Cant change a users password via my form.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Cant change a users password via my form.

Post by cnl83 »

Just to give you the low down first, I dloaded some open source code, and have been modifing it to fit my needs. Im not very good a php but im trying. The application uses a class file, but I think this particular problem im having is in this page.

The problem?
I cannot change a users password Image
All the other functions work fine. I can change a users access level, and email address. When I try to change the password I get a database error. I looked at the code, and that error is programmed into the app. Here is the code to that particular part of the page.

Code: Select all

function update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no") {
		$this->user_found = true;
		$this->user_access_level = $new_level;
		if ($def_pass != "" && strlen($def_pass) < 4) {
			$this->the_msg = "Password is to short use the min. of 4 chars.";
		} else {
			if ($this->check_email($new_email)) {
				$sql = "UPDATE %s SET access_level = %d, email = '%s', active = '%s'";
				$sql .= ($def_pass != "") ? sprintf(", SET pw = '%s'", md5($def_pass)) : "";
				$sql .= " WHERE id = %d";
				$sql_compl = sprintf($sql, $this->table_name, $new_level, $new_email, $active, $user_id);
				if (mysql_query($sql_compl)) {
					$this->the_msg = "Data is modified for user with id#<b>".$user_id."</b>";
					if ($confirmation == "yes") {
						if ($this->send_confirmation($user_id)) {
							$this->the_msg .= "<br>...a confirmation mail is send to the user.";
						} else {
							$this->the_msg .= "<br>...ERROR no confirmation mail is send to the user.";
						}
					}
				} else {
					$this->the_msg = "Database error, please try again!";
				}
			} else {
				$this->the_msg = "The e-mail address is invalid!";
			}
		}
	}
Thanks for your time on this..
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

try changing this

$sql .= ($def_pass != "") ? sprintf(", SET pw = '%s'", md5($def_pass)) : "";

to

$sql .= ($def_pass != "") ? "SET pw = 'md5($def_pass)'" : "";
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

No same thing...
should I change it back?

Now further up the code where it gets the users data, should PW (password) be there too?

Code: Select all

function get_userdata($for_user, $type = "login") {
		if ($type == "login") {
			$sql = sprintf("SELECT id, login, email, access_level, active FROM %s WHERE login = '%s'", $this->table_name, trim($for_user));
		} else {
			$sql = sprintf("SELECT id, login, email, access_level, active FROM %s WHERE id = %d", $this->table_name, intval($for_user));
		}
EDITED
I just tried that, and it did not work either.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

huh. i dunno, i think maybe try taking out this stupid sprintf stuff and putting in the code to make a little more sence. when updating the db with a new password try this query

Code: Select all

$table = $this->table_name;
$pass = md5($def_pass);

$sql = '
UPDATE
  '.$table.'
SET
  access_level = "'.$new_level.'",
  email = "'.$new_email.'",
  active = "'.$active.'"
  password = "'.$pass.'"
WHERE
  id = "'.$user_id.'"
';

$query = mysql_query($sql) or die(mysql_error().' -> '.__LINE__);
see if that works. that will take out all this sprintf garbage that I think makes reading code a trillian times more difficult than just doing maybe a str_replace or somthing
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

No that didnt work...

New Code being..

Code: Select all

function update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no") {
		$this->user_found = true;
		$this->user_access_level = $new_level;
		if ($def_pass != "" && strlen($def_pass) < 4) {
			$this->the_msg = "Password is to short use the min. of 4 chars.";
		} else {
			if ($this->check_email($new_email)) {
				$table = $this->table_name; 
				$pass = md5($def_pass);
				$sql = '
				UPDATE
				'.$table.'
				SET
				access_level = "'.$new_level.'", 
                email = "'.$new_email.'", 
                active = "'.$active.'" 
                password = "'.$pass.'"
				WHERE
				id = "'.$user_id.'" 
				';
				if (mysql_query($sql_compl)) {
					$this->the_msg = "Data is modified for user with id#<b>".$user_id."</b>";
					if ($confirmation == "yes") {
						if ($this->send_confirmation($user_id)) {
							$this->the_msg .= "<br>...a confirmation mail is send to the user.";
						} else {
							$this->the_msg .= "<br>...ERROR no confirmation mail is send to the user.";
						}
					}
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

try this

Code: Select all

function update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no") {
        $this->user_found = true;
        $this->user_access_level = $new_level;
        if ($def_pass != "" && strlen($def_pass) < 4) {
            $this->the_msg = "Password is to short use the min. of 4 chars.";
        } else {
            if ($this->check_email($new_email)) {
                echo 'Made It To Step A!<br>';
                $table = $this->table_name;
                $pass = md5($def_pass);
                $sql = '
                UPDATE
                '.$table.'
                SET
                access_level = "'.$new_level.'",
                email = "'.$new_email.'",
                active = "'.$active.'"
                password = "'.$pass.'"
                WHERE
                id = "'.$user_id.'"
                ';

                $result = mysql_query($sql) or die(mysql_error());

                echo 'MADE IT TO STEP B<br>';
                if ($result) {
                    $this->the_msg = "Data is modified for user with id#<b>".$user_id."</b>";
                    if ($confirmation == "yes") {
                        if ($this->send_confirmation($user_id)) {
                            $this->the_msg .= "<br>...a confirmation mail is send to the user.";
                        } else {
                            $this->the_msg .= "<br>...ERROR no confirmation mail is send to the user.";
                        }
                    }
you should be able to get a Made It To Step A then a MADE IT TO STEP B. if you get those then there is somthing else wrong, otherwise we have narrowed the problem down.
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

Made It To Step A!
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'password = "047c388f57f5ee5b76c2dca27bdb7dd8"

Didnt see step B
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

haha sorry my bad, change the $sql stuff to this

Code: Select all

$sql = '
                UPDATE
                '.$table.'
                SET
                access_level = "'.$new_level.'",
                email = "'.$new_email.'",
                active = "'.$active.'",
                password = "'.$pass.'"
                WHERE
                id = "'.$user_id.'"
                ';
edit: note the comma at the end of the active line
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

Made It To Step A!
Unknown column 'password' in 'field list'


Now note that the column password's name is actually pw.
I changed that, and it worked fine.

Now I just have to remove the step A, and B notes..

Thanks for your help.
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

Done!

Thanks a million..

How did you get so good at php? I have read my book 2 times already, and still Im a noob.
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

real worl experience and lots of cussing worked for me..but that's just me:)
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

Well, I got the cussing down...lol
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

I found a problem...
If I update the access level, and dont change the password, it changes the password. Obviously to blank or something. I cant login with that account anymore cause I dont know the password. I have to go back in and reassign the password.

I guess if we would call the password into the field, that when I update it, it would not change.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

good thinking. try that and you should be good. this code that you downloaded seams to be slightly poorly written, well at least i don't like the way it was done.

how did i get good at php? ha, im not good at php, im just drunk :lol:
cnl83
Forum Commoner
Posts: 44
Joined: Mon Sep 26, 2005 10:34 am

Post by cnl83 »

Ah...it would have worked, but!, but! :(

it is encoded or something in the database, I went back and looked at the db and the password instead of being

test it looks like f4as5df56as4df65a4sdf

Im sure its that way because of the class file, or do you think its something I can change in the database?

EDITED
I checked the database, and deffinitely nothing to scramble

perhaps this..

Code: Select all

$cookie_str = $this->user.chr(31).base64_encode($this->user_pw);
		setcookie($this->cookie_name, $cookie_str, $expire, $this->cookie_path);

function login_reader() {
		if (isset($_COOKIE[$this->cookie_name])) {
			$cookie_parts = explode(chr(31), $_COOKIE[$this->cookie_name]);
			$this->user = $cookie_parts[0];
			$this->user_pw = base64_decode($cookie_parts[1]);
			$this->is_cookie = true;
		}			 
	}
Post Reply