I'm building a micro-site, and am having trouble with the password reset behavior.
There is a form that asks the user for their password twice. I'm not being a password nazi, and the only requirement is that the password be greater than 5 characters. On submit, the form data is added to the $_POST array and is sent to a setPass function in my site-wide php function script.
The function is
function setPass(){
$link= connectDB();
$query= "select * from People where Username='" . $_SESSION['name'] . "' Limit 1";
$result= $link->query($query);
if ($result->num_rows==0){
$_SESSION['status']= 'invaliduser';
header("location: ../index.php");
} else {
$first = $_POST['firstPass'];
$second = $_POST['secondPass'];
if (($first == $second) && (strlen($first) > 5)){
$password = sha1($first);
}
}
}
I'm leaving out the database insertion code in this example.
My issue is that this script echo $_SESSION['name'] . " and password: " . $first;
included in the page body prints out the username, but returns an unidentified variable: first
warning. This also happens when I try to access the variable $password
.
Earlier testing has shown that the first conditional is true, as the page is not redirected.
So what is causing the failure of execution in the else block?