onehitxzibit
11-25-2010, 06:37 AM
Hello people,
I am trying to create a password recovery script for my website but I am experiencing some issues and I can't figure out whether it's Flash or PHP related. In the PHP script I have a line that check if a username corresponds to a specific email address from my MySQL database. The problem is that Flash won't receive any variables below that line even if it successfully passes the check. If I comment it out the script works perfect.
Here are the PHP script and the AS used to handle it:
<?php
//db settings
$mysql_host = 'localhost';
$mysql_user = 'user';
$mysql_pass = 'pass';
$realm_db = 'db';
if ($_POST['sendRequest'] == "parse") {
$username = $_POST['username'];
$email = $_POST['email'];
}
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$con = @mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if (!$con)
{
print "var1=Unable to connect to the database.";
exit();
};
if ((empty($_POST["username"]))||(empty($_POST["email"]))) {
print "var1=You did not enter all the required information.";
exit();
};
$username = strtoupper($_POST["username"]);
$email = strtoupper($_POST["email"]);
$qry = @mysql_query("select username from " . mysql_real_escape_string($realm_db) . ".account where email = '" . $email . "'", $con);
$existing_username = mysql_fetch_assoc($qry);
$existing_username = strtoupper($existing_username);
if ($existing_username!=$username) {
print "var1=Invalid username or email.";
exit();
}
unset($qry);
$password = createRandomPassword();
print "var2=Your new password is $password";
exit();
/*$sha_pass_hash = sha1(strtoupper($username) . ":" . strtoupper($password));
$change_pass_qry = "to do";
$qry = @mysql_query($change_pass_qry, $con);
print "var3=Password successfully changed!";
exit();*/
?>
submit_button2.addEventListener(MouseEvent.CLICK, btnDown2);
function btnDown2(event:MouseEvent):void {
var variables:URLVariables = new URLVariables();
var varSend:URLRequest = new URLRequest("some path");
varSend.method = URLRequestMethod.POST;
varSend.data = variables;
var varLoader:URLLoader = new URLLoader;
varLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
varLoader.addEventListener(Event.COMPLETE, completeHandler);
variables.username = forgot_password_username_field.text;
variables.email = forgot_password_email_field.text;
variables.sendRequest = "parse";
varLoader.load(varSend);
function completeHandler(event:Event):void {
submit_button2.visible = false;
forgot_password_field1.visible = false;
forgot_password_field2.visible = false;
user_and_mail.visible = false;
forgot_password_username_field.visible = false;
forgot_password_email_field.visible = false;
var3_field.visible = true;
var4_field.visible = true;
var phpVar1 = event.target.data.var1;
var phpVar2 = event.target.data.var2;
var3_field.text = phpVar1;
var4_field.text = phpVar2;
trace (event.target.data.var1);
trace (event.target.data.var2);
}
}
if ($existing_username!=$username) {
print "var1=Invalid username or email.";
exit();
}
unset($qry);
This is the part causing issues.
I am trying to create a password recovery script for my website but I am experiencing some issues and I can't figure out whether it's Flash or PHP related. In the PHP script I have a line that check if a username corresponds to a specific email address from my MySQL database. The problem is that Flash won't receive any variables below that line even if it successfully passes the check. If I comment it out the script works perfect.
Here are the PHP script and the AS used to handle it:
<?php
//db settings
$mysql_host = 'localhost';
$mysql_user = 'user';
$mysql_pass = 'pass';
$realm_db = 'db';
if ($_POST['sendRequest'] == "parse") {
$username = $_POST['username'];
$email = $_POST['email'];
}
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$con = @mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if (!$con)
{
print "var1=Unable to connect to the database.";
exit();
};
if ((empty($_POST["username"]))||(empty($_POST["email"]))) {
print "var1=You did not enter all the required information.";
exit();
};
$username = strtoupper($_POST["username"]);
$email = strtoupper($_POST["email"]);
$qry = @mysql_query("select username from " . mysql_real_escape_string($realm_db) . ".account where email = '" . $email . "'", $con);
$existing_username = mysql_fetch_assoc($qry);
$existing_username = strtoupper($existing_username);
if ($existing_username!=$username) {
print "var1=Invalid username or email.";
exit();
}
unset($qry);
$password = createRandomPassword();
print "var2=Your new password is $password";
exit();
/*$sha_pass_hash = sha1(strtoupper($username) . ":" . strtoupper($password));
$change_pass_qry = "to do";
$qry = @mysql_query($change_pass_qry, $con);
print "var3=Password successfully changed!";
exit();*/
?>
submit_button2.addEventListener(MouseEvent.CLICK, btnDown2);
function btnDown2(event:MouseEvent):void {
var variables:URLVariables = new URLVariables();
var varSend:URLRequest = new URLRequest("some path");
varSend.method = URLRequestMethod.POST;
varSend.data = variables;
var varLoader:URLLoader = new URLLoader;
varLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
varLoader.addEventListener(Event.COMPLETE, completeHandler);
variables.username = forgot_password_username_field.text;
variables.email = forgot_password_email_field.text;
variables.sendRequest = "parse";
varLoader.load(varSend);
function completeHandler(event:Event):void {
submit_button2.visible = false;
forgot_password_field1.visible = false;
forgot_password_field2.visible = false;
user_and_mail.visible = false;
forgot_password_username_field.visible = false;
forgot_password_email_field.visible = false;
var3_field.visible = true;
var4_field.visible = true;
var phpVar1 = event.target.data.var1;
var phpVar2 = event.target.data.var2;
var3_field.text = phpVar1;
var4_field.text = phpVar2;
trace (event.target.data.var1);
trace (event.target.data.var2);
}
}
if ($existing_username!=$username) {
print "var1=Invalid username or email.";
exit();
}
unset($qry);
This is the part causing issues.