Member Avatar for cuonic

Hi,

I'm having a little problem with a password Reset Script I've made

The script sends you a reset hash to your email to confirm that you requested the password reset. This resethash is just a random string with letters and numbers that is 15 chars long

Problem is, when I verify if it is 15 chars long, the script is telling me it isn't

// ...

$hash = $_GET['hash'];
    
if(strlen($hash) == 0) { $msg[] = "Hash Field is empty !"; }
elseif(strlen($hash) !== 15) { $msg[] = "Hash is invalid !"; }
    
if(count($msg) == 0)
{
     // ....
}

Here is a test URL with a valid Reset Hash

http://virtualtrader.cuonic.tk/resetpass.php?hash=APraKgfg0l0QqwC

What is wrong ? Thanks in advance ;)

Member Avatar for iamthwee

Isn't not equal

!=

as opposed to

!==
Member Avatar for cuonic

Tried

And failed... Still get Hash Is Invalid D:

I get the same when I do

<?php

if($_GET)
{
	include("includes/mysql.php");
	
	$hash = $_GET['hash'];
	
	if(strlen($hash) == 0) { $msg[] = "Hash Field is empty !"; }
	elseif(strlen($hash) > 15) { $msg[] = "Hash is invalid !"; } // This is where it fails D:
	elseif(strlen($hash) < 15) { $msg[] = "Hash is invalid !"; }
	
	echo strlen($hash); // This shows 15
	
	if(count($msg) == 0)
	{
		// ....
	}

?>
Member Avatar for iamthwee

From the above snippet how do you know it is failing on the >15 as opposed to the <15

Both output the same message?

Member Avatar for cuonic

Ok problem is no longer there, it is now a MySQL Problem :

<?php
		$hash = mysql_real_escape_string($hash);
		$query = mysql_query("SELECT username, email FROM user_db WHERE resethash='$resethash'");
		if(mysql_num_rows($query) == 0) { $msg[] = "Hash is incorrect !"; }
?>

It just echos "Hash is incorrect" even though it is valid and correctly inserted into database

Member Avatar for iamthwee

is $resethash a variable or the actual string name?

Member Avatar for cuonic

Wow i can't believe I didn't spot that... I put $resethash instead of $hash

I hate myself x)

Thanks for your help anyway

dont hate yourself, plenty of others will do it for you. :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.