Member Avatar for crazyitalian

Hi everyone and thanks in advance for and help you can give me.
I am working on my "forgot password page" forgot.php.
I am trying to query the database and and get a return of 0 or 1 then echo the appropriate response.

this is the code I am using

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isEmail($data['user_email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}
$user_email = $data['user_email'];


foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isUserID($data['user_name'])) {
$err[] = "ERROR - Please enter a valid username"; 
}

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(isset($data['dob'])) {
$err[] = "ERROR - Please enter a valid date"; 
}

$user_name = $data['user_name'];
$full_name = $data['full_name'];
$user_email = $data['user_email'];
$dob = $data['dob'];

$rs_check = mysql_query("select * from users where user_email='$user_email' AND user_name='$user_name' AND full_name='$full_name'foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isEmail($data['user_email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}
$user_email = $data['user_email'];


foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isUserID($data['user_name'])) {
$err[] = "ERROR - Please enter a valid username"; 
}

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(isset($data['dob'])) {
$err[] = "ERROR - Please enter a valid date"; 
}

$user_name = $data['user_name'];
$full_name = $data['full_name'];
$user_email = $data['user_email'];
$dob = $data['dob'];

$rs_check = mysql_query("select * from users where user_email='$user_email' AND user_name='$user_name' AND full_name='$full_name' AND dob='$dob'") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num == 0 ) { 
	$err[] = "Error - Sorry no such account exists.";
	}


if(empty($err)) {

$new_pwd = GenPwd();
$pwd_reset = PwdHash($new_pwd);
//$sha1_new = sha1($new);	
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE 
						 user_email='$user_email'") or die(mysql_error());
						 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num == 0 ) { 
	$err[] = "Error - Sorry no such account exists.";
	}


if(empty($err)) {

$new_pwd = GenPwd();
$pwd_reset = PwdHash($new_pwd);
//$sha1_new = sha1($new);	
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE 
						 user_email='$user_email'") or die(mysql_error());
						 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);

The problem is in the query. If I remove the foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isEmail($data['user_email'])) {
$err[] = "ERROR - Please enter a valid email"; 
}
$user_email = $data['user_email'];


foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(!isUserID($data['user_name'])) {
$err[] = "ERROR - Please enter a valid username"; 
}

foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}
if(isset($data['dob'])) {
$err[] = "ERROR - Please enter a valid date"; 
}

$user_name = $data['user_name'];
$full_name = $data['full_name'];
$user_email = $data['user_email'];
$dob = $data['dob'];

$rs_check = mysql_query("select * from users where user_email='$user_email' AND user_name='$user_name' AND full_name='$full_name' AND dob='$dob'") or die (mysql_error()); 
$num = mysql_num_rows($rs_check);
  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num == 0 ) { 
	$err[] = "Error - Sorry no such account exists.";
	}


if(empty($err)) {

$new_pwd = GenPwd();
$pwd_reset = PwdHash($new_pwd);
//$sha1_new = sha1($new);	
//set update sha1 of new password + salt
$rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE 
						 user_email='$user_email'") or die(mysql_error());
						 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);

The problem is in the query. If I remove the AND dob='$dob' part of the code at the end of the query everything works great.
if user leaves something out of the form; error msg this field is required.
if user enters wrong information; error no such account exits. all is perfect.
problem starts when I add the AND dob='$dob' Once I add this part of the code to the end of the query I only get 0 rows found and error no such account exits. The code will not find the row in the database if the dob is added to the query.

I hope I am explaining this correctly.
Any advice is greatly appreciated

Edited by crazyitalian because: Added code tags
  • 2 Contributors
  • 2 Replies
  • 136 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by crazyitalian
Member Avatar for pritaeas

Note that dates in MySQL have to be in the format 'YYYY-MM-DD' (assuming `dob` is a DATE column).

Member Avatar for crazyitalian

yes the dob column in db is a date format 'yyyy-mm-dd'
I think my problem is in the validation part of the code for dob. This is what I have.
$dob = $data;
If the dob is not entered error code "please enter a valid date" so this part works fine. It is only if a date is entered whether correctly or incorrectly. error msg no such account exits.
So I believe it is in the validation part of the code

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.