Weird issue PASSWORD RESET!

this is what it shows:::::::::::::;

array (size=0)
empty

empty does not equal false.

Change your check to:

if (sizeof($check) === 0)

wow, you’re a genius! at least and at last my pass.php page seems to be working fine!!!1 it printed an error whne i entered a wrong security question, and when i entered a right security question, it proceeded to the reset.php page… my heart is beating faster now!! :slight_smile: the last hurdle, is the reset.php page, when i enter different passwords in the confiramtion field , nothing happens, and even when both paasswords are same, it still doesnt proceed but stays on the same page…

Okay, I can explain the latter of your problem, I still can’t explain the first part (yet).

So let’s start with the latter, when the passwords are the same. Here is your existing code:

<?php
  
        // display errors, warnings, and notices
    ini_set("display_errors", true);
    error_reporting(E_ALL);
  // configuration
    require("../includes/constants.php"); 
    require("../includes/functions.php");

    // if form was submitted
   if(isset($_POST["submit"]))
    {
    
         if (empty($_POST["password"]))
        apologize("Please enter password.");
        
        
        if ($_POST["password"] != $_POST["confirmation"])
        apologize("Passwords do not match!");
        
        
        $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $_SESSION["resetmemberid"]));
        unset($_SESSION["resetmemberid"]);  
        
        
        if($result===false)
        {
        apologize("Could not register. Please retry.");
        }
        else
          {
          
          $rows = query("SELECT id FROM users WHERE hash = ?", crypt($_POST["password"]));
          $id = $rows[0]["id"];
          
          // remember that user's now logged in by storing user's ID in session
          $_SESSION["id"]= $rows[0]["id"];
          // redirect to portfolio
          redirect("index.php");
         
        }
        
       }
           
    
    else
    {
        // else render form
        render("reset_form.php", ["title" => "Register"]);
    }
    
?>

I want to draw focus on

        $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $_SESSION["resetmemberid"]));

Look at your number of arguments, you are missing one. I believe you meant to use

        $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"], $_SESSION["resetmemberid"]), $_SESSION["resetmemberid"]);

However, if you are not using a salt with [fphp]crypt[/fphp], then you’ll want to use:

        $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"]), $_SESSION["resetmemberid"]);

ooops, i never saw that, i indeed meant to use this…

$result = query(“UPDATE users SET hash = ? WHERE id = ?”, crypt($_POST[“password”]), $_SESSION[“resetmemberid”]);

sad to say, it still remains same… :frowning: when i enter two same passwords, nothing happens…

Added var_dump

        $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"]), $_SESSION["resetmemberid"]);
        unset($_SESSION["resetmemberid"]); 
var_dump($result);

My guess is you get back an empty array, as by default UPDATE queries return nothing, but usually you can get the affected rows and check against that (not sure how to get that info from the framework you seem to be using though)

i tried that, even with die() after, but it still remains the same… just keeps on showing reset.php again and again… i’ve been stuck on this thing for almost 3 days now… and now i’ve dragged you too into it… :frowning:

What was the output, was it the same as before empty?

yeah, empty…

Okay, let’s figure out what’s going on.

<?php
  
        // display errors, warnings, and notices
    ini_set("display_errors", true);
    error_reporting(E_ALL);
  // configuration
    require("../includes/constants.php"); 
    require("../includes/functions.php");

var_dump($_POST); // ADDED THIS LINE

    // if form was submitted
   if(isset($_POST["submit"]))
    {
    
         if (empty($_POST["password"]))
        apologize("Please enter password.");
        
        
        if ($_POST["password"] != $_POST["confirmation"])
        apologize("Passwords do not match!");
        
        
        $result = query("UPDATE users SET hash = ? WHERE id = ?", crypt($_POST["password"]), $_SESSION["resetmemberid"]);
        $id = $_SESSION['resetmemberid']; // ADDED THIS LINE
        unset($_SESSION["resetmemberid"]);  
        
var_dump($result); // ADDED THIS LINE
        
        if($result===false)
        {
        apologize("Could not register. Please retry.");
        }
        else
          {
  
// Commented out the below two lines        
//          $rows = query("SELECT id FROM users WHERE hash = ?", crypt($_POST["password"]));
//          $id = $rows[0]["id"];
          
          // remember that user's now logged in by storing user's ID in session
          $_SESSION["id"]= $id; // $rows[0]["id"]; // CHANGED THIS LINE
          // redirect to portfolio
          //redirect("index.php"); // COMMENTED OUT THIS LINE FOR NOW
         
        }
         die(); // ADDED THIS LINE FOR NOW
       }
           
    
    else
    {
        // else render form
        render("reset_form.php", ["title" => "Register"]);
    }
    
?>

this is what i got…

array (size=2)
‘password’ => string ‘jay’ (length=3)
‘confirmation’ => string ‘jay’ (length=3)

in addition to the displayed page reset.php

Interesting, how is the form being submitted? As there isn’t an entry for $_POST[“submit”], so the following condition is never executed:

if(isset($_POST["submit"]))

i wish i had your eyes…you really are a guru… how did you find that error using just those array statements from var dump???

it works perfectly now, password is reset. :slight_smile: but one last glitch,a very minor one, i expected it to redirect to index.php as per the line

// redirect to portfolio
redirect(“index.php”);

but it goes to the login page instead, any ideas??

Glad you asked :slight_smile: If you look at your output

array (size=2)
'password' => string 'jay' (length=3)
'confirmation' => string 'jay' (length=3)

First understand we asked it to dump the values found in $_POST. The dump is only listing two values, password and confirmation. Since it isn’t listing submit, we know that $_POST is not receiving that value, therefore, the isset check could never work.

Can you post the code found in your index.php page?

hi, sorry for the late reply, it was actually around 2 am in my part of the world yesterday night, or should i say today morning… this is my code for index.php


<?php

    // configuration
    require("../includes/config.php"); 
    
    //defining positions
    
 
    
    $cash = query ("SELECT cash FROM users WHERE id = ?", $_SESSION["id"]);
       
    $positions = [];
    $rows = query ("SELECT symbol, shares FROM portfolio WHERE id = ?", $_SESSION["id"]);
    foreach ($rows as $row)
    {
       $stock = lookup($row["symbol"]);
       if ($stock !== false)
       {
        $positions[]=  [
        "name" => $stock["name"], 
        "price" => $stock["price"], 
        "shares" => $row["shares"], 
        "symbol" => $row["symbol"]
        ];
        
       }
       
   }
 
    // render portfolio
    render("portfolio.php", ["positions" => $positions, "title" => "Portfolio", "cash" => $cash]);

?>


and portfolio.php basically prints all the values in $positions in a table… may be this will interest you too,the following is my config.php file included on top…


<?php


    // display errors, warnings, and notices
    ini_set("display_errors", true);
    error_reporting(E_ALL);

    // requirements
    require("constants.php");
    require("functions.php");

    // enable sessions
    session_start();

    // require authentication for most pages
    if (!preg_match("{(?:login|logout|register)\\.php$}", $_SERVER["PHP_SELF"]))
    {
        if (empty($_SESSION["id"]))
        {
            redirect("login.php");
        }
    }

?>


thank you so much, for everything… there are very few people out there who do what you’ve done, sharing knowledge and time… :slight_smile:

Okay, so from your code, we can deduce that the login.php is only shown when not visiting the login, logout, or register pages and when $_SESSION[‘id’] is empty. You could be looking at two possible problems, 1) reset.php isn’t setting $_SESSION[‘id’] properly with a value, or 2) Your ID is 0, which [fphp]empty/fphp treats as well … empty

So first we need to figure out which case it is, so inside your portfolio.php file, put the following below session_start();

var_dump($_SESSION); die();

If you see size 1 and the name of id with a value of 0, then we need to update your if statement using the following:

        if (strlen($_SESSION['id']) === 0 || !is_int($_SESSION['id']))
        {
            redirect("login.php");
        }

If you see size 0 and empty, then we need to figure out why reset.php didn’t set the ID properly, and I’ll need to see your updated reset.php code to do that.

“”“”“so inside your portfolio.php file, put the following below session_start();”“”… sorry, where you meaning inside my index.php file (whose template is portfolio.php)??

  1. and “below session_start()”" that code is actually in my config.php file which i’ve included atop of my code of index.php thus

// configuration
require(“…/includes/config.php”);
should i change that inside the config.php file?? if i do that, won’t it affect my other pages in which i have included that config.php file/???and in fact there are many such pages…

  1. i tried copying the code in config.php instead of the include config.php statement on top of index.php, and tried adding var_dump($_SESSION); die(); where you specified, but it yells a bunch of errors when i run index.php such as… Warning: require(constants.php): failed to open stream: No such file or directory and

Fatal error: require(): Failed opening required ‘constants.php’ (include_path=‘.:/usr/share/pear:/usr/share/php’) both of which point to the boldened line in my code below…(what i currently have ofor index.php…

<?php

    
    
    
    // display errors, warnings, and notices
    ini_set("display_errors", true);
    error_reporting(E_ALL);

    // requirements
    require("constants.php");          //////// THIS LINE IS THE ONE IT POINTS TO IN THE ERROR MESSAGE PRINTED OUT...
    require("functions.php");
var_dump($_SESSION); die();  
    // enable sessions
    session_start();

    // require authentication for most pages
    if (!preg_match("{(?:login|logout|register)\\.php$}", $_SERVER["PHP_SELF"]))
    {
        if (empty($_SESSION["id"]))
        {
            redirect("login.php");
        }
    }

 
    
    $cash = query ("SELECT cash FROM users WHERE id = ?", $_SESSION["id"]);
     //defining positions  
    $positions = [];
    $rows = query ("SELECT symbol, shares FROM portfolio WHERE id = ?", $_SESSION["id"]);
    foreach ($rows as $row)
    {
       $stock = lookup($row["symbol"]);
       if ($stock !== false)
       {
        $positions[]=  [
        "name" => $stock["name"], 
        "price" => $stock["price"], 
        "shares" => $row["shares"], 
        "symbol" => $row["symbol"]
        ];
        
       }
       
   }
 
    // render portfolio
    render("portfolio.php", ["positions" => $positions, "title" => "Portfolio", "cash" => $cash]);

?> 

Sorry, mis-read your prior post, confused config.php with portfolio.php

Make sure you put the var_dump and die command AFTER session_start(); otherwise, the session data isn’t created and you will get NULL/Empty.

Not sure why require(“constants.php”) would all of a sudden not be accessible … (the file does exist right?) Make sure you are calling your pages like you typically do, do not try and call config.php from the browser (instead call index.php or something similar).

i tried adding the var _dump command after session start, but it stll remains the same…same errors… from the same line related to constants.php… and that file to exists…