blank page. Sql doesn't work?

[gilgalbiblewhee]

I'm trying to write a "send password" code to email. But something's wrong in the sql that it leaves the page blank:

PHP Code:

<?php
$time = set_time_limit(30);
include("includefiles/dbconnection.php");

$sql = "SELECT * FROM ".$dbTable." WHERE email='".$_GET['youremail']."'";
echo $sql;    


$result = mysql_query($sql) OR exit( 'Error: ' . mysql_error() );
    
while($row = mysql_fetch_array($result)){
        $ID[] = $row["ID"];
        $username[] = $row["username"];
        $password[] = md5_file($row["password"]);
        $program[] = $row["program"];
        $fname[] = $row["fname"];
        $lname[] = $row["lname"];
        $email[] = $row["email"];
    
    echo $password[0];
}else{
    echo "Your email cannot be found!";
}

mysql_close($con);

$my_email = $_GET['youremail'];

$continue = "/thewheelofgod/twotexts/";
$errors = array();


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php echo "<meta http-equiv='Refresh' content='".$time."; url=".$continue."' />";
//echo $time;
?>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Inserting The Data In The Tables</title>
</head>
<body>

</body>
</html>

http://www.gbgrafix.com/sendpassword.rar
The one with no sql works fine.

[SambaNeko]

Well at least one problem may be that you have an "else" paired with a "while".

[kows]

as I said in the message you sent me about this exact same problem, you have a ton of things going on here that should not be. from just a quick glance:

• you're using set_time_limit() wrong -- it does not do what you think it does
• you're defining what should be regular variables as arrays for some reason
• as Samba said, you're pairing an ELSE with a WHILE.
• you're redirecting using HTML rather than a header

while the first two are just weird things to do, the third will cause a fatal error.

this is not just an issue of "it used to work and now it doesn't" -- you have written a bunch of code that doesn't even make any sense. not only does it not make sense, but you've probably not opened the PHP documentation even once to help you out with the functions you're trying to use. you should invest in a book on PHP, and possibly a programming/logic book.

[gilgalbiblewhee]

as I said in the message you sent me about this exact same problem, you have a ton of things going on here that should not be. from just a quick glance:

• you're using set_time_limit() wrong -- it does not do what you think it does
• you're defining what should be regular variables as arrays for some reason
• as Samba said, you're pairing an ELSE with a WHILE.
• you're redirecting using HTML rather than a header

while the first two are just weird things to do, the third will cause a fatal error.

this is not just an issue of "it used to work and now it doesn't" -- you have written a bunch of code that doesn't even make any sense. not only does it not make sense, but you've probably not opened the PHP documentation even once to help you out with the functions you're trying to use. you should invest in a book on PHP, and possibly a programming/logic book.

Ok Thanks

PHP Code:

<?php
//$time = set_time_limit(30);
include("includefiles/dbconnection.php");

$sql = "SELECT * FROM ".$dbTable." WHERE email='".$_GET['youremail']."'";
echo $sql;    


$result = mysql_query($sql) OR exit( 'Error: ' . mysql_error() );
    
while($row = mysql_fetch_array($result)){
        $ID[] = $row["ID"];
        $username[] = $row["username"];
        $password[] = md5_file($row["password"]);
        $program[] = $row["program"];
        $fname[] = $row["fname"];
        $lname[] = $row["lname"];
        $email[] = $row["email"];
}    

mysql_close($con);

$my_email = $_GET['youremail'];

$baseURL = "/thewheelofgod/twotexts/";
$errors = array();


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php //echo "<meta http-equiv='Refresh' content='".$time."; url=".$continue."' />";
//echo $time;
?>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Searching your email</title>
</head>
<body>
<?php 
    echo $username[0]." hi";
    echo $password[0]." hi";
//else{
//    echo "Your email cannot be found!";
//}

?>
</body>
</html>
<?php 
//header("Location: " . $baseURL);
?>

After the echo $sql; it's not printing anything. I'm wondering if this is right:
md5_file($row["password"]);

[kows]

have you looked at the documentation for md5_file()?

if you're confused about a function, open a browser window and type: php.net/function_name -- it'll bring you straight to the documentation for it.

[gilgalbiblewhee]

have you looked at the documentation for md5_file()?

if you're confused about a function, open a browser window and type: php.net/function_name -- it'll bring you straight to the documentation for it.

That's where I got it from. I was hoping that it would decrypt the password.

[TheBigB]

The problem is that you are trying to get database values associatively while you retrieved them into a numerical indexed array.
Try using mysql_fetch_assoc().

[techgnome]

OK... so I'm assuming that the echo $sql; is working fine, correct? that it is printing that much out.

OK.

Next thing is to READ the documentation for md5_file(). Which states

Calculates the MD5 hash of the file specified

I stressed the important part, which is the first half of the first sentence. FILE... not string... that is why the function is md5_file()as opposed to md5(), which takes a string and hashes it. However, it fails to do one thing - it doesn't undo the hash.

And that's where you are going to have a problem. MD5 is a hashing algorithm.... NOT an encryption algorithm. That means it is one-way. That's why people use it for passwords. Because once you've hashed the password value, it can't be undone. There isn't a way to retrieve the password. All you can do is reset it.

-tg

[kows]

The problem is that you are trying to get database values associatively while you retrieved them into a numerical indexed array.
Try using mysql_fetch_assoc().

that's not true. mysql_fetch_array() fetches both numeric and string keys. while it's still better to use mysql_fetch_assoc() (because then you're not putting extra data into your array on every loop), that isn't his problem.

[gilgalbiblewhee]

that's not true. mysql_fetch_array() fetches both numeric and string keys. while it's still better to use mysql_fetch_assoc() (because then you're not putting extra data into your array on every loop), that isn't his problem.

Ok. Good thing for Apache and my mistake for not testing it on the personal server and uploading and testing it. The error shows:
Fatal error: [] operator not supported for strings.

My intention for this page was to figure out how to decrypt the password and send it by email. So decrypting is most important question for this page.

As for the $sql, problem solved I had to declare it as an array();

[kows]

you cannot decrypt MD5. MD5 is a hashing function that provides one-way encryption.

proper password recovery forms reset the password to a random string, and then email that string to the user.

[gilgalbiblewhee]

you cannot decrypt MD5. MD5 is a hashing function that provides one-way encryption.

proper password recovery forms reset the password to a random string, and then email that string to the user.

Ok. So then my logic is I need to remove the md5() from the registration.php page right?

[kows]

no, you shouldn't be storing plain-text passwords.

you need to create a function that generates a new, random password, and then your password recovery form updates the database with this new password, and also emails a copy of the new password to the account holder.

order of doing things:

• generate new, random password: newPassword
• store md5(newPassword) in database
• email newPassword to user's email

[gilgalbiblewhee]

no, you shouldn't be storing plain-text passwords.

you need to create a function that generates a new, random password, and then your password recovery form updates the database with this new password, and also emails a copy of the new password to the account holder.

order of doing things:

• generate new, random password: newPassword
• store md5(newPassword) in database
• email newPassword to user's email

What do you mean by random?
First - the page with the email. The user puts his email to receive a notification or a link? (I've seen websites who simply send you the forgotten password, which for me would be a lot simpler).

But if I send the link for an password update does the link have to be encrypted?

[techgnome]

"First - the page with the email. The user puts his email to receive a notification or a link? (I've seen websites who simply send you the forgotten password, which for me would be a lot simpler)." -- Yes... some sites do that. That's because they store their passwords in plain text in the database. Or they are using a true encryption that can go both ways...

"What do you mean by random?" - random... you know "DHDGKJW" .. random... as in some random text that you generate, hash, store the hash in the database, then email them the random text you generated.

-tg

[gilgalbiblewhee]

"First - the page with the email. The user puts his email to receive a notification or a link? (I've seen websites who simply send you the forgotten password, which for me would be a lot simpler)." -- Yes... some sites do that. That's because they store their passwords in plain text in the database. Or they are using a true encryption that can go both ways...

"What do you mean by random?" - random... you know "DHDGKJW" .. random... as in some random text that you generate, hash, store the hash in the database, then email them the random text you generated.

-tg

Hmmm...well I DO want a secure login...

[techgnome]

Then you can't retrieve the passwords. But you can do a password reset.

-tg

[gilgalbiblewhee]

Then you can't retrieve the passwords. But you can do a password reset.

-tg

Here's an example:
?k=0CF65A69-FCB0-0067-11B8092C2D443673&loc=en_us
From a url sent to me. How am I supposed to figure out all these numbers? Or let me rephrase it. If I'm going to send an email to reset the numbers what url am I going to send?