#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2

    Checks don't work...


    Ok, new problem... I have no idea why I'm running into so many problems with my code when all I did was use the same code that was working great with the previous website and now I'm using it on the new website with a different design. I also made it a point to go around in the code and fix things that looked out of wack and so on. Anyway when I try to test the error messages on the forgot password, login and registration pages, they don't work properly. They don't recognize the email and username check functions for some reason so if I type an email in the email field that is actually in the database, I get an error that that email doesn't exist. Not only that but all the errors don't get compounded like they should in the foreach loop they have one at a time. If anyone could help me with this that would be awesome! Thanks for your time.

    forgotpass.func.php
    PHP Code:
    <?php
    function email_check($email$username){
        
    $email mysql_real_escape_string($email);
        
    $username mysql_real_escape_string($username);
        
    $email_query mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `username`='$username'");
        return(
    mysql_result($email_query0'count') == 1) ? mysql_result($email_query0'user_id') : false;
    }

    function 
    change_pass($email$username$newpass) {
        
    $email mysql_real_escape_string($email);
        
    $username mysql_real_escape_string($username);
        
    $salt '1111111';
        
    $hash hash('sha256'$salt.$newpass);
        
    $email_query mysql_query("UPDATE `users` SET `password`='$hash' WHERE `email`='$email' AND `username`='$username'");
    }

    function 
    forgot() {
        
    if (
    logged_in()) {
        
    header('Location: settings.php');
        exit();
    }
                                    
    if(isset(
    $_POST['email'], $_POST['username'])){

        
    $email $_POST['email'];
        
    $username $_POST['username'];
        
    $newpass rand(111111,999999);
        
        
    $errors = array();
        
        if(empty(
    $email) || empty($username)){
            
    $errors[] = 'Your email address and username are required.';
            
    $emailclass 'field2';
            
    $usernameclass 'field2';
        } else {
            
    $emailpass email_check($email$username);
            
            if (
    $emailpass === false){
                
    $errors[] = 'That email address doesn\'t exist.';
                
    $emailclass 'field2';
            }
            
        }
        
        if(!empty(
    $errors)) {
            foreach (
    $errors as $error) {
                echo 
    '<span class="font15" style="color: red;">',$error'</span><br />';
            }
            
        }else{
            
    //change password
            
    change_pass($email$username$newpass);
                            
            
    $to $email;
            
    $subject "Password Reset";
            
    $headers = array(
                
    "From: Company <email@email.com>"
            
    );
            
    $body "Hello $email,\n\nYour password was reset successfully! Your new password is: $newpass\n\nTo login with your new password, follow this link, http://www.website.com/login.php\n\nPlease check our website regularly for updates on new products, promotions, events, news and more!";
                            
            if (!
    mail($to$subject$bodyimplode("\r\n"$headers))) {
                echo 
    '<span class="font15" style="color: red;">Unable to send a new password to your email at this time. Please try again later.</span>';
            }
                                
            echo 
    '<span class="font15" style="color: green;">Password reset successfully!<br />Your new password has been sent to ('.$email.').</span>';
            
    header('refresh: 4; url=http://www.website.com');
            exit();
        }

    }
    }
                    
    ?>
    register.func.php
    PHP Code:
    <?php

    if (logged_in()) {
        
    header('Location: settings.php');
        exit();
    }
            
    function 
    register_account() {
                
    if (isset(
    $_POST['email'], $_POST['username'], $_POST['first_name'], $_POST['last_name'], $_POST['phone'], $_POST['password'])){
        
    $email $_POST['email'];
        
    $username $_POST['username'];
        
    $first_name $_POST['first_name'];
        
    $last_name $_POST['last_name'];
        
    $phone $_POST['phone'];
        
    $password $_POST['password'];
        
        
    $errors = array();
                            
        if (empty(
    $email) || empty($username) || empty($first_name) || empty($last_name) || empty($password)){
            
    $errors[] = 'All fields are required.';
            
    $emailclass 'field2';    
            
    $usernameclass 'field2';    
            
    $firstnameclass 'field2';    
            
    $lastnameclass 'field2';    
        } else {
            if (
    filter_var($emailFILTER_VALIDATE_EMAIL) === false){
                
    $errors[] = 'The email you provided is not a valid email address.';
                
    $emailclass 'field2';    
            }
            
            function 
    emailcheck($email){
                
    $email mysql_real_escape_string($email);
                
    $query mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email`='$email'");
                return (
    mysql_result($query0) == 1) ? true false;
            }
        
            function 
    usercheck($username){
                
    $username mysql_real_escape_string($username);
                
    $query mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username`='$username'");
                return (
    mysql_result($query0) == 1) ? true false;
            }
            
            if (
    emailcheck($email) === false){        
                
    $errors[] = 'The email you provided is already in use.';
                
    $emailclass 'field2';    
            }
                
            if (
    usercheck($username) === false){        
                
    $errors[] = 'The username you provided is already in use.';
                
    $usernameclass 'field2';        
            }
            
            if (
    strlen($password) < 6){
                
    $errors[] = 'Minimum length for passwords must be 6 characters.';
                
    $passwordclass 'field2';    
            }
        }
                            
        if (!empty(
    $errors)) {
            foreach (
    $errors as $error) {
                echo 
    '<span class="font15" style="color: red;">- ',$error,'</span><br />';
            }
        } else {
                            
            
    $code rand(1111111,9999999);
                            
            
    $to $email;
            
    $subject "Activate your account";
            
    $headers = array(
                
    "From: Company <email@email.com>"
            
    );
            
    $body "Hello $username,\n\nThank you for registering an account with us! To activate your account, click or copy and paste the website address below.\n\nhttp://www.website.com/activate.php?code=$code\n\nThank you! Please check our website regularly for updates on new products. Once your account is activated, you'll be able to sign in and purchase products, as well as take advantage of any other member services we may be offering.";
                            
            if (!
    mail($to$subject$bodyimplode("\r\n"$headers))) {
            echo 
    '<span class="font15" style="color: red;">Unable to register with the email you provided. Please try again later.</span>';
            } else {
                            
            
    //register the user
            
    user_register($email$username$first_name$last_name$phone$password$code);                
            echo 
    '<br /><br /><span class="font15" style="color: green;">Success! We\'ve sent you an activation email to <b>('.$email.')</b>. Refreshing page...</span><br />';
            
    header('refresh: 4; url=http://www.website.com');
            exit();
            }
                        
            }
        }
    }

    ?>
    login.func.php
    PHP Code:
    <?php
    function login() {
        if (!
    logged_in()) {    
        if (isset(
    $_POST['username'], $_POST['password'])){

            
    $username $_POST['username'];
            
    $password $_POST['password'];
                        
            
    $actquery mysql_query("SELECT `activated` FROM `users` WHERE `username`='$username'");
            
    $activated2 mysql_fetch_assoc($actquery);
            
    $activated $activated2['activated'];
                        
            
    $errors = array();
        
            if (empty(
    $username) || empty($password)) {
                
    $errors[] = 'Username and password are required.';
                
    $usernameclass 'field2';
                
    $passwordclass 'field2';
            } else {
            
                
    $login login_check($username$password);
            
                if (
    $login === false){
                    
    $errors[] = 'Username or password is incorrect.';
                    
    $usernameclass 'field2';
                    
    $passwordclass 'field2';
                } else {
                    if (
    $activated==0) {
                        
    $errors[] = 'Your account needs to be activated. Please check your email with instructions to activate your account.';
                    }
                }
            
            }
        
            if (!empty(
    $errors)) {
            
                foreach (
    $errors as $error) {
                    echo 
    '<span class="font15" style="color: red;">- ',$error'</span><br />';
                }
            
            } else {
                
    //log user in
                
    $_SESSION['user_id'] = $login;
                
    header('Location: settings.php');
                exit();
            }
        }
        }
        
        if (
    logged_in()) {
            
    header('Location: http://www.website.com');
            exit();
        }
    }
    ?>
    user.func.php
    PHP Code:
    <?php
    function logged_in(){
        return isset(
    $_SESSION['user_id']);
    }

    function 
    login_check($username$password){
        
    $username mysql_real_escape_string($username);
        
    $salt '111111';
        
    $hash hash('sha256'$salt.$password);
        
    $login_query mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `username`='$username' AND `password`='$hash'");
        return(
    mysql_result($login_query0'count') == 1) ? mysql_result($login_query0'user_id') : false;
    }

    function 
    user_data(){
        
    $args func_get_args();
        
    $fields '`'.implode('`, `'$args).'`';
        
        
    $query mysql_query("SELECT $fields FROM `users` WHERE `user_id`=".$_SESSION['user_id']) or die(mysql_error());
        
    $query_result mysql_fetch_assoc($query);
        foreach (
    $args as $field) {
            
    $args[$field] = $query_result[$field];
        }
        return 
    $args;
    }

    function 
    user_data2() {
        
    $userinfo = array();
        
        
    $query mysql_fetch_assoc("SELECT `user_id`, `email`, `username`, `first_name`, `last_name`, `address`, `address2`, `city`, `province`, `country`, `zip`, `phone`, `phone2`, `password`, `admin`, `date`, `mailing`, `note` FROM users WHERE user_id=".$_SESSION['user_id']);
        
        while (
    $query_row mysql_fetch_assoc($query)) {
            
    $userinfo[] = array(
                
    'user_id' => $query_row['user_id'],
                
    'email' => $query_row['email'],
                
    'username' => $query_row['username'],
                
    'first_name' => $query_row['first_name'],
                
    'last_name' => $query_row['last_name'],
                
    'address' => $query_row['address'],
                
    'address2' => $query_row['address2'],
                
    'city' => $query_row['city'],
                
    'province' => $query_row['province'],
                
    'country' => $query_row['country'],
                
    'zip' => $query_row['zip'],
                
    'phone' => $query_row['phone'],
                
    'phone2' => $query_row['phone2'],
                
    'password' => $query_row['password'],
                
    'admin' => $query_row['admin'],
                
    'date' => $query_row['date'],
                
    'mailing' => $query_row['mailing'],
                
    'note' => $query_row['note']
            );
        }
        
        return 
    $userinfo;
    }

    function 
    user_register($email$username$first_name$last_name$phone$password$code){
        
    $email mysql_real_escape_string($email);
        
    $username mysql_real_escape_string($username);
        
    $first_name mysql_real_escape_string($first_name);
        
    $last_name mysql_real_escape_string($last_name);
        
    $phone mysql_real_escape_string($phone);
        
    $code mysql_real_escape_string($code);
        
    $salt '111111';
        
    $hash hash('sha256'$salt.$password);
        
    mysql_query("INSERT INTO `users` VALUES ('', '$email', '$username', '$first_name', '$last_name', '', '', '', '', '0', '', '$phone', '', '$hash', '$code', '0', '0', NOW(), '', '')");
        return 
    mysql_insert_id();
    }

    function 
    user_exists($email){
        
    $email mysql_real_escape_string($email);
        
    $query mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email`='$email'");
        return (
    mysql_result($query0) == 1) ? true false;
    }

    function 
    update_user($first_name$last_name$address$address2$city$province$country$zip$phone$phone2$mailing$note$password) {
        
    $first_name mysql_real_escape_string($first_name);
        
    $last_name mysql_real_escape_string($last_name);
        
    $address mysql_real_escape_string($address);
        
    $address2 mysql_real_escape_string($address2);
        
    $city mysql_real_escape_string($city);
        
    $province mysql_real_escape_string($province);
        
    $country mysql_real_escape_string($country);
        
    $zip mysql_real_escape_string($zip);
        
    $phone mysql_real_escape_string($phone);
        
    $phone2 mysql_real_escape_string($phone2);
        
    $mailing = (int)$mailing;
        
    $note = (int)$note;
        
    $salt '111111';
        
    $hash hash('sha256'$salt.$password);
        
        
    mysql_query("UPDATE `users` SET `first_name`='$first_name', `last_name`='$last_name', `address`='$address', `address2`='$address2', `city`='$city', `province`='$province', `country`='$country', `zip`='$zip', `phone`='$phone', `phone2`='$phone2', `mailing`='$mailing', `note`='$note', `password`='$hash' WHERE `user_id`=".$_SESSION['user_id']);
    }

    function 
    update_user2($email$username) {
        
    $email mysql_real_escape_string($email);
        
    $username mysql_real_escape_string($username);
        
        
    mysql_query("UPDATE `users` SET `email`='$email', `username`='$username' WHERE `user_id`=".$_SESSION['user_id']);
    }
    ?>
    Thanks for your time and help in advance. If you need anymore code let me know and I can post it here.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1045
    Hi,

    you should learn to debug code yourself and solve problems systematically.

    Sure, you can post your whole application and wait for somebody else to tell you what's wrong based on their own knowledge and experience. This often works. But it's actually you who knows this code best and has direct access to the live application. We have to rely on the abstract code, but you can actually check things and try out different ideas. So why not do not that? This will make you a much better programmer, because you'll learn to help yourself.

    Pick one concrete issue. Don't try to go after 10 bugs at the same time.

    Let's say you wanna debug the "forgot password" page. The obvious first step would be to actually output the query of the email_check() function and see if its correct:

    PHP Code:
    echo "SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `username`='$username'"
    What does it say? What happens when you execute the query in phpmyadmin?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2
    I understand what your saying and believe me i tried everying i could think of to see what the problem was. I was up until 5 am working on it and couldnt find where im going wrong. The only reason i posted all my code that relates to the issue is because ive had people tell me to post more code to be able to help me so thats why i did that. Even while i posted the code im still working on it to find out whats wrong but maybe i thought if i could get a little assistance for what im soing wrong i could fix the problem and make notes for next time. I mean isnt this what the forum is uaed for mainly is for peoplw to exchange ideas, knowledge and help?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2
    When executing the query in the sql section of phpmyadmin it works fine which is why im at a loss for what the problem is. The form does what its supposed to do but the errors arent functioning the way they should
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1045
    Well, if you've already checked all kinds of things, you should tell us that and give us the concrete code that goes wrong.

    OK, so if the query is correct, then it's obviously a problem of executing the query of fetching the result. What's $email_query? What's mysql_result($email_query, 0, 'count') == 1?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2
    Ok thanks, ill post back here if i find a solution
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2
    So I've tested the forgot password page out and got the error code to work properly, I just had echoed an error that was confusing me and also I got the code to recognize if the username and email matched or not. Then I started working on the registration form code trying to do the same thing with the forgot password form and the code doesn't work at all for the form, completely ignored checking the email and username and just registers the user. So I tested the email and username code by itself to see if it would work on a test page and it doesn't work there either, yet this method works with the forgot password form... heres my test page to test the code out, what happens is both errors get thrown out whenever i put any email or username in the input fields and submit. Clearly I'm having some trouble with this and I'd really appreciate some help. And also the queries work in the SQL section of phpmyadmin because if I put the code through with the same email and username of a user in the db it shows count of 1 and if I put an email and username not present in the database the count is 0 and null. Thanks for your time.

    PHP Code:
    <?
    function emailcheck($email){
        
    $email mysql_real_escape_string($email);
        
    $query mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email'");
        return (
    mysql_result($query0) == 1) ? true false;
    }
        
    function 
    usernamecheck($username){
        
    $username mysql_real_escape_string($username);
        
    $query mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `username`='$username'");
        return (
    mysql_result($query0) == 1) ? true false;
    }

    function 
    register_account() {
        if (isset(
    $_POST['email'], $_POST['username'])) {
            
    $email $_POST['email'];
            
    $username $_POST['username'];
            
            
    $errors = array();
            
            
    $emailcheck emailcheck($email);
            
    $usernamecheck usernamecheck($username);
            
            if (
    $emailcheck === false) {
                
    $errors[] = 'Email already taken';
            }
            
            if (
    $usernamecheck === false) {
                
    $errors[] = 'Username already take';
            }
            
            if (!empty(
    $errors)) {
                foreach (
    $errors as $error) {
                    echo 
    $error'<br />';
                }
            } else {
                echo 
    'You can register an account!';
            }
        }
    }
    ?>

    <?
    register_account
    ();
    ?>

    <form action="" method="post">
        Email: <input type="text" name="email" /><br />
        Username: <input type="text" name="username" /><br /><br />
        <input type="submit" name="submit" />
    </form>
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1045
    In the emailcheck() function, what is var_dump($query) and var_dump(mysql_result($query, 0))?

    And are you sure you've opened a database connection at all? Because it's nowhere in your code.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    120
    Rep Power
    2
    woops lol that did it, well the test page seems to work now so I'm going to have to really take the code apart on the register page and then put it back together. That one had a connection file included but still didn't work so maybe there was another issue there. Thanks for the help!

IMN logo majestic logo threadwatch logo seochat tools logo