Solved

PHP Change password script issue

Posted on 2007-12-05
7
7,551 Views
Last Modified: 2012-05-05
Hi all,

i am working on a Password change script for my site. The below script works a treat all except for one thing. If a user enters an email address thats not in the database the script errors.

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in /home/user/public_html/sr_Change_Password_Script.php on line 39

As i said other than this issue the script works.

I have a page with a form that passes the POST data to this script.

The script seems to have a problem when the $result doesnt get any data. At least thats what i think based on there error

Hope you can help


<?php  
 
session_start(); 
 
include 'Connections/EE_con.php';  
 
 
 
$useremail = $_POST['user_email']; 
$password = $_POST['cur_password']; 
$newpassword = $_POST['new_password']; 
$confirmnewpassword = $_POST['con_password']; 
 
if(!$useremail){
$message = "You have not entered an email address";
header("Location: sr_Change_Password.php?message=$message");
exit();
}
else{
////////////////////////////////
 
mysql_select_db($database_EE_con, $EE_con);
     $query_rstUser = sprintf("SELECT user_password FROM users WHERE user_email='$useremail'");
         
     $result = mysql_query($query_rstUser, $EE_con) or die(mysql_error());
     $row_rstUser = mysql_fetch_assoc($result);
 
 
///////////////////////////////////////
 
if(!$result)  
{  
$message = "The username you entered does not exist";
	header("Location: sr_Change_Password.php?message=$message");
	exit();
}else
if(sha1($password)!= mysql_result($result, 0))  
{  
//echo "You entered an incorrect password";  
$message = "You entered an incorrect password";
	header("Location: sr_Change_Password.php?message=$message");
	exit();
 
}  
 
if(!$newpassword){
 
$message = "You must enter a password";
header("Location: sr_Change_Password.php?message=$message");
}
 
if($newpassword == $confirmnewpassword)  
    $sql=mysql_query("UPDATE users SET user_password='".sha1($newpassword)."' where user_email='$useremail'");  
    if($sql)  
    {  
    //echo "Congratulations You have successfully changed your password";  
	$message = "Congratulations You have successfully changed your password";
	header("Location: sr_Change_Password.php?message=$message");
exit();
    } 
else 
{  
//echo "The new password and confirm new password fields must be the same";
$message = "The new password and confirm new password fields must be the same";
	header("Location: sr_Change_Password.php?message=$message");
exit();
}   
}
 
?>

Open in new window

0
Comment
Question by:satmanuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 6

Accepted Solution

by:
CasUK earned 500 total points
ID: 20411349
Change line 31:

if (mysql_num_rows($result) == 0){

0
 
LVL 17

Expert Comment

by:nplib
ID: 20411966
mysql_result($result, 0) this needs another paramter,
mysql_result($result, 0, "user_password");
the mysql_result() function works as follows,

mysql_result(query_results, row_number, field);

row_number begins at 0.
0
 
LVL 17

Expert Comment

by:nplib
ID: 20411988
however since you did this,
$row_rstUser = mysql_fetch_assoc($result);

you could replace your mysql_result() function with
$row_rstUser['user_password']

so this
if(sha1($password)!= mysql_result($result, 0, "user_password"))
or
if(sha1($password)!= $row_rstUser['user_password'])

should work
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 1

Author Comment

by:satmanuk
ID: 20412865
I tried what you said nplib but i still get the same error.

CasUK - Yours worked.

Thanks!
0
 
LVL 1

Author Closing Comment

by:satmanuk
ID: 31412840
thanks
0
 
LVL 17

Expert Comment

by:nplib
ID: 20412890
how can if(sha1($password)!= $row_rstUser['user_password']) give the same error when it's not invoking the mysql_results() function?
0
 
LVL 1

Author Comment

by:satmanuk
ID: 20413027
may be not the same error on both of your suggestions but both error'd
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses how to implement server side field validation and display customized error messages to the client.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question