Home/ Questions/Q 739855
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T08:26:54+00:00

I’m have a problem with an invite system. The if statement seems to break.

  • 0

I’m have a problem with an invite system. The if statement seems to break. It shows the message “Fail” but the UPDATE statement still executes. Why do both the THEN and the ELSE excute?

$dbConn = new dbConn();

// Check if POST user_username and user_hash are matching and valid; both are hidden for fields
$sql = "SELECT user_username "
    . "FROM table_users "
    . "WHERE user_id=".mysql_real_escape_string($_POST["user_id"])." "
    . "AND user_hash='".mysql_real_escape_string($_POST["user_hash"])."' "
    . "AND user_enabled=0;";
$objUser = $dbConn->query($sql);

// If result contains 1 or more rows
if( mysql_num_rows($objUser) != NULL ){
    $objUser = mysql_fetch_assoc($objUser);

    $ssnUser->login( $objUser["user_username"] );

    $sql = "UPDATE table_users SET "
        . "user_enabled=1, "
        . "user_first_name='".mysql_real_escape_string($_POST["user_first_name"])."', "
        . "user_last_name='".mysql_real_escape_string($_POST["user_last_name"])."', "
        . "user_password='".mysql_real_escape_string( md5($_POST["user_password"]) )."' "
        . "WHERE user_id=".mysql_real_escape_string($_POST["user_id"]).";";
    $dbConn->query($sql);

    echo "Success";
    header( "Refresh: 5; url=/account/?action=domains" );

} else {
    echo "Fail";
}

This dbConn Class is as follows:

class dbConn{
    var $username = "xxxx_admin";
    var $password = "xxxxxxxx";
    var $server = "localhost";
    var $database = "xxxx";
    var $objConn;

    function __construct(){
        $conn = mysql_connect( $this->server, $this->username, $this->password, true );
        if( !$conn ){
            die("Could not connect: ".mysql_error() );
        } else {
            $this->objConn = $conn;
        }
        unset($conn);
    }
    function __destruct(){
        mysql_close( $this->objConn );
        unset( $this );
    }
    function query( $query, $db = false ){
        mysql_select_db( $db != false ? $db : $this->database, $this->objConn );
        $result = mysql_query( $query );
        unset($query,$db);
        return $result;
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t see anything really weird in your code. Could there be a “Fail” call in your login() method? Either way, I would change the line:

    if( mysql_num_rows($objUser) != NULL ){

    to:

    $rowCount = mysql_num_rows($objUser);
if($rowCount and $rowCount > 0){

    And, put an exit(); call after your header() line.

    • 0