Hi everyone could anyone tell me what is wrong withthis script,when i run it the bellow message occured: The email address and password do not match those on file!!!!. to be note I checked the columns in the database and the email and password, I did chech the query with the die clauser found that near"$num = @mysql_num_rows($result);" got problem but I can not see any problem. Please help <?php // This page lets a user change their password. $page_title = 'Change Your Password'; include ('includes/header1.html'); // Check if the form has been submitted: if (isset($_POST['submitted'])) { require_once ('../mysql_connection.php');// Connect to the db. $errors = array(); // Initialize an error array. // Check for an email address: if (empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address.'; } else { $e = $_POST['email']; } // Check for the current password: if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your current password.'; } else { $p = $_POST['password']; } // Check for a new password and match // against the confirmed password: if (!empty($_POST['password1'])) { if ($_POST['password1'] != $_POST['password2']) { $errors[] = 'Your new password did not match the confirmed password.'; } else { $np = $_POST['password1']; } } else { $errors[] = 'You forgot to enter your new password.'; } if (empty($errors)) { // If everything's OK. // Check that they've entered the right email address/password combination: $query = "SELECT user_id FROM users WHERE (email='$e' AND password=SHA('$p'))"; //run the query $result = mysql_query($query); //get the result $num = @mysql_num_rows($result); if (@mysql_num_rows($result) == 1) { // Match was made. // Get the user_id: $row = mysql_fetch_array($result , MYSQLI_NUM); // Make the UPDATE query: $query= "UPDATE users SET password=SHA('$np') WHERE user_id=$row[0]" or die ('no ' .mysql_error()); $result = @mysql_query($query); if (mysql_affected_rows($result) == 1) { // If it ran OK. if((mysql_affected_rows($result) == 1) ) { echo ok;} else { echo ('no ok ' . mysql_error()); } // Print a message. echo '<h1>Thank you!</h1> <p>Your password has been updated. In Chapter 11 you will actually be able to log in!</p><p><br /></p>'; include('./includes/footer.html'); exit(); } else { // If it did not run OK. // Public message: echo '<h1>System Error</h1> <p class="error">Your password could not be changed due to a system error. We apologize for any inconvenience.</p>'; // Debugging message: echo '<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; include('./includes/footer.html'); exit(); } } else { // Invalid email address/password combination. echo '<h1>Error!</h1> <p class="error">The email address and password do not match those on file!!!!.</p><p><br /></p>'; } } else { // Report the errors. echo '<h1>Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. }// End of the main Submit conditional. ?> <h1>Change Your Password</h1> <form action="password.php" method="post"> <p>Email Address: <input type="text" name="email" size="20" maxlength="20" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p> <p>Current Password: <input type="password" name="password" size="10" maxlength="20" /></p> <p>New Password: <input type="password" name="password1" size="10" maxlength="20" /></p> <p>Confirm New Password: <input type="password" name="password2" size="10" maxlength="20" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> <?php include ('includes/footer.html'); ?> PHP:
Some time mysql_num_rows() creates logical problem. try this $num=mysql_effected_rows($result); if($num<1) { //Place your code block here } else{ //place your code block here }
try this <?php // This page lets a user change their password. $page_title = 'Change Your Password'; // Check if the form has been submitted: if (isset($_POST['submitted'])) { $link = mysql_connect("localhost", "root", "") or die("Could not connect: " . mysql_error()); mysql_select_db("test") or die(mysql_error()); $errors = array(); // Initialize an error array. // Check for an email address: if (empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address.'; } else { $e = $_POST['email']; } // Check for the current password: if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your current password.'; } else { $p = $_POST['password']; } // Check for a new password and match // against the confirmed password: if (!empty($_POST['password1'])) { if ($_POST['password1'] != $_POST['password2']) { $errors[] = 'Your new password did not match the confirmed password.'; } else { $np = $_POST['password1']; } } else { $errors[] = 'You forgot to enter your new password.'; } if (empty($errors)) { // If everything's OK. // Check that they've entered the right email address/password combination: $query = "SELECT user_id FROM users WHERE email = '$e' AND password = SHA1('$p')"; //run the query $result = mysql_query($query, $link) or die(mysql_error()); //get the result $num = mysql_num_rows($result); if ($num == 1) { // Match was made. // Get the user_id: $row = mysql_fetch_array($result , MYSQLI_NUM); // Make the UPDATE query: $query= "UPDATE users SET password=SHA1('$np') WHERE user_id=$row[0]"; mysql_query($query) or die ('no ' .mysql_error()); echo '<h1>Thank you!</h1> <p>Your password has been updated.</p>'; exit(); } else { // Invalid email address/password combination. echo '<h1>Error!</h1> <p class="error">The email address and password do not match those on file!!!!.</p><p><br /></p>'; } } else { // Report the errors. echo '<h1>Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. }// End of the main Submit conditional. ?> <h1>Change Your Password</h1> <form action="" method="post"> <p>Email Address: <input type="text" name="email" size="20" maxlength="20" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p> <p>Current Password: <input type="password" name="password" size="10" maxlength="20" /></p> <p>New Password: <input type="password" name="password1" size="10" maxlength="20" /></p> <p>Confirm New Password: <input type="password" name="password2" size="10" maxlength="20" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> PHP:
Thanks for replay, my problem is that the query did not run, I cheked with the die clause . Than kyou again
Thanks and I am very sorry if in the wrong palce to replay. I did try that, the problem is that it does not run the query, I found uot by useing the die clauser.