Page 1 of 2

Cant change a users password via my form.

Posted: Thu Sep 29, 2005 10:15 am
by cnl83
Just to give you the low down first, I dloaded some open source code, and have been modifing it to fit my needs. Im not very good a php but im trying. The application uses a class file, but I think this particular problem im having is in this page.

The problem?
I cannot change a users password Image
All the other functions work fine. I can change a users access level, and email address. When I try to change the password I get a database error. I looked at the code, and that error is programmed into the app. Here is the code to that particular part of the page.

Code: Select all

function update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no") {
		$this->user_found = true;
		$this->user_access_level = $new_level;
		if ($def_pass != "" && strlen($def_pass) < 4) {
			$this->the_msg = "Password is to short use the min. of 4 chars.";
		} else {
			if ($this->check_email($new_email)) {
				$sql = "UPDATE %s SET access_level = %d, email = '%s', active = '%s'";
				$sql .= ($def_pass != "") ? sprintf(", SET pw = '%s'", md5($def_pass)) : "";
				$sql .= " WHERE id = %d";
				$sql_compl = sprintf($sql, $this->table_name, $new_level, $new_email, $active, $user_id);
				if (mysql_query($sql_compl)) {
					$this->the_msg = "Data is modified for user with id#<b>".$user_id."</b>";
					if ($confirmation == "yes") {
						if ($this->send_confirmation($user_id)) {
							$this->the_msg .= "<br>...a confirmation mail is send to the user.";
						} else {
							$this->the_msg .= "<br>...ERROR no confirmation mail is send to the user.";
						}
					}
				} else {
					$this->the_msg = "Database error, please try again!";
				}
			} else {
				$this->the_msg = "The e-mail address is invalid!";
			}
		}
	}
Thanks for your time on this..

Posted: Thu Sep 29, 2005 10:19 am
by shiznatix
try changing this

$sql .= ($def_pass != "") ? sprintf(", SET pw = '%s'", md5($def_pass)) : "";

to

$sql .= ($def_pass != "") ? "SET pw = 'md5($def_pass)'" : "";

Posted: Thu Sep 29, 2005 10:22 am
by cnl83
No same thing...
should I change it back?

Now further up the code where it gets the users data, should PW (password) be there too?

Code: Select all

function get_userdata($for_user, $type = "login") {
		if ($type == "login") {
			$sql = sprintf("SELECT id, login, email, access_level, active FROM %s WHERE login = '%s'", $this->table_name, trim($for_user));
		} else {
			$sql = sprintf("SELECT id, login, email, access_level, active FROM %s WHERE id = %d", $this->table_name, intval($for_user));
		}
EDITED
I just tried that, and it did not work either.

Posted: Thu Sep 29, 2005 10:31 am
by shiznatix
huh. i dunno, i think maybe try taking out this stupid sprintf stuff and putting in the code to make a little more sence. when updating the db with a new password try this query

Code: Select all

$table = $this->table_name;
$pass = md5($def_pass);

$sql = '
UPDATE
  '.$table.'
SET
  access_level = "'.$new_level.'",
  email = "'.$new_email.'",
  active = "'.$active.'"
  password = "'.$pass.'"
WHERE
  id = "'.$user_id.'"
';

$query = mysql_query($sql) or die(mysql_error().' -> '.__LINE__);
see if that works. that will take out all this sprintf garbage that I think makes reading code a trillian times more difficult than just doing maybe a str_replace or somthing

Posted: Thu Sep 29, 2005 10:39 am
by cnl83
No that didnt work...

New Code being..

Code: Select all

function update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no") {
		$this->user_found = true;
		$this->user_access_level = $new_level;
		if ($def_pass != "" && strlen($def_pass) < 4) {
			$this->the_msg = "Password is to short use the min. of 4 chars.";
		} else {
			if ($this->check_email($new_email)) {
				$table = $this->table_name; 
				$pass = md5($def_pass);
				$sql = '
				UPDATE
				'.$table.'
				SET
				access_level = "'.$new_level.'", 
                email = "'.$new_email.'", 
                active = "'.$active.'" 
                password = "'.$pass.'"
				WHERE
				id = "'.$user_id.'" 
				';
				if (mysql_query($sql_compl)) {
					$this->the_msg = "Data is modified for user with id#<b>".$user_id."</b>";
					if ($confirmation == "yes") {
						if ($this->send_confirmation($user_id)) {
							$this->the_msg .= "<br>...a confirmation mail is send to the user.";
						} else {
							$this->the_msg .= "<br>...ERROR no confirmation mail is send to the user.";
						}
					}

Posted: Thu Sep 29, 2005 10:54 am
by shiznatix
try this

Code: Select all

function update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no") {
        $this->user_found = true;
        $this->user_access_level = $new_level;
        if ($def_pass != "" && strlen($def_pass) < 4) {
            $this->the_msg = "Password is to short use the min. of 4 chars.";
        } else {
            if ($this->check_email($new_email)) {
                echo 'Made It To Step A!<br>';
                $table = $this->table_name;
                $pass = md5($def_pass);
                $sql = '
                UPDATE
                '.$table.'
                SET
                access_level = "'.$new_level.'",
                email = "'.$new_email.'",
                active = "'.$active.'"
                password = "'.$pass.'"
                WHERE
                id = "'.$user_id.'"
                ';

                $result = mysql_query($sql) or die(mysql_error());

                echo 'MADE IT TO STEP B<br>';
                if ($result) {
                    $this->the_msg = "Data is modified for user with id#<b>".$user_id."</b>";
                    if ($confirmation == "yes") {
                        if ($this->send_confirmation($user_id)) {
                            $this->the_msg .= "<br>...a confirmation mail is send to the user.";
                        } else {
                            $this->the_msg .= "<br>...ERROR no confirmation mail is send to the user.";
                        }
                    }
you should be able to get a Made It To Step A then a MADE IT TO STEP B. if you get those then there is somthing else wrong, otherwise we have narrowed the problem down.

Posted: Thu Sep 29, 2005 10:56 am
by cnl83
Made It To Step A!
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'password = "047c388f57f5ee5b76c2dca27bdb7dd8"

Didnt see step B

Posted: Thu Sep 29, 2005 11:09 am
by shiznatix
haha sorry my bad, change the $sql stuff to this

Code: Select all

$sql = '
                UPDATE
                '.$table.'
                SET
                access_level = "'.$new_level.'",
                email = "'.$new_email.'",
                active = "'.$active.'",
                password = "'.$pass.'"
                WHERE
                id = "'.$user_id.'"
                ';
edit: note the comma at the end of the active line

Posted: Thu Sep 29, 2005 11:18 am
by cnl83
Made It To Step A!
Unknown column 'password' in 'field list'


Now note that the column password's name is actually pw.
I changed that, and it worked fine.

Now I just have to remove the step A, and B notes..

Thanks for your help.

Posted: Thu Sep 29, 2005 11:20 am
by cnl83
Done!

Thanks a million..

How did you get so good at php? I have read my book 2 times already, and still Im a noob.

Posted: Thu Sep 29, 2005 11:36 am
by Charles256
real worl experience and lots of cussing worked for me..but that's just me:)

Posted: Thu Sep 29, 2005 11:37 am
by cnl83
Well, I got the cussing down...lol

Posted: Thu Sep 29, 2005 12:17 pm
by cnl83
I found a problem...
If I update the access level, and dont change the password, it changes the password. Obviously to blank or something. I cant login with that account anymore cause I dont know the password. I have to go back in and reassign the password.

I guess if we would call the password into the field, that when I update it, it would not change.

Posted: Thu Sep 29, 2005 12:33 pm
by shiznatix
good thinking. try that and you should be good. this code that you downloaded seams to be slightly poorly written, well at least i don't like the way it was done.

how did i get good at php? ha, im not good at php, im just drunk :lol:

Posted: Thu Sep 29, 2005 12:58 pm
by cnl83
Ah...it would have worked, but!, but! :(

it is encoded or something in the database, I went back and looked at the db and the password instead of being

test it looks like f4as5df56as4df65a4sdf

Im sure its that way because of the class file, or do you think its something I can change in the database?

EDITED
I checked the database, and deffinitely nothing to scramble

perhaps this..

Code: Select all

$cookie_str = $this->user.chr(31).base64_encode($this->user_pw);
		setcookie($this->cookie_name, $cookie_str, $expire, $this->cookie_path);

function login_reader() {
		if (isset($_COOKIE[$this->cookie_name])) {
			$cookie_parts = explode(chr(31), $_COOKIE[$this->cookie_name]);
			$this->user = $cookie_parts[0];
			$this->user_pw = base64_decode($cookie_parts[1]);
			$this->is_cookie = true;
		}			 
	}