using session array input to sql database
Posted: Wed Oct 27, 2010 3:38 pm
I am trying to create a website that after you receive an email you have to use the email address and password to confirm account. Then the next page allows you to change your password. I want to save the users email from the first page and use it in the SQL statement in the second page to locate the user in the DB and update the data.
There must be some problem with the way I have my code logically set up. It will make it to the 2nd step but then it will go back to the main email confirmation page.
There must be some problem with the way I have my code logically set up. It will make it to the 2nd step but then it will go back to the main email confirmation page.
Code: Select all
<?php
include('common.php');
include('db.php');
session_start();
session_register('umail');
session_register('password');
session_register('pwd1');
session_register('pwd2');
if(!isset($_POST['email']) && !isset($_POST['password']))
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"BLOCKED URL">
<html>
<head> This is a test of my patience</head>
<meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
Email: <input type="text" name="email" size="8" />
password:<input type="password" name="password" size="8" />
<input type ="submit" name ="submit" value ="submit" />
</form>
</body>
</html>
<? exit;
}
else
{
$umail = $_SESSION['umail'] = $_POST['email'];
$password = $_SESSION['password'] = $_POST['password'];
dbConnect("web2");
$sql ="SELECT * FROM `user` WHERE email ='$umail'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if(!$result)
error('Contact DB admin');
if($result='')
error('not in db');
if($_SESSION['umail'] != $row['email'] && $_SESSION['password'] != $row['password'])
error('Wrong email or password');
}
if(!isset($_POST['pwd1']) && !isset($_POST['pwd2']))
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"BLOCKED URL">
<html>
<head> This is a test of my patience</head>
<meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
password: <input type="text" name="pwd1" size="8" />
password confirmation:<input type="password" name="pwd2" size="8" />
<input type ="submit" name ="submit" value ="submit" />
</form>
</body>
</html>
<?
}
else
{
$pwd1 = $_SESSION['pwd1'] = $_POST['pwd1'];
$pwd2 = $_SESSION['pwd2'] = $_POST['pwd2'];
if($_SESSiON['pwd1'] == $_SESSION['pwd2'])
{
dbConnect("web2");
mysql_query("UPDATE user SET password ='$pwd1'
WHERE email ='$umail'");
$sql="SELECT * FROM 'user' WHERE email='$umail'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if($_SESSION['pwd1'] != $row['password'])
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"(BLOCKED URl">
<html>
<head> This is a test of my patience</head>
<meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/>
</head>
<body>
<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
password: <input type="text" name="pwd1" size="8" />
password confirmation:<input type="password" name="pwd2" size="8" />
<input type ="submit" name ="submit" value ="submit" />
</form>
</body>
</html>
<?
}
else
{
error(' the man');
session_unset();
session_destroy();
}
}
}
?>