News:

Click here for Toll-Free Service for your business starting at $2.00 per month

Main Menu

ANybody good at SQL? I keep messing up

Started by sixthcrusifix, November 30, 2005, 01:13:56 AM

Previous topic - Next topic

ghost

Change to these? :: $SQL , $SQL2 ::

$SQL="SELECT email FROM `userbase` WHERE username = '$lostpw'";

$SQL2="SELECT password FROM `userbase` WHERE username = '$lostpw'";
- Ghost -

sixthcrusifix

I messed up . . .


Notice: Undefined variable: query2 in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 18

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 18

Notice: Undefined variable: result2 in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 19

Notice: Trying to get property of non-object in /fpgs/fpgshttpd/sixthcrusifix/lostpw.php on line 19
Lost Password sixthcrusifix, your new password is 478152. You may change your password in the User Control Panel alert("Your Email Has Been Sent to ")
Visite me website at http://www.sixthcrusifix.com

ghost

Quote from: webzone on November 30, 2005, 02:01:18 AM
Quote from: ghost on November 30, 2005, 01:31:01 AM
$SQL1 ="UPDATE userbase SET password ='$NEW_PW' WHERE username = '$lostpw' '';

You dont need double quotes on the variables.. just the outside, which makes it easier.

My solution didn't use double quotes, but single quotes, this is why they had to be escaped. I agree that your solution is simpler, but mine is faster to process (single quotes are always faster).

Single quotes shouldn't need to be escaped?
- Ghost -

sixthcrusifix

#18
Quote from: ghost on November 30, 2005, 02:14:57 AM
Quote from: webzone on November 30, 2005, 02:01:18 AM
Quote from: ghost on November 30, 2005, 01:31:01 AM
$SQL1 ="UPDATE userbase SET password ='$NEW_PW' WHERE username = '$lostpw' '';

You dont need double quotes on the variables.. just the outside, which makes it easier.

My solution didn't use double quotes, but single quotes, this is why they had to be escaped. I agree that your solution is simpler, but mine is faster to process (single quotes are always faster).

Single quotes shouldn't need to be escaped?


Okay I did it and I'm not getting ENY error messages !! (I un escaped them and erased some typos) Now I just have to see if I actually get the emails... so far it seems good though.

herers the code:



<?php
if(isset($lostpw))
{
srand(microtime() * 1000000);
$NEW_PW rand(100000,999999);

$conn=@mysql_connect("localhost","sixthcrusifix","*******")or die("Sorry, Could Not Connect");
$DTB=@mysql_select_db(DATA,$conn) or die("Could Not Select Database");
$SQL1 'UPDATE userbase SET password = \''.$NEW_PW.'\' WHERE username = \''.$lostpw.'\'';

$result1=mysql_query($SQL1,$conn) or die("SORRY, password could not be reset");

$SQL="SELECT email
FROM `userbase`
WHERE username = '
$lostpw'";

$query=mysql_query($SQL,$conn)or die("SECOND QUERY FAILED");
$result=mysql_fetch_object($query);
$EMAIL=$result->email;


$SQL2="SELECT password
FROM `userbase`
WHERE username = '
$lostpw'";

$query2=mysql_query($SQL2,$conn)or die("SECOND QUERY FAILED");
$result2=mysql_fetch_object($query2);
$LPW=$result2->password;



$msg="$lostpw, your new password is $LPW. You may change your password in the User Control Panel";
echo(
"$EMAIL  Lost Password $msg");
mail($EMAIL,"Lost Password",$msg);
$ALERT1="<scr#ipt> alert(\"Your Email Has Been Sent to $EMAIL\")</script>";
}


else{ 
$ALERT1="You Did NOt Define  A Username!"; }


#############################################################################################################
//The Below is the HEAD!

echo($ALERT1);

#############################################################################################################
//The below is the body
#############################################################################################################

include "defaultcss.php";
echo (
"
$BG_black

$table_1
$center
$main_category
$category

$tr
$content
$TS4
$ALERT1
$br 
$LPW$LPW
$EMAIL
$TS_end1
$bottom
$br
$tr_end
$main_bottom

$div_end
$table_end
"
)
?>

<?
######################################################################################################

//Below is the MAIN MENU (The default menu for ALL pages)
######################################################################################################
include "default_menu.php";
?>

Visite me website at http://www.sixthcrusifix.com

webzone (archived)

@sixthcrusifix

if the variable is undefined, it probably means that the query failed. i'm going to look closer to the code.

@ghost

to include a single quote inside a string delimited itself by single quotes, I need to escape them.
ex : $variable = 'UPDATE userbase SET password = \' (escaped single quote) ' (delimiter)

sixthcrusifix

Quote from: webzone on November 30, 2005, 02:17:57 AM
@sixthcrusifix

if the variable is undefined, it probably means that the query failed. i'm going to look closer to the code.

@ghost

to include a single quote inside a string delimited itself by single quotes, I need to escape them.
ex : $variable = 'UPDATE userbase SET password = \' (escaped single quote) ' (delimiter)

Yeah I copied and pasted and forgot to change the name. I JUST TESTED IT AND IT WORKS! YAY! :D :D :D  :D :D :D

I got the email with the new PW... the only thing to check is. . . if the password works! LOLL
Visite me website at http://www.sixthcrusifix.com

ghost

@webzone

Ok, yeah if you do it that way you do need it, although I still think it's alot easier just to put double quotes for the outside.
- Ghost -

ghost

Just wondering what you are making this in? Your code is very colourful lol.. (compared to notepad anyways)
- Ghost -

sixthcrusifix

Quote from: ghost on November 30, 2005, 02:22:22 AM
Just wondering what you are making this in? Your code is very colourful lol.. (compared to notepad anyways)

That's just how it looks when you put it in the code tag on the forum.


NOT ONLY does it work perfectly but I added encryption so that I don't have to chang the login script. The new passwords are sent to the database encrypted and given to the user unencrypted. And I logged in and it works. :D
Visite me website at http://www.sixthcrusifix.com

ghost

Quote from: sixthcrusifix on November 30, 2005, 02:24:51 AM
Quote from: ghost on November 30, 2005, 02:22:22 AM
Just wondering what you are making this in? Your code is very colourful lol.. (compared to notepad anyways)

That's just how it looks when you put it in the code tag on the forum.


NOT ONLY does it work perfectly but I added encryption so that I don't have to chang the login script. The new passwords are sent to the database encrypted and given to the user unencrypted. And I logged in and it works. :D

And thats how it should be lol.. not sure what you would want with un-encrypted passwords in the database. (Although mine has both.. lol)
- Ghost -

sixthcrusifix

Quote from: ghost on November 30, 2005, 02:28:42 AM
Quote from: sixthcrusifix on November 30, 2005, 02:24:51 AM
Quote from: ghost on November 30, 2005, 02:22:22 AM
Just wondering what you are making this in? Your code is very colourful lol.. (compared to notepad anyways)

That's just how it looks when you put it in the code tag on the forum.


NOT ONLY does it work perfectly but I added encryption so that I don't have to chang the login script. The new passwords are sent to the database encrypted and given to the user unencrypted. And I logged in and it works. :D

Before when you lost your password the new password was just sent to the database. But that would cause problems now because the login form used md5 and it would end up not matching. So yes, I don't know what I was thinking not encrypting them. :P
And thats how it should be lol.. not sure what you would want with un-encrypted passwords in the database. (Although mine has both.. lol)
Visite me website at http://www.sixthcrusifix.com

ghost

And now back to breaking my own stuff, if you have anymore questions just post again.. I should be here for awhile longer.
- Ghost -

sixthcrusifix

#27
Quote from: ghost on November 30, 2005, 02:46:37 AM
And now back to breaking my own stuff, if you have anymore questions just post again.. I should be here for awhile longer.


look at this, it's working on one page and not the other!?!??!

<?php
if( (!$username) or (!$password) )
{
header("Location:$HTTP_REFERER") ; exit();
}


$conn = @mysql_connect("localhost","sixthcrusifix","") or die("Sorry Login Failed 1.1");

$rs = @mysql_select_db("MAIN",$conn) or die("Sorry Login Failed 1.2");

$sql="select * from userbase where username=\"$username\" and password=\"$password\"";

$rs=mysql_query($sql,$conn) or die(mysql_error());

$num mysql_numrows($rs);

$SQL2="SELECT type
FROM `userbase`
WHERE username = '
$username'";

$query2=mysql_query($SQL2,$conn)or die("SECOND QUERY FAILED");
$result2=mysql_fetch_object($query2);

$QWiuwq08wqjwqQW0_S=$result2->type;

if( (
$num != 0) && ($QWiuwq08wqjwqQW0_S !="user") )
{
$msg "Welcom $username - You were succesfully logged in!, TYPE: $QWiuwq08wqjwqQW0_S ";
session_start();
session_register("logged");
$logged 1;
setcookie("user"$usernametime()+2592000);
$user=$username;
}
else

if (
$QWiuwq08wqjwqQW0_S="user")
{echo(
"YOU ARE NOT AN ADMINISTRATOR! Your Username has been sent to the administrater and you have been logged for trying to log into the admin CP!");}

$msg "Sorry your username or password was incorrect! <a href=\"login.php\">Retry?</a>";
}
?>



<html>
<head><title>Log In to The Final Destiny!</title></head>
<body>




<body bgcolor="000000">
<div align="center"><img src="http://freepgs.com/sixthcrusifix/HEAD.jpg"></div>
<table width="500" overflow="480" align="left"

BACKGROUND="http://freepgs.com/sixthcrusifix/MAIN/images/Template/BG_

MAIN.gif" cellspacing="0" cellpadding="0">
<div align="center"><tr>
<td><img

src="http://freepgs.com/sixthcrusifix/MAIN/images/Template/TOP_MAIN.gif">

</tr></td>

</tr>
<td><img

src="http://freepgs.com/sixthcrusifix/MAIN/images/Template/TD_TOP.gif"></t

r></td>

<tr>
<td  width="468"

BACKGROUND="http://freepgs.com/sixthcrusifix/MAIN/images/Template/TD_

BG.gif">
<font size="4"><font color="ffffff"><div align="center">
<?php echo($msg); ?>
</font></font></div>
</tr></td>

</tr>
<td><img

src="http://freepgs.com/sixthcrusifix/MAIN/images/Template/TD_BOTTOM.gif

"></tr></td>
<br>
</tr>

<tr>
<td><img

src="http://freepgs.com/sixthcrusifix/MAIN/images/Template/BOTTOM_MAIN.

gif" name="test"></tr></td>
</div>
</table>




it works on its page in my main directory but not in the new folder I put it in!


this is the error message:


Table 'MAIN.userbase' doesn't exist



NVM I'm an idiot. There really is no database named MAIN. . . I renamed it to "DATA" LOLL
Visite me website at http://www.sixthcrusifix.com

ghost

$rs = @mysql_select_db("MAIN",$conn) or die("Sorry Login Failed 1.2");

$sql="select * from userbase where username=\"$username\" and password=\"$password\"";


change to ::

$rs = @mysql_select_db(DATA,$conn) or die("Sorry Login Failed 1.2");

$sql="select * from userbase where username='$username' and password='$password'";


(I'm not completely sure about that first line but try it anyways.)
- Ghost -

sixthcrusifix

Quote from: ghost on November 30, 2005, 03:04:20 AM
$rs = @mysql_select_db("MAIN",$conn) or die("Sorry Login Failed 1.2");

$sql="select * from userbase where username=\"$username\" and password=\"$password\"";


change to ::

$rs = @mysql_select_db(DATA,$conn) or die("Sorry Login Failed 1.2");

$sql="select * from userbase where username='$username' and password='$password'";


oh.. you figured it out too. geeze I'm a dumby.

(I'm not completely sure about that first line but try it anyways.)
Visite me website at http://www.sixthcrusifix.com