to admit when you do not know, so I hope I am covering those grounds. Now onto what is germane to my inquiry, the process I took was to code out certain scripts, such as the passwords to see if I could get it to accept and recognize the submission of the email (probably doing that wrong as well).

 

Is there anyway that you could break it down farther? Is there anyway to tell if the problem lies within my coding itself, as if I am missing something. I looked through the forum to see if anyone else had this issue and I did not find such; so I was thinking maybe I am missing something in the book that everyone else is seeing. like I said, I have yet to break away from the book; it is my life support. All the errors that I have encountered has been because I have overlooked something.

 

thank Larry

Link to comment
Share on other sites

The problem is most likely in your database design. Can you elaborate on what steps you took to debug this and what the results were? 

 

My database is pretty simple, i have the database named (truce), which i have successfully connected to, and just one table within that database (users_info), which I have successfully added data. I find two discrepancies, one that I had "users_id" instead of "user_id"; I changed that. Also, I had "pass1" as a column name for password instead of "pass", which I also fixed; by changing the column in phpmyadmin to "pass" and did so accordingly with the 'register.php' script, so that they may match. I removed the error suppression and I am not recieving any new errors, only the original error message of 'The email address and the password do not match those on file. '.  I double checked the variable to make sure that the variables are matching and correct, such as $e for email to make sure I did not mistakenly put a different letter or spell 'email' wrong and so on with the rest of the variable. went over your code again and it appears that the coding matches, just without the correct results. everything else seems to work properly, such as new password and confirm password not matching or missing fields. 

Link to comment
Share on other sites

You still need to break down the problem you are working on and make sure each part works as expected. Ignore everything related to error messages and logic beyond actually querying the data before you have solved that problem. You need to make sure of a few things:

 

1. The SELECT query is working.

- Write and execute a new query outside any other logic. Magic sure you can output all emails and hashed passwords currently stored in the DB.

2. When that is working, add conditions. Try fetching the specific row that matches the email address.

3. When that is working, fetch the row matching both the email and the hashed password.

4. When that is working, make it dynamic by adding variables. When that is working, you can be pretty sure everything is good.

 

Every programming task can be broken down into smaller parts. It makes for easier development.

Link to comment
Share on other sites

I had to go and add 'user_id' to my database, because the column was missing (smh). I was under the impression that the field was not needed because it was not coded for in the change.php script, but instead it was based off of the database design of Chapter 5. Sorry for the confusion and thanks for the help. And also thanks for the helpful problem solving tips, I know that they will be vital in the future in helping comprehend and ultimately become an overall better coder/developer. - much appreciated.

Link to comment
Share on other sites

Glad you got it working. :)

 

Notice that Larry also assumed this kind of issue right from the start. This comes from experience. By learning how to isolate each part that can go wrong in a program, it's a lot easier to do debugging. You PM-ed me and asked for help with solving the problem, so I offered an elaboration. I want you to notice that my post only elaborated on how to do the steps Larry asked you if you had done earlier. Debugging is a very simple process, but it needs to be done.

 

I'm glad you're saying this is helping your process moving forward. That's pretty much what anyone can help you with in these cases. Any program that is to difficult to understand can be simplified until each part is simple to understand on it's own.

 

Good luck!

  • Upvote 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...