Jump to content

Changing account details

Khashul

By Khashul
in PHP Coding Help

 Share

Recommended Posts

Khashul Newbie

Khashul

Posted
Posted

I'm currently drawing a blank on the best way to fix this code and unfortunately I'm relatively new to coding.

 

I made it a while ago but still can't think of a decent way to get around my problem. The main problem is that I want the user to pick and choose the information they want to change without having the do it all and then pressing submit. I just came back to it and realised the problem with my code in that using exit (); it won't let the code go further so you can only change one field. without exit () I just get repeating pages. I've tried this a few times but can't get my brain in gear to work it out.

 

<?php

session_start ();
include ("config.php");
include ("checkuser.php");

$error = 0;

$passerror = "<font color=\"red\"><font size=1>";
$emailerror = "<font color=\"red\"><font size=1>";
$nameerror = "<font color=\"red\"><font size=1>";
$cityerror = "<font color=\"red\"><font size=1>";
$countryerror = "<font color=\"red\"><font size=1>";

if (isset ( $_POST ['pass_1'] ) && ($_POST ['pass_2']) && ($_POST ['submit1'])) {

$pass_1 = mysql_real_escape_string ( $_POST ['pass_1'] );
$pass_2 = $_POST ['pass_2'];

if ($pass_1 != $pass_2) {
	$error = 1;
	$passerror .= "Your passwords do not match.";
} else if (strlen ( $pass_1 ) < 5) {
	$error = 1;
	$passerror .= "Your password must contain more than 5 characters.";
} else if (! preg_match ( "/^[-_a-zA-Z0-9]+$/", $pass_1 )) {
	$error = 1;
	$passerror .= "Your password contains illegal characters.";
}
if ($error == 0) {
	$password = md5 ( $pass_1 );
	mysql_query ( "UPDATE members SET password = '$password' WHERE id = '$user->id'" );

	include ("templates/default/pheader.php");
	echo "<center><b>You have successfully changed your password.</b><p />";
	echo "<a href=\"home.php\">Home</a></center>";
	include ("templates/default/pfooter.php");
	exit ();
}
}

if (isset ( $_POST ['email_1'] ) && ($_POST ['email_2']) && ($_POST ['submit2'])) {

$email_1 = mysql_real_escape_string ( $_POST ['email_1'] );
$email_2 = $_POST ['email_2'];

$emailqry = mysql_query ( "SELECT email FROM members WHERE email = '$email_1'" );
$emailcount = mysql_num_rows ( $emailqry );

if ($emailcount > 0) {
	$error = 1;
	$emailerror .= "Your email is already in use.";
} else if ($email_1 != $email_2) {
	$error = 1;
	$emailerror .= "Your emails do not match.";
} else if (strlen ( $email_1 ) < 3) {
	$error = 1;
	$emailerror .= "Your email must contain more than 3 characters.";
} else if (! preg_match ( "/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i", $email_1 )) {
	$error = 1;
	$emailerror .= "Your email contains illegal characters.";
}
if ($error == 0) {
	mysql_query ( "UPDATE members SET email = '$email_1' WHERE id = '$user->id'" );

	include ("templates/default/pheader.php");
	echo "<center><b>You have successfully changed your email.</b><p />";
	echo "<a href=\"home.php\">Home</a></center>";
	include ("templates/default/pfooter.php");
	exit ();	
}
}

if (isset ( $_POST ['submit3'] )) {

if (isset ( $_POST ['firstname'] ) && ($_POST ['surname'])) {

	$firstname = mysql_real_escape_string ( $_POST ['firstname'] );
	$surname = mysql_real_escape_string ( $_POST ['surname'] );

	if (! preg_match ( "/^[-_a-zA-Z0-9]+$/", $firstname )) {
		$error = 1;
		$nameerror .= "Your name contains illegal characters.";
	} else if (! preg_match ( "/^[-_a-zA-Z0-9]+$/", $surname )) {
		$error = 1;
		$nameerror .= "Your name contains illegal characters.";
	}
	if ($error == 0) {
		$fullname = "$firstname $surname";
		mysql_query ( "UPDATE members SET fullname = '$fullname' WHERE id = '$user->id'" );
		include ("templates/default/pheader.php");
		echo "<center><b>You have successfully changed your settings.</b><p />";
		echo "<a href=\"home.php\">Home</a></center>";
		include ("templates/default/pfooter.php");
		exit ();
	}
}

if (isset ( $_POST ['city'] )) {

	$city = trim ( mysql_real_escape_string ( $_POST ['city'] ) );

	if (! preg_match ( "/^[-_a-zA-Z0-9]+$/", $city )) {
		$error = 1;
		$cityerror .= "Your city contains illegal characters.";
	}
	if ($error == 0) {
		mysql_query ( "UPDATE members SET city = '$city' WHERE id = '$user->id'" );
		include ("templates/default/pheader.php");
		echo "<center><b>You have successfully changed your settings.</b><p />";
		echo "<a href=\"home.php\">Home</a></center>";
		include ("templates/default/pfooter.php");
		exit ();
	}
}

if (isset ( $_POST ['country'] )) {

	$country = trim ( mysql_real_escape_string ( $_POST ['country'] ) );

	if (! preg_match ( "/^[-_a-zA-Z0-9]+$/ ", $country )) {
		$error = 1;
		$countryerror .= "Your country contains illegal characters.";
	}
	if ($error == 0) {
		mysql_query ( "UPDATE members SET country = '$country' WHERE id = '$user->id'" );
		include ("templates/default/pheader.php");
		echo "<center><b>You have successfully changed your settings.</b><p />";
		echo "<a href=\"home.php\">Home</a></center>";
		include ("templates/default/pfooter.php");
		exit ();
	}
}
}

$passerror .= "</font>";
$emailerror .= "</font>";
$nameerror .= "</font>";
$cityerror .= "</font>";
$countryerror .= "</font>";

$currentqry = mysql_query("SELECT email, city, country FROM members_view WHERE id = $user->id");
while ($current = mysql_fetch_assoc($currentqry)) {

include ("templates/default/pheader.php");
?>

<form method="POST" action="account.php">
<fieldset><legend>Change Account Details</legend>
<table width="100%">
<tr>
	<td width="40%"><b>Password</b>:</td>
	<td><input type="password" name="pass_1" value="" /></td>
</tr>
<tr>
	<td width="40%"><b>Verify Password</b>:</td>
	<td><input type="password" name="pass_2" value="" /></td>
</tr>
<tr>
	<td colspan="2"><?=$passerror;?></td>
</tr>
<tr>
	<td colspan="2" align="center"><input type="submit" name="submit1"
		value="Submit"></td>
</tr>
</table>
<div class="hr"><hr /></div>
<p />

<table width="100%">
<tr>
	<td width="40%"><b>Email</b>:</td>
	<td><input type="text" name="email_1" value="<?=$current['email']?>" /></td>
</tr>
<tr>
	<td width="40%"><b>Verify Email</b>:</td>
	<td><input type="text" name="email_2" value="" /></td>
</tr>
<tr>
	<td colspan="2"><?=$emailerror;?></td>
</tr>
<tr>
	<td colspan="2" align="center"><input type="submit" name="submit2"
		value="Submit"></td>
</tr>
</table>
<div class="hr"><hr /></div>
<p />

<table width="100%">
<tr>
	<td width="40%"><b>First Name</b>:</td>
	<td><input type="text" name="firstname" value="" /></td>
</tr>
<tr>
	<td width="40%"><b>Surname</b>:</td>
	<td><input type="text" name="surname" value="" /></td>
</tr>
<tr>
	<td colspan="2"><?=$nameerror;?></td>
</tr>
<tr>
	<td width="40%"><b>City</b>:</td>
	<td><input type="text" name="city" value="<?=$current['city']?>" /></td>
</tr>
<tr>
	<td colspan="2"><?=$cityerror;?></td>
</tr>
<tr>
	<td width="40%"><b>Country</b>:</td>
	<td><input type="text" name="country" value="<?=$current['country']?>" /></td>
</tr>
<tr>
	<td colspan="2"><?=$countryerror;?></td>
</tr>
<tr>
	<td colspan="2" align="center"><input type="submit" name="submit3"
		value="Submit"></td>
</tr>
</table>
</fieldset>
</form>

<?php
}
include ("templates/default/pfooter.php");
?>

 

Any help welcome! Thanks in advance!

Link to comment
Share on other sites
Khashul Newbie

Khashul

Posted
  • Author
Posted

Okay, so what would the best format be to do this.

 

I need to make sure they can't just put what they want into the db hence preg_match but I was also using isset. What would be a better way of doing this then so that just the fields that need to be updated are? The other thing that may change things is some of the personal information hasn't been submitted before.

 

Sorry if it sounds like a silly question, just cant visualise this code for some reason!

Link to comment
Share on other sites
Khashul Newbie

Khashul

Posted
  • Author
Posted

Sorry can't modify my last post.

 

Okay I've got this so far, but just realised my main problem is I want to allow for blank answers so what would be the best way to do that?

 

<?php

session_start ();
include ("config.php");
include ("checkuser.php");

$error = 0;

$passerror = "<font color=\"red\"><font size=1>";
$emailerror = "<font color=\"red\"><font size=1>";
$nameerror = "<font color=\"red\"><font size=1>";
$cityerror = "<font color=\"red\"><font size=1>";
$countryerror = "<font color=\"red\"><font size=1>";

if (isset ( $_POST ['pass_1'] ) && ($_POST ['pass_2']) && ($_POST ['submit1'])) {

$pass_1 = mysql_real_escape_string ( $_POST ['pass_1'] );
$pass_2 = $_POST ['pass_2'];

if ($pass_1 != $pass_2) {
	$error = 1;
	$passerror .= "Your passwords do not match.";
} else if (strlen ( $pass_1 ) < 5) {
	$error = 1;
	$passerror .= "Your password must contain more than 5 characters.";
} else if (! preg_match ( "/^[-_a-zA-Z0-9]+$/", $pass_1 )) {
	$error = 1;
	$passerror .= "Your password contains illegal characters.";
}
if ($error == 0) {
	$password = md5 ( $pass_1 );
	mysql_query ( "UPDATE members SET password = '$password' WHERE id = '$user->id'" );

	include ("templates/default/pheader.php");
	echo "<center><b>You have successfully changed your password.</b><p />";
	echo "<a href=\"home.php\">Home</a></center>";
	include ("templates/default/pfooter.php");
	exit ();
}
}

if (isset ( $_POST ['submit2'] )) {

$email = mysql_real_escape_string ( $_POST ['email'] );
$name = mysql_real_escape_string ( $_POST ['name'] );
$city = trim ( mysql_real_escape_string ( $_POST ['city'] ) );
$country = trim ( mysql_real_escape_string ( $_POST ['country'] ) );

if (! preg_match ( "/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i", $email )) {
	$error = 1;
	$emailerror .= "Your email address contains illegal characters.";
}
if (! preg_match ( "/^[-_a-zA-Z0-9 \d]+$/", $name )) {
	$error = 1;
	$nameerror .= "Your name contains illegal characters.";
}
if (! preg_match ( "/^[-_a-zA-Z0-9 \d]+$/", $city )) {
	$error = 1;
	$cityerror .= "Your city contains illegal characters.";
}
if (! preg_match ( "/^[-_a-zA-Z0-9 \d]+$/", $country )) {
	$error = 1;
	$countryerror .= "Your country contains illegal characters.";
}
if ($error == 0) {
	mysql_query ( "UPDATE members SET fullname = '$name', city = '$city', country = '$country' WHERE id = '$user->id'" );
	include ("templates/default/pheader.php");
	echo "<center><b>You have successfully changed your settings.</b><p />";
	echo "<a href=\"home.php\">Home</a></center>";
	include ("templates/default/pfooter.php");
	exit ();
}
}

$passerror .= "</font>";
$emailerror .= "</font>";
$nameerror .= "</font>";
$cityerror .= "</font>";
$countryerror .= "</font>";

$currentqry = mysql_query ( "SELECT email, fullname, city, country FROM members_view WHERE id = $user->id" );
while ( $current = mysql_fetch_assoc ( $currentqry ) ) {

include ("templates/default/pheader.php");
?>

<form method="POST" action="account.php">
<fieldset><legend>Change Account Details</legend>
<table width="100%">
<tr>
	<td width="40%"><b>Password</b>:</td>
	<td><input type="password" name="pass_1" value="" size="30" /></td>
</tr>
<tr>
	<td width="40%"><b>Verify Password</b>:</td>
	<td><input type="password" name="pass_2" value="" size="30" /></td>
</tr>
<tr>
	<td colspan="2"><?=$passerror;?></td>
</tr>
<tr>
	<td colspan="2" align="center"><input type="submit" name="submit1"
		value="Submit"></td>
</tr>
</table>
<div class="hr">
<hr />
</div>
<p />


<table width="100%">
<tr>
	<td width="40%"><b>Email</b>:</td>
	<td><input type="text" name="email" value="<?=$current ['email']?>"
		size="30" /></td>
</tr>
<tr>
	<td colspan="2"><?=$emailerror;?></td>
</tr>
<tr>
	<td width="40%"><b>Name</b>:</td>
	<td><input type="text" name="name" value="<?=$current ['fullname']?>"
		size="30" /></td>
</tr>
<tr>
	<td colspan="2"><?=$nameerror;?></td>
</tr>
<tr>
	<td width="40%"><b>City</b>:</td>
	<td><input type="text" name="city" value="<?=$current ['city']?>"
		size="30" /></td>
</tr>
<tr>
	<td colspan="2"><?=$cityerror;?></td>
</tr>
<tr>
	<td width="40%"><b>Country</b>:</td>
	<td><input type="text" name="country"
		value="<?=$current ['country']?>" size="30" /></td>
</tr>
<tr>
	<td colspan="2"><?=$countryerror;?></td>
</tr>
<tr>
	<td colspan="2" align="center"><input type="submit" name="submit2"
		value="Submit"></td>
</tr>
</table>
</fieldset>
</form>

<?php
}
include ("templates/default/pfooter.php");
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.