0

Hi everyone and thanks in advance for and help you can give me.
I am working on my "forgot password page" forgot.php.
I am trying to query the database and and get a return of 0 or 1 then echo the appropriate response.

this is the code I am using

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isEmail($data['user_email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}
$user_email = $data['user_email'];


foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isUserID($data['user_name'])) {
$err[] = "ERROR - Please enter a valid username"; 
}

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(isset($data['dob'])) {
$err[] = "ERROR - Please enter a valid date"; 
}

$user_name = $data['user_name'];
$full_name = $data['full_name'];
$user_email = $data['user_email'];
$dob = $data['dob'];

$rs_check = mysql_query("select * from users where user_email='$user_email' AND user_name='$user_name' AND full_name='$full_name'foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isEmail($data['user_email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}
$user_email = $data['user_email'];


foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isUserID($data['user_name'])) {
$err[] = "ERROR - Please enter a valid username"; 
}

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(isset($data['dob'])) {
$err[] = "ERROR - Please enter a valid date"; 
}

$user_name = $data['user_name'];
$full_name = $data['full_name'];
$user_email = $data['user_email'];
$dob = $data['dob'];

$rs_check = mysql_query("select * from users where user_email='$user_email' AND user_name='$user_name' AND full_name='$full_name' AND dob='$dob'") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num == 0 ) { 
	$err[] = "Error - Sorry no such account exists.";
	}


if(empty($err)) {

$new_pwd = GenPwd();
$pwd_reset = PwdHash($new_pwd);
//$sha1_new = sha1($new);	
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE 
						 user_email='$user_email'") or die(mysql_error());
						 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num == 0 ) { 
	$err[] = "Error - Sorry no such account exists.";
	}


if(empty($err)) {

$new_pwd = GenPwd();
$pwd_reset = PwdHash($new_pwd);
//$sha1_new = sha1($new);	
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE 
						 user_email='$user_email'") or die(mysql_error());
						 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);

The problem is in the query. If I remove the foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isEmail($data['user_email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}
$user_email = $data['user_email'];


foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isUserID($data['user_name'])) {
$err[] = "ERROR - Please enter a valid username"; 
}

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(isset($data['dob'])) {
$err[] = "ERROR - Please enter a valid date"; 
}

$user_name = $data['user_name'];
$full_name = $data['full_name'];
$user_email = $data['user_email'];
$dob = $data['dob'];

$rs_check = mysql_query("select * from users where user_email='$user_email' AND user_name='$user_name' AND full_name='$full_name' AND dob='$dob'") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num == 0 ) { 
	$err[] = "Error - Sorry no such account exists.";
	}


if(empty($err)) {

$new_pwd = GenPwd();
$pwd_reset = PwdHash($new_pwd);
//$sha1_new = sha1($new);	
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE 
						 user_email='$user_email'") or die(mysql_error());
						 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);

The problem is in the query. If I remove the AND dob='$dob' part of the code at the end of the query everything works great.
if user leaves something out of the form; error msg this field is required.
if user enters wrong information; error no such account exits. all is perfect.
problem starts when I add the AND dob='$dob' Once I add this part of the code to the end of the query I only get 0 rows found and error no such account exits. The code will not find the row in the database if the dob is added to the query.

I hope I am explaining this correctly.
Any advice is greatly appreciated

Edited by crazyitalian: Added code tags

2
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by crazyitalian
0

yes the dob column in db is a date format 'yyyy-mm-dd'
I think my problem is in the validation part of the code for dob. This is what I have.
$dob = $data;
If the dob is not entered error code "please enter a valid date" so this part works fine. It is only if a date is entered whether correctly or incorrectly. error msg no such account exits.
So I believe it is in the validation part of the code

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.