Jump to content

using session array input to sql database

powpow

By powpow
in PHP Coding Help

 Share

Recommended Posts

powpow Member

powpow

Posted
Posted

I am trying to create a website that after you receive an email you have to use the email address and password to confirm account. Then the next page allows you to change your password. I want to save the users email from the first page and use it in the SQL statement in the second page to locate the user in the DB and update the data.

 

There must be some problem with the way I have my code logically set up. It will make it to the 2nd step but then it will go back to the main email confirmation page.

 

<?php
include('common.php');
include('db.php');

session_start();
session_register('umail');
session_register('password');
session_register('pwd1');
session_register('pwd2');

  if(!isset($_POST['email']) && !isset($_POST['password']))
  {

  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "BLOCKED URL">
  <html>
  <head> This is a test of my patience</head>
  <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
  </head>
  <body>
  <form method="post" action="<?=$_SERVER['PHP_SELF']?>">
  Email: <input type="text" name="email" size="8" />
  password:<input type="password" name="password" size="8" />
  <input type ="submit" name ="submit" value ="submit" />
  </form>
  </body>
  </html>
  <? exit;
  }
   else
  {
  $umail = $_SESSION['umail'] = $_POST['email'];
  $password = $_SESSION['password'] = $_POST['password'];

  dbConnect("web2");
  $sql ="SELECT * FROM `user` WHERE email ='$umail'";
  $result = mysql_query($sql);
  $row = mysql_fetch_assoc($result);

    if(!$result)
    error('Contact DB admin');
    if($result='')
    error('not in db');

    if($_SESSION['umail'] != $row['email'] && $_SESSION['password'] != $row['password'])
    error('Wrong email or password');
  }



  if(!isset($_POST['pwd1']) && !isset($_POST['pwd2']))
  {

  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

  "BLOCKED URL">
  <html>
  <head> This is a test of my patience</head>
  <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
  </head>
  <body>
  <form method="post" action="<?=$_SERVER['PHP_SELF']?>">
  password: <input type="text" name="pwd1" size="8" />
  password confirmation:<input type="password" name="pwd2" size="8" />
  <input type ="submit" name ="submit" value ="submit" />
  </form>
  </body>
  </html>
  <?
  }
  else
  {
  $pwd1 = $_SESSION['pwd1'] = $_POST['pwd1'];
  $pwd2 = $_SESSION['pwd2'] = $_POST['pwd2'];

    if($_SESSiON['pwd1'] == $_SESSION['pwd2'])
    {

    dbConnect("web2");
    mysql_query("UPDATE user SET password ='$pwd1'
                WHERE email ='$umail'");
    $sql="SELECT * FROM 'user' WHERE email='$umail'";
    $result = mysql_query($sql);
    $row = mysql_fetch_assoc($result);

     if($_SESSION['pwd1'] != $row['password'])
      {
      ?>
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "(BLOCKED URl">
      <html>
      <head> This is a test of my patience</head>
      <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
      </head>
      <body>
      <form method="post" action="<?=$_SERVER['PHP_SELF']?>">
      password: <input type="text" name="pwd1" size="8" />
      password confirmation:<input type="password" name="pwd2" size="8" />
      <input type ="submit" name ="submit" value ="submit" />
      </form>
      </body>
      </html>
      <?
      }
      else
      {
      error(' the man');
      session_unset();
      session_destroy();
      }
    }
  }

?>

Link to comment
Share on other sites
Anti-Moronic Regular Member

Anti-Moronic

Posted
Posted

session_register() is deprecated and I would seriously advise you separate this into different pages.

 

You also need to escape with mysql_real_escape_string() all of your data being stored.

 

Finally, don't use short tags = <?= should be <?php - it will only cause problems in the future if you code like this.

 

Sorry, can't answer your question on the logics of this.

 

 

 

 

Link to comment
Share on other sites
powpow Member

powpow

Posted
  • Author
Posted

Ok I appreciate it.  I ended up getting it to work in two separate files.

 

 <?php 

@include_once('common.php');
@include_once('db.php');

if(!isset($_POST['email']) && !isset($_POST['password']) == 'true')
{

?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html>
  <head> This is a test of my patience</head>
  <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
  </head>
  <body>
  <form method="post" action="<?=$_SERVER['SCRIPT_NAME']?>">
  Email: <input type="text" name="email" size="8" value="rob_p_powell@yahoo.com" />
  password:<input type="password" name="password" size="8" value="1e6ffc" />
  <input type ="submit" name ="submit" value ="submit" />
  </form>
  </body>
  </html>
  <? 
  }
else
{
  dbconnect('web2');
  $sql = "SELECT * FROM `user` WHERE email ='$_POST[email]' AND password ='$_POST[password]'";
  $result = mysql_query($sql);
  $row = mysql_fetch_assoc($result);

if(!$result)
    error('contact db admin');
  elseif(!$row)
    error('no match please check email');
  else
  {
  echo "
       <script language='javascript'>
       window.location = \"index_part2.php\";
       </script>";
  } 
mysql_free_result($result);
}
?> 

 

<?php

@include('common.php');
@include('db.php');

if(!isset($_POST['password1']) && !isset($_POST['password2']))
{
?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html>
  <head> This is a test of my patience</head>
  <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
  </head>
  <body>
  <form method="post" action="<?=$_SERVER['SCRIPT_NAME']?>">
<!-- username: <input type="text" name"uname" size="8" value="rpowell" />
--!> password: <input type="text" name="uname" size="8" value="rpowell" /> 
password: <input type="password" name="password1" size="8" value="hi" />
  password confirmation:<input type="password" name="password2" size="8" value="hi" />
  <input type ="submit" name ="submit" value ="submit" />
  </form>
  </body>
  </html>
  <?
  }
else
{
if($_POST['password1'] == $_POST['password2'])
{
  $user = $_POST['uname'];
  dbconnect('web2');
  $sql = "UPDATE `user` SET password ='$_POST[password1]' WHERE userid ='$user'";
  mysql_query($sql);
  $check = "SELECT password FROM `user` WHERE userid ='$user'";
  $result = mysql_query($check);
  $row = mysql_fetch_assoc($result);

if($_POST['password1'] != $row['password']){
   echo $_POST['uname'];
   echo "</br>";
   echo $user;
   echo " </br>";
   echo $_POST['password1'];
   echo " </br>";
   echo $_POST['password2'];
   echo " </br>";
   echo $row['password'];
   echo " </br>";
   echo $user;
   error('contact db admin');
   } 
else
  {
  echo "
     <script language='javascript'>
     window.location = \"homepage.php\";
    </script>";
  }
mysql_free_result($result);
}
}
?>

 

thanks again for your help.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.