Search the Community

I would like someone to please help look over these lines of codes and help me correct what's wrong with it. The first problem I found out on my registration form is when a user fills out a portion of the form, the WordPress client side and server side validation works as intended but that data gets processed/stored into my external database which it is not suppose to. So what I did to prevent it check if the user pressed the submit button, if it's pressed, check to see if the values aren't empty. If the values are empty, do something and stop the connection but If the values are not empty, run the connection to the external DB using the try/catch statement. I tested it out again and the validation works as intended, no data was processed but when the user completes the registration form correctly, their info gets stored into the WordPress DB but not my external database. Can anyone please help me with this issue? <?php $firstname = esc_attr($_POST['fname']); $lastname= esc_attr($_POST['lname']); $email= esc_attr($_POST['email']); ... $error = false; $required = array($firstname, $lastname, $email ...); if (!isset($_POST['on-reg-submit'])) { // Do nothing } else { foreach($required as $val) { if (empty($_POST[$val])) { $error = true; } } if ($error) { // If errors, prevent from submmiting to external DB } else { // No errors try { // Here is where I connect to the external DB // processing the posts values into it and storing the post values into my external DB } catch { echo "ERROR!"; } } ....

Hello all, i have a change your password feature on one of my websites. It works perfectly in FF and Chrome but it is not working in IE 8. I have used MySQLi prepared statements and the script is fairly straight forward. In IE 8 when i click on submit button, it kills the session and gives "you are not authorized to view this page message". So I need some help in solving it. Below is the HTML form. <form name="frmcp" method="post" action="#"> <table border="0" cellpadding="5" cellspacing="5"> <tr><td>Old Password</td></tr> <tr><td><input type="password" name="password" id="password" /></td></tr> <tr><td>New Password</td></tr> <tr><td><input type="password" name="txtpass1" /></td></tr> <tr><td>Confirm Password</td></tr> <tr><td><input type="password" name="txtpass2" /></td></tr> <tr><td><input type="submit" name="btncp" value="Change Password" class="button" onclick="formhash(this.form, this.form.password);" /></td></tr> </table> </form> Below is the PHP Script which is on the same page above the html open tag. <?php // Include database connection and functions here. include '../php/config.php'; include 'php/functions.php'; //Securely Start Session sec_session_start(); //Check if user is logged in or not if((login_check($mysqli) == true) && $_SESSION['usertype'] == 0) { $userid = $_SESSION['user_id']; // Check if the button was clicked or not. if(isset($_POST['btncp'])){ //Check if all fields are filled. if(isset($_POST['txtpass1']) && !empty($_POST['txtpass1']) AND isset($_POST['txtpass2']) && !empty($_POST['txtpass2'])){ $newpass = htmlspecialchars(strip_tags($_POST['txtpass1'])); $newpass = hash('sha512', $newpass); $newcpass = htmlspecialchars(strip_tags($_POST['txtpass2'])); $newcpass = hash('sha512', $newcpass); //Check if new password matches the confirm password or not. if($newpass == $newcpass){ $password = $_POST['p']; //Check if the old password entered is correct or not. if ($stmt = $mysqli->prepare("SELECT username, password, usertype, salt FROM active_users WHERE user_id = ? LIMIT 1")) { $stmt->bind_param('i', $userid); // Bind "$email" to parameter. $stmt->execute(); // Execute the prepared query. $stmt->store_result(); $stmt->bind_result($username, $db_password, $usertype, $salt); // get variables from result. $stmt->fetch(); $password = hash('sha512', $password.$salt); // hash the password with the unique salt. if($stmt->num_rows == 1) { if($db_password == $password) { //Hash the new password with a new randomly created salt. $new_random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $new_db_password = hash('sha512', $newcpass.$new_random_salt); //Update new password in the table. if ($stmt = $mysqli->prepare("UPDATE active_users SET password = ?, salt = ? WHERE user_id = ?")) { // Bind the variables to the parameter as strings. $stmt->bind_param("ssi", $new_db_password, $new_random_salt, $userid); // Execute the statement. $stmt->execute(); // Close the prepared statement. $stmt->close(); } //Redirect if password was changed and ask the user to login again using new password. header('Location: error.php?error=5'); } else { $msg = 'Old password entered is incorrect.'; } } else { $msg = 'User Does Not Exist.'; } } } else { $msg = 'New Password and Confirm Password does not match.'; } } else { $msg = 'All fields are mandatory.'; } } ?> The problem appears to be in the line where PHP checks if the button was clicked or not or in the line where it checks if user is logged in or not. But it works in FF and Chrome, just not in IE 8.