Hello i have a weird scope problem
require 'connect.php';
$name = $_GET['R'];
echo $name;
if(isset($_POST['prev_password']) && isset($_POST['new_password']) && isset($_POST['rep_password'])) {
echo $name;
if(!empty($_POST['prev_password']) && !empty($_POST['new_password']) && !empty($_POST['rep_password'])) {
$user_password = $_POST['prev_password'];
$user_new_password = $_POST['new_password'];
$user_rep_password = $_POST['rep_password'];
if($user_new_password == $user_rep_password) {
$mysql_query = sprintf("SELECT username, password FROM users WHERE username='$name'", $name);
$query_run = mysql_query($mysql_query, $mysql_link) or die('COULD NOT PERFORM QUERY');
while($row = mysql_fetch_array($query_run)) {
$qUser_name = $row['username'];
$qUser_pass = $row['password'];
}
if($qUser_name == $name) {
echo 'Match';
if($qUser_pass == $user_password) {
$mysql_query = sprintf("UPDATE users SET password='$user_new_password' WHERE username='$name'", $name);
$query_run = mysql_query($mysql_query, $mysql_link) or die('COULD NOT PERFORM QUERY');
echo header('Location: main.php?C=1');
}else {
header('Location: main.php?C=4');
}
}
}else {
header('Location: main.php?C=3');
}
}else {
header('Location: main.php?C=2');
}
}
anyway, the problem is with the first variable $name, when i 'echo' $name its ok, displays the content correctly, but inside the (if sss) ITS EMPTY, idk why, i've tried using global, the GLOBALS array, and its still empty, ... so .. the query its executed with an empty parameter.
please help, if someone can see what could be possible wrong.
PD: this is a Changepassword.php the $_GET['R'] is getting from the user Main.php site, AND I KNOW, im not Hashing password,, that is not really the problem here
Related
I am trying to make a website that echos out a number or a word based on some conditions. I connected it to my database, but it always echos out 2 (user not found), instead of yes100 (password and username correct).
The weird thing is, it works on my main domain, where it outputs yes100, but here it just can not do that for some reason.
I am sure my database details are correct, and I have uploaded the file where it should be.
This is my code (not secure at all, but it is for personal use only.)
$result = $link->query($sql);
if ($result->num_rows > 0) {
// Outputting the rows
while($row = $result->fetch_assoc())
{
$password = $row['password'];
$salt = $row['salt'];
$plain_pass = $_GET['password'];
$stored_pass = md5(md5($salt).md5($plain_pass));
function Redirect($url, $permanent = false)
{
if (headers_sent() === false)
{
header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
}
exit();
}
if($stored_pass != $row['password'])
{
echo "BLAHAHAHAHAHAHAHAHA";
exit();
}
else
{
echo "yes"; // Correct pass
}
if (strlen($row['hwid']) > 1)
{
if ($hwid != $row['hwid'])
{
echo "0"; // Wrong
}
else
{
echo "100"; // Correct
}
}
else
{
$sql = "UPDATE ". $tables ." SET hwid='$hwid' WHERE username='$user'";
if(mysqli_query($link, $sql))
{
echo "rdy"; // HWID Set
exit();
}
else
{
echo "4"; // Else errors
exit();
}
}
}
}
else
{
echo "2"; // User doesn't exist
exit();
}
?>
I forgot to give the user the permissions. It works now. Thanks everyone.
I am trying to run Insert query on my php page but its not executing and takes me to else part.
I have checked query on MySQL its fine. Also I have couple of select queries on the same page, and those works fine. So I am sure there is no issue with the connection or accessing DB. Heres my code:
<?php
session_start();
include './db_config.php';
if ((!isset($_SESSION['first_name']) == true)) {
unset($_SESSION['first_name']);
}
$logged = $_SESSION['first_name'];
if ((!isset($_SESSION['id']) == true)) {
unset($_SESSION['id']);
}
$id = $_SESSION['id'];
if ((!isset($_SESSION['email']) == true)) {
unset($_SESSION['email']);
}
$email= $_SESSION['email'];
$query1 = "select * from user_master where id='$id'";
$result1 = mysqli_query($con, $query1);
$num1 = mysqli_num_rows($result1);
if ($num1 > 0) {
while ($data = $result1->fetch_assoc()) {
$branch_name = $data['branch_name'];
}
}
if(isset($_POST['save'])){
$cust_id=$_POST['cust_id'];
$meter_no=$_POST['meter_no'];
$lock_no=$_POST['lock_no'];
$customer_name=$_POST['customer_name'];
$customer_type=$_POST['customer_type'];
$customer_zone=$_POST['customer_zone'];
$status=$_POST['status'];
$phoneno=$_POST['phoneno'];
$city=$_POST['city'];
$address=$_POST['address'];
$houseno=$_POST['houseno'];
$ownership=$_POST['ownership'];
$landmark=$_POST['landmark'];
$opening_reading=$_POST['opening_reading'];
$opening_reading_date=$_POST['opening_reading_date'];
$branch_name=$_POST['branch_name'];
$created_on=$_POST['created_on'];
$created_by=$_POST['created_by'];
$email=$_POST['email'];
$consumption=0;
$current_reading=$opening_reading;
$status1="True";
$total_bill=0;
$total_paid=0;
$total_dues=0;
$select="insert into meter(cust_id,meter_no,lock_no,customer_name,customer_type,customer_zone,status,phoneno,city,address,houseno,ownership,landmark,opening_reading,opening_reading_date,created_on,branch_name,created_by,email)
VALUES('$cust_id','$meter_no','$lock_no','$customer_name','$customer_type','$customer_zone','$status','$phoneno','$city','$address','$houseno','$ownership','$landmark','$opening_reading','$opening_reading_date','$created_on','$branch_name','$created_by','$email')";
if ($r = mysqli_query($con, $select)) {
else {
echo '<script language="javascript">';
echo 'alert("Information Not Inserted!!!");';
//echo 'window.location.href="bill_generation.php";';
echo '</script>';
}
}
I have Checked on Godaddy HERE that one need just Localhost as host name.
I know I have pasted a long piece of code, however dont know where the issue is.
You have a typo at the end of your code.
if ($r = mysqli_query($con, $select)) {
echo 'data inserted successfully !';
// do something ?
} // this one is missing
else {
echo '<script language="javascript">';
echo 'alert("Information Not Inserted!!!");';
//echo 'window.location.href="bill_generation.php";';
echo '</script>';
}
My header is not working.
<?php
$name = mysql_prep($_POST['name']);
$pastor = mysql_prep($_POST['pastor']);
$head = mysql_prep($_POST['head']);
$schedule = mysql_prep($_POST['schedule']);
$venue = mysql_prep($_POST['venue']);
$id = mysql_prep($_GET['ministryid']);
$errors = array();
$required_field = array('name', 'pastor', 'address', 'schedule', 'venue');
foreach ($required_field as $fieldname) {
if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
$errors[] = $fieldname;
echo "Sorry, you missed to complete {$fieldname} <br />";
}
else {
$query = "UPDATE ministry SET
name = '{$name}',
pastor = '{$pastor}',
head = '{$head}',
schedule = '{$schedule}',
venue = '{$venue}'
WHERE id = {$id}";
mysql_query($query);
if(mysql_affected_rows() == 1) {
header('location: editministry.php?');
exit;
} else {
echo "Updating Failed on {$s_ministry['name']} <b />".mysql_error();
exit;
}
}
}
require_once("include/footer.php");
Every time I have successful update, the link change its address.
For example, when I'm updating id = 3, the address will change to editministry.php?ministryid=3.
You dont send anything along your URL, thats why your header won't work. Check for yourself.
if(mysql_affected_rows() == 1) {
header('location: editministry.php?');
exit;
Your link will become effectivly baseUrl/editministry.php?.It searches than for a variable, which is not defined. I am not sure how you actually can pass on a variable that you didnt define in a link, yet it sends you there. Don't know. But if you just tell it to the hard link without the questionmark, it should go to that page. For me it works at least within my code. For you it would be:
if(mysql_affected_rows() == 1) {
header('location: editministry.php' );
exit;
In my code it looks like this:
header( "Location: http://" . strip_tags( $_SERVER ['HTTP_HOST'] ) . "/newHolo/index.php" );
I'm currently building a system for a football league. And are currently working on the script file for adding results. Most of the script works and the result is always successfully added to the database. However the authentication part seems to fail. The if statement on line 12 does not seem to fire and I can't understand why.
My code can be found in the pastebin link here: http://pastebin.com/ty4pdGgn
<?PHP
include 'functions.php';
dbConnect();
//$userEmail = mysql_real_escape_string($_POST["userEmailText"]);
$userCode = mysql_real_escape_string($_POST["userPasscodeText"]);
$authenticated = false;
$userEmail = "info#example.com";
if ($userEmail == "info#example.com") {
header('Location: ../results.php?error=authentication');
}
$allUsers = mysql_query("SELECT * FROM accounts WHERE email = '$userEmail'");
while ($thisUser = mysql_fetch_assoc($allUsers)){
if ($userCode != $thisUser['passCode']) {
header('Location: ../results.php?error=authentication2');
}
echo $thisUser['passCode'];
$authenticated = true;
$userID = $thisUser['userID'];
}
if (!$authenticated) {
header('Location: ../results.php?error=authentication3');
}
$dateSubmitted = $_POST['submissionDate'];
$homeTeam = $_POST['homeTeam'];
$awayTeam = $_POST['awayTeam'];
$homeGoals = $_POST['homeGoals'];
$awayGoals = $_POST['awayGoals'];
if ($homeTeam == $awayTeam) {
header("Location: ../results.php?error=team");
}
if (getTeamLeague($homeTeam) != getTeamLeague($awayTeam)) {
header("Location: ../results.php?error=league");
} else {
$leagueID = getTeamLeague($homeTeam);
}
if ($homeGoals > $awayGoals) {
$winnerID = $homeTeam;
} else if ($homeGoals < $awayGoals) {
$winnerID = $awayTeam;
} else if ($homeGoals == $awayGoals) {
$winnerID = -1;
}
$cQuery = mysql_query("INSERT INTO results VALUES ('', $userID, '$dateSubmitted', $leagueID, $homeTeam, $homeGoals, $awayTeam, $awayGoals, $winnerID, 0)");
if ($cQuery){
header('Location: ../results.php');
} else {
echo mysql_error();
}
?>
Any help with this matter will be much appreciated. The functions.php contains no errors as this is all to do with database entry and not the authentication.
Put a die(); after the header("Location:...");
As your comparison code (the "if" part on line 12) that you pasted has to work, i have two advice:
Put a die(); or exit(); after the header() part.
Try looking here, as I am not sure if header() will work, while the location path you set is relative. Basic advice is to always use base paths for redirects, like "http://your.site.com/script.php").
i have a problem in my code. I have an ajax validation that calls a php file (where the data is validated).
The php returns echos like "invalidData" and in the javascript i check if (data=="invalidData") {//something}
The problem are the includes. Incredible thing.
<?php
include("includes/f_banco.php");
conecta ();
function get_post_var($var) {
$val = $_POST[$var];
if (get_magic_quotes_gpc())
$val = stripslashes($val);
return $val;
}
$name = get_post_var('name');
function validateName($name){
if(strlen($name) < 4 || (empty($name))) {
echo "invalidData";
return false;
}
else {
$name = mysql_real_escape_string($name);
$check = mysql_query("SELECT username FROM users WHERE username ='".$name."'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0 && $name != "") {
echo "validData";
return true;
} else {
echo "invalidData";
return false;
}
}
}
error_reporting(E_ALL);
validateName($name);
?>
in the code above i only can check if the name is empty if i don't put the includes in the file. If i put the result is again and again different than invalidData.
The connection to the database is not made too or if is made the return is not the correct. Important: the include file is correct, i test in another example and the database is correct too.
thanks
Edit: **LAST VERSION**
<?php
error_reporting(-1);
require 'includes/f_banco1.php';
$name = $_POST["carlos"];
function validateName($name){
if(strlen($name) < 4 || (empty($name))) {
echo "nomeInvalido";
return false;
}
else {
$name = mysql_real_escape_string($name);
$check = mysql_query("SELECT username FROM users WHERE username ='".$name."'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0 && $name != "") {
echo "nomeValido";
return true;
} else {
echo "nomeInvalido";
return false;
}
}
}
validateName($name);
echo "this must appear";
?>
output:
Notice: Undefined index: carlos in C:\Users\fel\VertrigoServ\www\login\validation.php on line 8
nomeInvalidothis must appear
Probably PHP debug 101... just do a
<?php
error_reporting(-1);
...
?>
And inspect the error...
Try updating your query to be the following:
SELECT `username` FROM users WHERE `username` ='".$name."'
And, another question... If you already know what the username is, then why are you running a query to find the username? I assume you're just checking to see if the username exists.