There must be some problem with the way I have my code logically set up. It will make it to the 2nd step but then it will go back to the main email confirmation page.
Code: Select all
<?php
include('common.php');
include('db.php');
session_start();
session_register('umail');
session_register('password');
session_register('pwd1');
session_register('pwd2');
if(!isset($_POST['email']) && !isset($_POST['password']))
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"BLOCKED URL">
<html>
<head> This is a test of my patience</head>
<meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
Email: <input type="text" name="email" size="8" />
password:<input type="password" name="password" size="8" />
<input type ="submit" name ="submit" value ="submit" />
</form>
</body>
</html>
<? exit;
}
else
{
$umail = $_SESSION['umail'] = $_POST['email'];
$password = $_SESSION['password'] = $_POST['password'];
dbConnect("web2");
$sql ="SELECT * FROM `user` WHERE email ='$umail'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if(!$result)
error('Contact DB admin');
if($result='')
error('not in db');
if($_SESSION['umail'] != $row['email'] && $_SESSION['password'] != $row['password'])
error('Wrong email or password');
}
if(!isset($_POST['pwd1']) && !isset($_POST['pwd2']))
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"BLOCKED URL">
<html>
<head> This is a test of my patience</head>
<meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
password: <input type="text" name="pwd1" size="8" />
password confirmation:<input type="password" name="pwd2" size="8" />
<input type ="submit" name ="submit" value ="submit" />
</form>
</body>
</html>
<?
}
else
{
$pwd1 = $_SESSION['pwd1'] = $_POST['pwd1'];
$pwd2 = $_SESSION['pwd2'] = $_POST['pwd2'];
if($_SESSiON['pwd1'] == $_SESSION['pwd2'])
{
dbConnect("web2");
mysql_query("UPDATE user SET password ='$pwd1'
WHERE email ='$umail'");
$sql="SELECT * FROM 'user' WHERE email='$umail'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if($_SESSION['pwd1'] != $row['password'])
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"(BLOCKED URl">
<html>
<head> This is a test of my patience</head>
<meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
password: <input type="text" name="pwd1" size="8" />
password confirmation:<input type="password" name="pwd2" size="8" />
<input type ="submit" name ="submit" value ="submit" />
</form>
</body>
</html>
<?
}
else
{
error(' the man');
session_unset();
session_destroy();
}
}
}
?>