Hi,
I have an application for creating accounts with :
"Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i only change name or email the password gets encrypted a second time.
--------------------------------------------------------------------------
Below is my code for the update page, I want to update the password only when it is changed.
***********************************************************************
<?php require_once('../../Connections/myDB.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
$updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
GetSQLValueString($_POST['Name'], "text"),
GetSQLValueString($_POST['Email'], "text"),
GetSQLValueString($_POST['Password'], "text"),
GetSQLValueString($_POST['userId'], "int"));
mysql_select_db($database_myDB, $myDB);
$Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());
$updateGoTo = "accounts.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
$colname_rsUp = "1";
if (isset($_GET['id'])) {
$colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>
<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">
<table width="280" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th height="34" width="85"><div align="left" >Name : </div></th>
<td colspan="4">
<input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" />
</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Email:</div></th>
<td colspan="4">
<span id="two">
<input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" />
</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Password:</div></th>
<td colspan="4">
<input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" />
</td>
</tr>
<tr>
<td> </td>
<td width="61"> </td>
<td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td>
</tr>
</table>
<input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" />
<input type="hidden" name="MM_update" value="loginForm">
</form>
<?php
mysql_free_result($rsUp);
?>
**************************************************************************
Thank you.