md5 problem

elle_girl

I have problem in this coding

<?php

if($HTTP_POST_VAST['command']=='forgot'&&strlen($_POST['email'] <=50)) {

// handle submission. this is s one-time only form
// so there will be no problems with handling errors.

require_once ('./mysql_connect.php');

$an =addslashes($_POST['account_no']);
$query = "SELECT * FROM customer_bank where account_no = '$an'";
$result = mysql_query($query);
$an =mysql_num_rows($result);

if ($an == 1) {
//general random password
$alphanum =  array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K,','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','1','2','3','4','5','6','7','8','9','0');
$chars = sizeof ($alphanum);
$a = time();
mt_srand($a);
for ($i=0; $i < 6; $i++) {
	$randnum = intval (mt_rand(0,56));
	$token .= $alphanum[$randnum];
}
//one-way encrypt it
$crypt_pass = md5($token);

//put the temp password in the db
$query1 = "UPDATE customer_bank SET token = '$crypt_pass' where account_no = '$an'";
$result1 = mysql_query($query1) or die('cannot complete update');

// DISPLAY THE TOKEN
$msg = <<< EOMSG

you recently requested that we send you a token for Example.com.Your token is:

$token

EOMSG;

//redirect to login
header("Location: login.php");
} else {
//the email address isn't good,they lose.
}

}

//---------------------------------------------------------------
// display the form nicely
//---------------------------------------------------------------

//superglobal arrays don't work in heredoc

$php_self = $_SERVER['PHP_SELF'];

$form_str = <<< EOFORMSTR
<HTML>
<HEAD>
<STYLE TYPE= "text/css">
<!--
BODY, P {color:black; font-family: verdana; font-size: 10 pt}
H1 {color:black; font-family: arial; font-size: 12 pt}

-->
</STYLE>
</HEAD>

<BODY>
<TABLE BORDER=0 CELLPADDING=10 WIDTH=100%>
<TR>
<TD BGCOLOR="#F0F8FF" ALIGN=CENTER VALIGN=TOP WIDTH=150>
</TD>
<TD BGCOLOR="#FFFFFF" ALIGN=LEFT VALIGN=TOP WIDTH=83%>
<H1> Request New Token </H1>
<p><b>Request your token? </b> Don't worry simply enter account number below, and we will provide you your new token.<br><i>Please use account number you provided when you registered.</a>.</i></p>

<form action="$php_self" method="post">
Account Number: <input type="text" name="account number"><br />
<br /><br />

</TD>
</TR>
</TABLE>

</BODY>
</HTML>
EOFORMSTR;

echo $form_str;

It appear like this
Error:
Notice: Undefined variable: HTTP_POST_VAST in C:\Program Files\Apache Group\Apache2\htdocs\token.php on line 5

It also appear the suppose design but when i try 2 enter the data. It cannot update at the database. Can someone outthere help me on this coding. I really need help right now!

laserlight

$HTTP_POST_VAST should be $HTTP_POST_VARS, or rather $_POST, as is its current, modern form (which you also used).

elle_girl

<?php

if($_POST['account_no'] <=50) {

// handle submission. this is s one-time only form
// so there will be no problems with handling errors.

require_once ('./mysql_connect.php');

$an =addslashes($_POST['account_no']);
$query = "SELECT * FROM customer_bank where account_no = '$an'";
$result = mysql_query($query);
$token =mysql_num_rows($result);

if ($token == 1) {
//general random password
$alphanum =  array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K,','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','1','2','3','4','5','6','7','8','9','0');
$chars = sizeof ($alphanum);
$a = time();
mt_srand($a);
for ($i=0; $i < 6; $i++) {
	$randnum = intval (mt_rand(0,56));
	$token .= $alphanum[$randnum];
}
//one-way encrypt it
$crypt_pass = md5($token);

//put the temp password in the db
$query1 = "UPDATE customer_bank SET token = '$crypt_pass' where account_no = '$an'";
$result1 = mysql_query($query1) or die('cannot complete update');

// DISPLAY THE TOKEN
$msg = <<< EOMSG

you recently requested that we send you a token for Example.com.Your token is:

$token

EOMSG;

//redirect to login
header("Location: login.php");
} else {
//the email address isn't good,they lose.
}

}

//---------------------------------------------------------------
// display the form nicely
//---------------------------------------------------------------

//superglobal arrays don't work in heredoc

$php_self = $_SERVER['PHP_SELF'];

$form_str = <<< EOFORMSTR
<HTML>
<HEAD>
<STYLE TYPE= "text/css">
<!--
BODY, P {color:black; font-family: verdana; font-size: 10 pt}
H1 {color:black; font-family: arial; font-size: 12 pt}

-->
</STYLE>
</HEAD>

<form action="$php_self" method="post">
Account Number: <input type="text" name="account number"><br />
<br /><br />

</TD>
</TR>
</TABLE>

</BODY>
</HTML>
EOFORMSTR;

echo $form_str;

I already change the script but still occur problem such as
Notice: Undefined index: account_no in C:\Program Files\Apache Group\Apache2\htdocs\token.php on line 5

Notice: Undefined index: account_no in C:\Program Files\Apache Group\Apache2\htdocs\token.php on line 12

How to solve it?

laserlight

The undefined index problems occur because you have not checked if the particular variables exist at that point.

It isnt so much a case of undefined index, but a case of undefined variable, where the variable just happens to be an element of the $_POST array.

To check, use [man]isset/man or [man]empty/man, depending on your exact needs.