Jump to content
Larry Ullman's Book Forums

Recommended Posts

Larry,

 

In Script 8.3 password.php I cannot get the message: Thank You! Your password has been updated. In Chapter 11 you will actually be able to log in!". When I click the change password button it returns a blank page only showing the formatted CSS header. I have tested all of the possible errors by purposely typing in errors and they return the error messages.

 

Sincerely,

Gregory

Link to comment
Share on other sites

PHP 5.3 MySQL 5.5

 

 

<?php # Script 8.7 - password.php

//This page lets a user change their password

 

$page_title = 'Change Your Password';

include ('includes/header.html');

 

//Check if the form has been submitted

if(isset ($_POST['submitted'])) { //Determine if a variable is set and not NULL

//Returns TRUE if $_POST['submitted'] exists

 

require_once ('../mysqli_connect.php'); //Connect to the db

 

$errors = array(); //Intitialize an error array. An array is an ordered map

//that associates values to keys

 

//Check for an email address

if(empty ($_POST['email'])) {

$errors[] = 'You forgot to enter your email address.';

} else {

$e = mysqli_real_escape_string($dbc, trim($_POST['email']));

}

 

//Check for the current password

if(empty ($_POST['pass'])) {

$errors[] = 'You forgot to enter your current password.';

} else {

$p = mysqli_real_escape_string($dbc, trim($_POST['pass']));

}

 

//Check for a new password and match against the confirmed password

if(!empty ($_POST['pass1'])) {

if($_POST['pass1'] != $_POST['pass2']) {

$errors[] = 'Your new password did not match the confirmed password.';

} else {

$np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));

}

} else {

$errors[] = 'You forgot to enter your new password.';

}

 

if(empty($errors)) { //If everythings OK. Returns FALSE if $errors has a non-empty

//and non-zero value

 

//Check that they've entered the right email address/password combination

$q = "SELECT user_id FROM users WHERE (email='$e' AND pass=SHA1('$p'))";

$r = @mysqli_query($dbc, $q);

$num = @mysqli_num_rows($r);

if($num == 1) { //Match was made

 

//Get the user_id

$row = mysqli_fetch_array($r, MYSQLI_NUM);

 

//Make the update query

$q = "UPDATE users SET pass=SHA1('$np') WHERE user_id=$row[0]";

$r = @maysqli_query($dbc, $q);

 

if(mysqli_affected_rows ($dbc) == 1) { //If it ran OK

//Print a message

echo '<h1>Thank you!</h>

<p>Your password has been updated. In Chapter 11 you will

actually be able to log in!</p><p><br /></p>';

} else { //If it did not run OK

 

//Public message

echo '<h1>System Error</h1>

<p class="error">Your password could not be changed due

to a system error. we apologize for any inconvenience</p>';

 

//Debugging message

echo'<p>' .

mysqli_error($dbc) . '<br/><br />Querry: ' . $q . '</p>';

}

 

//Include the footer and quit the script (to not show the form)

include ('includes/footer.html');

exit();

 

} else { //Invaild email address/password combination

echo'<h1>Error!</h1>

<p class="error">The email address and password do not match those

on file.</p>'; //WORKS!

}

 

} else { //Report the errors

echo'<h1>Error!</h1>

<p class="error">The following error(s) occured:<br />';

foreach($errors as $msg){ //Print each error. Iterates over arrays.

echo" - $msg<br />\n";

}

echo'</p><p>Please try again.</p><p><br /></p>';

 

} //End of if(empty($errors)) IF

}

?>

<h1>Change Your Password</h1>

<form action="password.php" method="post">

<p>Email Address: <input type="text" name="email" size="20" maxlength="80"

value="<?php if(isset($_POST['email']))

echo $_POST['email']; ?>" /> </p>

<p>Current Password: <input type="password" name="pass" size="10" maxlength="20" /></p>

<p>New Password: <input type="password" name="pass1" size="10" maxlength="20" /></p>

<p>Confirm New Password: <input type="password" name="pass2" size="10" maxlength="20" /></p>

<p><input type="submit" name="submit" value="Change Password" /></p>

<input type="hidden" name="submitted" value="TRUE" />

</form>

<?php

include('includes/footer.html')

?>

Link to comment
Share on other sites

You've got a typo where you try to update the database:

 

//Make the update query
           $q = "UPDATE users SET pass=SHA1('$np') WHERE user_id=$row[0]";
           $r = @maysqli_query($dbc, $q); // this function is misspelled - should be mysqli_query 

That would trigger an error, and if you have error messages turned off you might get just a blank page.

  • Upvote 1
Link to comment
Share on other sites

Paul,

Your advice below worked perfectly both with the misspelling AND altering me to the error suppression. I deleted the "@" symbol and am now able to see error messages. My script now works! THANKS!!

 

 

You've got a typo where you try to update the database:

 

//Make the update query
           $q = "UPDATE users SET pass=SHA1('$np') WHERE user_id=$row[0]";
           $r = @maysqli_query($dbc, $q); // this function is misspelled - should be mysqli_query 

That would trigger an error, and if you have error messages turned off you might get just a blank page.

Link to comment
Share on other sites

You've also got an if-else-else statement for confirming the passwords, which is not allowed.

 

Are you sure about that - it just looks like an if-else statement nested inside the if block of another if-else statement:

 

if(!empty ($_POST['pass1'])) {
       if($_POST['pass1'] != $_POST['pass2']) {
           $errors[] = 'Your new password did not match the confirmed password.';
       } else {
           $np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
       }
} else {
       $errors[] = 'You forgot to enter your new password.';
}

Link to comment
Share on other sites

Stuart,

I believe you are correct. My script works perfectly following Larry's example. I am a beginner struggling through all of this...

 

THANKS TO EVERYONE WHO POSTED!

 

Are you sure about that - it just looks like an if-else statement nested inside the if block of another if-else statement:

 

if(!empty ($_POST['pass1'])) {
       if($_POST['pass1'] != $_POST['pass2']) {
           $errors[] = 'Your new password did not match the confirmed password.';
       } else {
           $np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
       }
} else {
       $errors[] = 'You forgot to enter your new password.';
}

Link to comment
Share on other sites

Paul,

Your advice below worked perfectly both with the misspelling AND altering me to the error suppression. I deleted the "@" symbol and am now able to see error messages. My script now works! THANKS!!

That's great! I hate blank pages. It can be really hard to debug when you can't see any errors.

  • Upvote 1
Link to comment
Share on other sites

Good day Sir!

I´ve been working trough the book, script by script, now i can´t keep going because of this error! Can you tell me if there´s something wrong with my script. Maybe I've made a mistake and I can´t see this.

 

I only get the error "The email address and password do not match those on file." IN RED

I wrote exactly the script as it is in the book, also with the correction of "$e = ...".

 

I only translate some texts inside "echo" to portuguese, and I also added <div id="content"></div>.

 

 

 

<?php # Script 8.7 - password.php

$page_title = 'Change your password';

include ('includes/header.html');

 

?>

<div id="content">

<?php

 

//this page lets a user change their password

 

//Check if the form has been submitted:

if (isset($_POST['submitted'])) {

 

require_once ('mysqli_connect.php'); // to connect the db.

$errors = array(); // initialize an error array.

 

//check for an email adress:

if (empty($_POST['email'])) {

$errors[] = 'Não esqueça de informar seu email.';

} else {

$e = mysqli_real_escape_string($dbc, trim($_POST['email']));

}

 

//check for the current password:

if (empty($_POST['pass'])) {

$errors[] = 'Não esqueça de informar sua senha.';

} else {

$p = mysqli_real_escape_string($dbc, trim($_POST['pass']));

}

 

//check for a new password and match

//against the confirmed password:

if (!empty($_POST['pass1'])) {

if ($_POST['pass1'] != $_POST['pass2']) {

$errors[] = 'Sua nova senha não confere.';

} else {

$np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));

}

} else {

$errors[] = 'Informe sua nova senha.';

}

 

if (empty($errors)) { // If everything's ok.

 

//Check that they've entered the right email adress/password combination:

$q = "SELECT user_id FROM users WHERE(email='$e' AND pass=SHA1('$p'))";

$r = @mysqli_query($dbc, $q);

$num = @mysqli_num_rows($r);

 

if ($num == 1) { // match was made.

// Get the user id:

$row = mysqli_fetch_array($r, MYSQLI_NUM);

 

// Make the UPDATE query:

$q = "UPDATE users SET pass=SHA1('$np') WHERE user_id=$row[0]";

$r = @mysqli_query($dbc, $q);

 

if (mysqli_affected_rows($dbc) == 1) {//if it ran ok

// Print a message.

echo '<h1>Obrigado!</h1>

<p>Sua senha foi atualizada. Vamos continuar esperando o capítulo 11.</p><p><br/></p>';

 

} else { // If it did not run OK.

// Public Message:

echo '<h1> Erro no Sistema!</h1>

<p class="error">Sua senha não pode ser atualizada devido a um erro no sistema.</p>';

 

// Debugging message:

echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>';

}

 

// Include the footer and quit the script (to not show the form).

include ('includes/footer.html');

exit();

 

} else { // Invalid email adress password combnation.

echo '<h1>Erro!</h1>

<p class="error"> Email ou senha não conferem!</p>';

}

} else { //Report the errors.

echo '<h1>Erro!</h1>

<p class="error"> Ocorreram os seguintes erros:<br/>';

 

foreach ($errors as $msg) { // Print each error.

 

echo " - $msg<br/>\n";

}

echo '</p><p> Por favor tente novamente!</p><p><br/></p>';

} // End of if empty errors

 

mysqli_close($dbc); // close the connection

 

} // End of the main submit conditional.

?>

<h1>Trocar Senha</h1>

<form action="password.php" method="post">

<p>Email: <input type="text" name="email" size="20" maxlength="60" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>"/></p>

<p>Senha atual: <input type="password" name="pass" size="10" maxlength="20" /></p>

<p>Senha nova: <input type="password" name="pass1" size="10" maxlength="20" /></p>

<p>Confirme Nova senha: <input type="password" name="pass2" size="10" maxlength="20" /></p>

<p><input type="submit" name="submit" value="Trocar Senha"/></p>

<input type="hidden" name="submitted" value="TRUE" />

</form>

 

 

</div>

<?php

 

include ('includes/footer.html');

?>

 

 

Thank you for your fast answer. I´m really glad because I chose the right book and the right author.

 

 

 

__________________________________

 

Elias Alves

 

PHP:5.3.1

MySQL: 5.1.41

APACHE:2.2.14

Link to comment
Share on other sites

That error message doesn't occur where you think it does, but rather later on in the script if the query doesn't return any records. You'll need to apply the basic debugging steps to figure out why. Also, before you post again, make sure you read the forum guidelines and include pertinent details, such as the versions in use.

Link to comment
Share on other sites

 Share

×
×
  • Create New...