Error message when changing a user's password
Status: Abandoned
Brought to you by:
deekayen
Menu
▾
▴
#82 Error message when changing a user's password
When I try to change my password as a user, I get the following error:
"Something screwed up... dont you hate that?"
Yes, I hate that.
I took at look at the user.php3 code, and the problem seems to be in line 510:
$result = mysql_query("select u.uid, u.uname, u.pass,
h.topics_displayed, h.storynum, h.ublockon,
h.theme
from users u, users_home h
where u.uname='$uname' and
u.pass='$pass' ");
if(mysql_num_rows($result)==1) {
.....
} else {
echo translate("Something screwed up... dont you hate that?"). "<br>";
exit ;
}
The SQL statement is a JOIN between two tables, but their keys are not compared! If there are n users in the user_home table, the query
returns n rows, not 1 as checked in the if statement.
The correct statement should be:
$result = mysql_query("select u.uid, u.uname, u.pass,
h.topics_displayed, h.storynum, h.ublockon,
h.theme
from users u, users_home h
where u.uname='$uname' and
u.pass='$pass' and
u.uid = h.uid");
You're going to get stuff like that in the CVS code because the user tables are being merged back to one... as an less educated programmer, I had split it from one table to many... now I have seen the error in my ways, and I'm putting it back. I'm going to leave the bug report open though.
Not issue any more since user tables are combined into one now.