Submit Button not working... need new eyes?

jjfletch

Hi there,

The submit button in my script isn't working, and I can't figure out why.... Hoping new eyes will help out?


<?php

require_once ('../../files/config.inc');

$page_title = 'Forgot Your Password';
include_once ('header.html');
include ('registerfunc.php');

define("ROOT_DIR","/home/virtual/abcabcabcabc.com/var/www/html/");

if (isset($_POST['submit'])) {

    require_once ('../../files/mysql_connect.php');

    if (empty($_POST['username'])) {
            $u = FALSE;
            echo '<p><font color="red" size="1">You forgot to enter your username</font></p>';

    } else {

            $u = escape_data($_POST['username']);

            //Check for the existence of that username

            $query="SELECT UserID, UserEmail FROM users where username='$u'";
            $result = @mysql_query ($query);
            $row = mysql_fetch_array ($result, MYSQL_NUM);

            if ($row) {
                    $uid = $row[0];
                    $email = $row[1];
            } else {

                    echo '<p><font color="red" size="1">The submitted username does not match those on file!</font></p>';
                    $u = FALSE;
            }
    }

    //If everything is OK

    if ($u) {

            //Create a new random password
            $p = substr(md5(uniqid(rand(),1)),3,10);



            //Make the query
            $query = "UPDATE users SET password=PASSWORD('$p') WHERE user_id=$uid";
            $result = @mysql_query ($query); 

            if (mysql_affected_rows() == 1) {

                    addpasswd(ROOT_DIR.$u."/admin/", $u, $u, $p);

                    $body = "Your password to log into abcabcabcabc.com has been temporarily changed to '$p'.  Please login using this password and your 
                            username.  At that time you may change your password to something more familiar.";

                    mail ($email, 'Your temporary password', $body, 'From: [email]admin@abcabcabcabc.com[/email]');

                    echo '<h3>Your password has been changed. You will receive the new, temporary password at the email address with which you registered. Once you hav
e 
                                logged in with this password, you may change it by clicking on the "Change Password" link.</h3>';

                    include('footer.html');

                    exit();

            } else {

                    $message = '<p><font color="red" size="1">Your password could not be changed due to a system error.</font></p>';
            }

            mysql_close();

            } else {
            echo '<p><font color="red" size="1">Please try again.</font></p>';
            }
}

?>

<h1>Reset your password</h1>
<p>Enter your username below and your password will be reset.</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<p><b>User Name:</b>
<input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"></p>
</fieldset>
<div align="center">
<input type="submit" name="submit" value="Reset My Password"></div>
</form>

<?php
include ('footer.html');
?>

thorpe

nothing wrong with your submit button code. how do you know its not working? are you getting any errors? are you sure its the submit button and not your code?

jjfletch

Well, nothing happens when the submit button is clicked. I mean, it does ... . nothing at all It's possible that it's the code, but since I'm getting no error message or anything, I figured it was the submit button?

TheDefender

Well, it's very possible that this if statement is not being met, and therefore, nothing withing it is executing:

if (isset($_POST['submit'])) {

I have had issues in the past when I tried to validate from the submit button like that in the past, so what I have been doing is using a hidden field, and verifying it's existence rather than the submit button's... and that's worked well for me without fail.

jjfletch

Hmm, why wouldn't it be met? Would that mean that there's an error with the code, or is this a known issue? If it is an error with the code, what would it be? As far as I can see, the code is okay... I've quadruple checking syntax, but it looks ok...

TheDefender

The code itself looks fine like Thorpe said. To clarify my statement, in the past, I have had troubles validating the submit button using Internet Explorer, but not Firefox, (even when my code was right), so I started validating on that hidden field, and the problems went away. I am not sure why, and since the hidden field work well for me, I haven't looked back to the submit button.

rachel2004

What TheDefender mentioned about not being able to rely on $POST['submit'] is correct. You should instead rely on a "hidden field" type of value (again, as he said because he's a smart gentleman). To add my 2 cents to this thread, even if you had not known that, how about some old school troublehshooting with the tried and true 'echo' or 'print' statement:

<?php 
echo "<li />@ line ".__LINE__." of file ".__FILE__.": before checking for isset(POST[submit])";
if (isset($_POST['submit'])) {
    // if we are in here, say something:
    exit("<li />Successfully inside of form processing @ line ".__LINE__." of file ".__FILE__);

// rest of code follows

?>

If you see that first echo statement, then you know that you can at least "see" something. If you don't, then you have a "read" permissions issue on your web server. If you dont' see that "exit" line, then you know you aren't even entering the form handling block. You wouldn't have known about the "hidden field" suggestion from TheDefender, but at least you'd have known that you weren't even entering the form handling block.

Lastly, depending on which browser you're using, the isset($_POST['submit']) might not be an issue in that browser, so go back to the 'echo' statements to indicate where you in the logic.

Jason_Batten

I wouldn't use .inc as it can be a pretty big security risk, use .php for include files. .inc is just a text file so people can easily view your config settings and do nasty stuff 😉

jjfletch

Well, I tried to use a hidden field, and also tried changing it to validate off the 'username' field, but it's still not working.

Any other suggestions? 🙁

TheDefender

(again, as he said because he's a smart gentleman)

Awwwww, shucks... Thanks Rachel... Listen to the lady jj, she's the one that keeps me in check anyhow... Now, THERE'S your smart one!!!

Edit: One ton of posts in the books...

TheDefender

Well, let's simplify everything first. What happens if you do just this with your code?

<form method="POST" action="index.php">
<input type="text" name="test" value="JimBob">
<input type="hidden" name="testsub" value="1">
<input type="submit" name="submit" value="Submit">
</form>

<?php
if(isset($_POST['testsub']) && $_POST['testsub'] == 1){
  echo "The Form is submitted: ".$_POST['test'];
} else {
  echo "The form was not submitted";
}
?>

jjfletch

Well, listening to all the smarties (as there appears to be several here), I did what Rachel suggesting, and saw both the "echo" and "exit" line.

It's just not accomplishing anything beyond that...

rachel2004

jjfletch, I would say you are making progress then! Now continue moving that exit statement further down the logic of your form handling block, resubmit the form, see if it continues to show up.

The main thing is that it tells you exactly at which line it appears because it is using the automagic LINE thingy. Well, when you no longer see it, you know that your code was working up to that line where you inserted the statement, follow?

I personally use many such echo statement (nstead of an exit statement) when I am developing to tell me where I am getting expected results in a complex (or not so complex) block of code. I would suggest the same (instead of the exit line) if you don't forget to clean up all of the echo statements when you are done with development.

jjfletch

Oh, I am so totally lame. It was all due to a misnamed field in my query.

Thank you Rachel for helping me figure it out. I will definitely do as you suggest and continue to use such echo statements.

You're wonderful!

rachel2004

Actually, thank the group that assisted. I merely rode on their coat tails.

Be sure to make your thread resolved.