Messages

@sixthcrusifix

if the variable is undefined, it probably means that the query failed. i'm going to look closer to the code.

@ghost

to include a single quote inside a string delimited itself by single quotes, I need to escape them.
ex : $variable = 'UPDATE userbase SET password = \' (escaped single quote) ' (delimiter)

Yeah I copied and pasted and forgot to change the name. I JUST TESTED IT AND IT WORKS! YAY!  

I got the email with the new PW... the only thing to check is. . . if the password works! LOLL

$SQL1 ="UPDATE userbase SET password ='$NEW_PW' WHERE username = '$lostpw' '';

You dont need double quotes on the variables.. just the outside, which makes it easier.

My solution didn't use double quotes, but single quotes, this is why they had to be escaped. I agree that your solution is simpler, but mine is faster to process (single quotes are always faster).

Single quotes shouldn't need to be escaped?

Okay I did it and I'm not getting ENY error messages !! (I un escaped them and erased some typos) Now I just have to see if I actually get the emails... so far it seems good though.

herers the code:

Code Select Expand


<?php
if(isset($lostpw))
{
srand(microtime() * 1000000);
$NEW_PW = rand(100000,999999);

$conn=@mysql_connect("localhost","sixthcrusifix","*******")or die("Sorry, Could Not Connect");
$DTB=@mysql_select_db(DATA,$conn) or die("Could Not Select Database");
$SQL1 = 'UPDATE userbase SET password = \''.$NEW_PW.'\' WHERE username = \''.$lostpw.'\'';

$result1=mysql_query($SQL1,$conn) or die("SORRY, password could not be reset");

$SQL="SELECT email
FROM `userbase`
WHERE username = '$lostpw'";

$query=mysql_query($SQL,$conn)or die("SECOND QUERY FAILED");
$result=mysql_fetch_object($query);
$EMAIL=$result->email;


$SQL2="SELECT password
FROM `userbase`
WHERE username = '$lostpw'";

$query2=mysql_query($SQL2,$conn)or die("SECOND QUERY FAILED");
$result2=mysql_fetch_object($query2);
$LPW=$result2->password;



$msg="$lostpw, your new password is $LPW. You may change your password in the User Control Panel";
echo("$EMAIL  Lost Password $msg");
mail($EMAIL,"Lost Password",$msg);
$ALERT1="<scr#ipt> alert(\"Your Email Has Been Sent to $EMAIL\")</script>";
}


else{ $ALERT1="You Did NOt Define  A Username!"; }


#############################################################################################################
//The Below is the HEAD!

echo($ALERT1);

#############################################################################################################
//The below is the body
#############################################################################################################

include "defaultcss.php";
echo ("
$BG_black

$table_1
$center
$main_category
$category

$tr
$content
$TS4
$ALERT1
$br 
$LPW$LPW
$EMAIL
$TS_end1
$bottom
$br
$tr_end
$main_bottom

$div_end
$table_end
")
?>
<?
######################################################################################################

//Below is the MAIN MENU (The default menu for ALL pages)
######################################################################################################
include "default_menu.php";
?>



I messed up . . .


Notice: Undefined variable: query2 in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 18

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 18

Notice: Undefined variable: result2 in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 19

Notice: Trying to get property of non-object in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 19
Lost Password sixthcrusifix, your new password is 478152. You may change your password in the User Control Panel alert("Your Email Has Been Sent to ")

I think I found your problem.

You are doing a query and using the value mysql_query returned directly. mysql_query only returns a resource identifier that is designed to be fetched afterwards.

Try this :
$query2=mysql_query($SQL2,$conn)or die("SECOND QUERY FAILED");
$result2=mysql_fetch_object($query2);
$LPW=$result2->password;

To free memory you could also add :
mysql_free_result($query2);

okay lemmie try that ./ . .

Resource id #3Resource id #3 Lost Password sixthcrusifix, your new password is 326671. You may change your password in the User Control Panel
^That's an echo of the variables^


Warning: mail() expects parameter 1 to be string, resource given in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 30
alert("Your Email Has Been Sent to Resource id #3")

Instead of RESOURCE ID#3 it should say an email adress

Javascript popup box?

I made an alert and I forgot to take it down so I could copy the error. I figured out the prioblem.

Instead of getting the EMAIL from the EMAIL part of the table, it just gets "resource id#" everything else works. . .

It would help if you copied and pasted the error as it shows up on the page. (Same page as before I'm guessing too?)

yeah the source code is in the first post. I tried to copy it but I have to get rid of that javascript pop-up box.

Looks like it was just the way the line was written with those quotes.

mysql_error() will most likely be helpful in the future though.

Now I'm getting a PHP error (WARNING blah blah, function mail expects perameter 1 to ba a string


Instead of getting the password and username it's returning resource id#3 for the password and resource id#4

$SQL1 ="UPDATE userbase SET password ='$NEW_PW' WHERE username = '$lostpw' '';

You dont need double quotes on the variables.. just the outside, which makes it easier.

And if you want to actually see the error use this:

$result1=mysql_query($SQL1,$conn) or die(mysql_error());

Oh cool thanks.

I still don't knwo about the other stuff not working anymor ethough.

Try this instead :

$SQL1 = 'UPDATE userbase SET password = \''.$NEW_PW.'\' WHERE username = \''.$lostpw.'\'';

1. COOL! That worked.

BUT My otherstuff is wrong now. . . instead of the text from the fields it says "Resource ID#3" But it used to work. . what's resource ID???

$SQL1="UPDATE 'userbase' SET password = \"$NEW_PW\" WHERE username =\"$lostpw\"";


what's wrong with that? I keep getting the die message!

here's the whole script. I KNOW that just setting somone's password to a random number is a bit cheap but they can change it and I'm lazy:
(userbase is the table, DATA is the Database)\

EDIT: Turns out onone of it works anymore since I re-uploaded it!?!??!?! I get this stuff:  Resource id #4Resource id #4 Resource id #3

Code Select Expand


<?php
if(isset($lostpw))
{
srand(microtime() * 1000000);
$NEW_PW = rand(100000,999999);

$conn=@mysql_connect("localhost","sixthcrusifix","*******")or die("Sorry, Could Not Connect");
$DTB=@mysql_select_db(DATA,$conn) or die("Could Not Select Database");

$SQL1="UPDATE 'userbase' SET password = \"$NEW_PW\" WHERE username =\"$lostpw\"";

$result1=mysql_query($SQL1,$conn) or die("SORRY, password could not be reset");

$SQL="SELECT email
FROM `userbase`
WHERE username = \"$lostpw\"";
$result=mysql_query($SQL,$conn) or die("SORRY, We can't find your new password");
$EMAIL=$result;
$SQL2="SELECT password
FROM `userbase`
WHERE username = \"$lostpw\"";
$result2=mysql_query($SQL2,$conn)or die("SECOND QUERY FAILED");
$LPW=$result2;
$msg="$lostpw, your new password is $LPW. You may change your password in the User Control Panel";
mail($EMAIL,"Lost Password",$msg);
$ALERT1="<script> alert(\"Your Email Has Been Sent to $EMAIL\")</script>";
}
else{ $ALERT1="You Did NOt Define  A Username!"; }
#############################################################################################################
//The Below is the HEAD!

echo($ALERT1);

#############################################################################################################
//The below is the body
#############################################################################################################

include "defaultcss.php";
echo ("
$BG_black

$table_1
$center
$main_category
$category

$tr
$content
$TS4
$ALERT1
$br 
$LPW$LPW
$EMAIL
$TS_end1
$bottom
$br
$tr_end
$main_bottom

$div_end
$table_end
")
?>
<?
######################################################################################################

//Below is the MAIN MENU (The default menu for ALL pages)
######################################################################################################
include "default_menu.php";
?>




That is the whole point of MD5 by the way. Then, you are sure that nobody can decipher your password (almost sure).

If you want to check if a password that was provided (let's call him x) is valid by comparing it to the database, just encrypt x and compare it to the encrypted value in the database.

OK that works thanks.

[Edit by nq2h:]

The following s redarging PHP only.

Okay, I know how to use MD5 to encrypt something. . . and I know how to use crypt() to encrypt something. . . BUT HOW THE HECK DO YOU DECRYPT IT?? I have a login/logout registration script I made that stores users in my database, but I wanted to ecrypt the passwords for security.. but I don't know how to decrypt them! Can anyone helP?

So far I have this:

$password = md5($userinput);

if(preg_match("/^\w+$/",$username)){
   echo "Username is fine, ";
$conn = @mysql_connect("localhost","sixthcrusifix","-----") or die("Connection Failed, Contact Admin");
 
  $db = @mysql_select_db("DATA", $conn) or die("POOP");

  $sql = "insert into userbase (username,password,EMAIL,interests) values (\"$username\",\"$password\",\"$email\",\"$interests\")";

But when I'm checking to see if they got the password right on logging in . . . could I just MD5 their input and see if it matches?

Edit by nq2h: Your mysql password has been filtered.

If you are pointing to our nameservers, there are a few options to select.
(None of these require any changes on your part if you are pointed to the nameservers listed in the "Setup Domains" section of the Options panel)

1) Transfer your domain to the LVCS.NET domain registrar.  This will extend your expiration by one year and allow you to use the one free POP account and 100 forwarders that are included.

2) We can setup a free catch-all forwarder that points to another email address

3) We can point your domain to the Plesk system (for email services only)

4) You can purchase a mail account at LVCS.NET for your domain name.

Please use the Contact Form to tell us which option you have selected.  If you use the LVCS.NET options and your domain is pointed to our nameservers, no changes need to be made.

\

thank you for the info. I'll probably take the catchall option. Then I can pretend I have like 30 different accounts , loll.

But I'm going to go to LVCS.net to see about transfering my domain name, that sounds like a good ideo too.

Basically, you can host your website at freepgs and have your mail hosted elsewhere. Just set your A records to point to freepgs and your MX records to point to the mail exchanger of your choice.

There are a few alternatives I could tell you about :
- You could contact the admin to try to get an e-mail address for your account (not sure, he may accept but I never tried so I don't know);
- You could use a service like Live Domains (domains.live.com) by MSN to host your email by setting your MX records appropriately.
- You could try to use ZoneEdit (www.zoneedit.com). I use their service for one of my domains. Once I pointed my domain to their nameservers, I could choose to foward e-mail messages I receive to the address I select.

sounds good but.. what are mx records? At hostway.com basically all I can physically change is where the nameservers are pointed and that's about it.