mage1 Posted October 11, 2008 Share Posted October 11, 2008 i always get the echo of "password short" whats wrong with my code?? update <?php session_start(); unset($_SESSION['updated']); unset($_SESSION['pwshort']); unset($_SESSION['pwempty']); unset($_SESSION['emailempty']); unset($_SESSION['nickempty']); if(!isset($_SESSION['user'])){ header("Location: login.php"); exit; }else{ $username = $_SESSION['user']; } include('mysql.php'); if(strlen($password) < { $_SESSION['pwshort']="pwshort"; header("Location: profile.php"); exit; } else if(empty($password)){ $_SESSION['pwempty']="pwempty"; header("Location: profile.php"); exit; } if(empty($email)){ $_SESSION['emailempty']="emailempty"; header("Location: profile.php"); exit; } if(empty($nickname)){ $_SESSION['nickempty']="nickempty"; header("Location: profile.php"); exit; } if (mysql_query("UPDATE regusers SET password ='".$_POST['password']."', email ='".$_POST['email']."', nickname ='".$_POST['nickname']."' WHERE username = '" . $username . "'")) { $_SESSION['updated']="updated"; header("Location: profile.php"); } mysql_close; ?> profile <?php session_start(); $username=$_SESSION['user']; if(!isset($_SESSION['user'])){ header("Location: login.php"); } ?> <?php mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("<db>") or die(mysql_error()); $result = mysql_query("SELECT * FROM regusers WHERE username='$username'") or die(mysql_error()); $row = mysql_fetch_array( $result ); ?> <html part> <form action="update.php" method="POST"> <?php if(isset($_SESSION['updated'])) { echo "updated"; }; if(isset($_SESSION['pwshort'])) { echo"Password short"; }; if(isset($_SESSION['pwempty'])) { echo"Password empty"; }; if(isset($_SESSION['emailempty'])) { echo"Email empty"; }; if(isset($_SESSION['nickempty'])) { echo"Nick empty"; }; ?> </html> Link to comment https://forums.phpfreaks.com/topic/127974-session-error/ Share on other sites More sharing options...
kenrbnsn Posted October 11, 2008 Share Posted October 11, 2008 The way your script is written, you're assuming that register_globals is enabled -- that is a false assumption. You need to use the values in the $_POST superglobal array. Also, you shouldn't use the raw values in your mysql statement. <?php session_start(); unset($_SESSION['updated']); unset($_SESSION['pwshort']); unset($_SESSION['pwempty']); unset($_SESSION['emailempty']); unset($_SESSION['nickempty']); if(!isset($_SESSION['user'])){ header("Location: login.php"); exit; }else{ $username = $_SESSION['user']; } include('mysql.php'); array_map('stripslashes',$_POST); if(strlen($_POST['password']) < { $_SESSION['pwshort']="pwshort"; header("Location: profile.php"); exit; } else if(empty($_POST['password'])){ $_SESSION['pwempty']="pwempty"; header("Location: profile.php"); exit; } if(empty($_POST['email'])){ $_SESSION['emailempty']="emailempty"; header("Location: profile.php"); exit; } if(empty($_POST['nickname'])){ $_SESSION['nickempty']="nickempty"; header("Location: profile.php"); exit; } if (mysql_query("UPDATE regusers SET password ='".mysql_real_escape_string($_POST['password'])."', email ='".mysql_real_escape_string($_POST['email'])."', nickname ='".mysql_real_escape_string($_POST['nickname'])."' WHERE username = '" . mysql_real_escape_string($_POST['username']) . "'")) { $_SESSION['updated']="updated"; header("Location: profile.php"); } mysql_close; ?> Ken Link to comment https://forums.phpfreaks.com/topic/127974-session-error/#findComment-662677 Share on other sites More sharing options...
R0bb0b Posted October 11, 2008 Share Posted October 11, 2008 Also, these changes may not be necessary but I'm always a for sure kind of guy. I would change the following lines: <?php unset($_SESSION['updated']); unset($_SESSION['pwshort']); unset($_SESSION['pwempty']); unset($_SESSION['emailempty']); unset($_SESSION['nickempty']); ?> to: <?php function sessUnset($key) { $_SESSION[$key] = NULL; unset($_SESSION[$key]); } sessUnset($_SESSION['updated']); sessUnset($_SESSION['pwshort']); sessUnset($_SESSION['pwempty']); sessUnset($_SESSION['emailempty']); sessUnset($_SESSION['nickempty']); ?> I would also change the following lines: <?php if(isset($_SESSION['updated'])) { echo "updated"; }; if(isset($_SESSION['pwshort'])) { echo"Password short"; }; if(isset($_SESSION['pwempty'])) { echo"Password empty"; }; if(isset($_SESSION['emailempty'])) { echo"Email empty"; }; if(isset($_SESSION['nickempty'])) { echo"Nick empty"; }; ?> to <?php if(isset($_SESSION['updated']) && $_SESSION['updated'] == "updated") { echo "updated"; }; if(isset($_SESSION['pwshort']) && $_SESSION['pwshort'] == "pwshort") { echo"Password short"; }; if(isset($_SESSION['pwempty']) && $_SESSION['pwempty'] == "pwempty") { echo"Password empty"; }; if(isset($_SESSION['emailempty']) && $_SESSION['emailempty'] == "emailempty") { echo"Email empty"; }; if(isset($_SESSION['nickempty']) && $_SESSION['nickempty'] == "nickempty") { echo"Nick empty"; }; ?> Link to comment https://forums.phpfreaks.com/topic/127974-session-error/#findComment-662680 Share on other sites More sharing options...
wildteen88 Posted October 11, 2008 Share Posted October 11, 2008 I'd change your code to update.php <?php session_start(); // all errors get reported to the errors session array $_SESSION['errors'] = null; // reset the errors array if(!isset($_SESSION['user'])) { header("Location: login.php"); exit; } $username = $_SESSION['user']; include 'mysql.php'; // check that the password exists if(isset($_POST['password']) && !empty($_POST['password'])) { // validate password length if(strlen($_POST['password']) < { $_SESSION['error']['password'] = "Password too short"; } } else { $_SESSION['error']['password'] = "Password required"; } // check that the email exists if(!isset($_POST['email']) || (isset($_POST['email']) && empty($_POST['email']))) { $_SESSION['error']['email'] = "Nickname required"; } // check that the email exists if(!isset($_POST['nickname']) || (isset($_POST['nickname']) && empty($_POST['nickname']))) { $_SESSION['error']['nickname'] = "Nickname required"; } // check that no errors have been set if(isset($_SESSION['errors']) && !is_array($_SESSION['errors'])) { // no errors set update profile $sql = "UPDATE regusers SET password ='".$_POST['password']."', email ='".$_POST['email']."', nickname ='".$_POST['nickname']."' WHERE username = '" . $username . "'"; $result = mysql_query($sql); if($result) $_SESSION['updated'] = true; } else $_SESSION['updated'] = false; // redirectt to profile.php header("Location: profile.php"); ?> profile.php <?php session_start(); if(!isset($_SESSION['user'])) { header("Location: login.php"); } $username = $_SESSION['user']; mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("<db>") or die(mysql_error()); $result = mysql_query("SELECT * FROM regusers WHERE username='$username'") or die(mysql_error()); $row = mysql_fetch_array( $result ); ?> <html part> <form action="update.php" method="POST"> <?php // check that the profile updated and that no errors exists if(isset($_SESSION['updated'])) { if(isset($_SESSION['errors']) && is_array($_SESSION['errors']) && ($_SESSION['updated'] == false)) { echo 'Unable to update profile due to: '; echo '<ul><li>' . implode('</li><li>', $_SESSION['errors']) . '</li></ul>'; } else { echo '<b>Profile Updated</b>'; } } ?> </html> Link to comment https://forums.phpfreaks.com/topic/127974-session-error/#findComment-662683 Share on other sites More sharing options...
budimir Posted October 11, 2008 Share Posted October 11, 2008 @wildteen88 Very nice and clean code! Link to comment https://forums.phpfreaks.com/topic/127974-session-error/#findComment-662687 Share on other sites More sharing options...
mage1 Posted October 11, 2008 Author Share Posted October 11, 2008 thank you so much guys for the reply!! Link to comment https://forums.phpfreaks.com/topic/127974-session-error/#findComment-662700 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.