Jump to content

can anyone see where im going wrong


chris_s_22

Recommended Posts

The connect.php what my code refers to, starts the session, connects to database then includes functions.php

 

<?php
include_once 'Connect.php';
if (!is_authed()) 
{
     die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.');
}
$thequery = ("SELECT * FROM members WHERE username = '$username' ");
$query = mysql_query($thequery) or die ('session data dont match.');
while ($row = mysql_fetch_assoc($query)) 
{
$username = $row["username"];
}
?>
<form action="profileuser.php" method="POST" name="myform2">
<?php if (isset($username_errorone)) {?>There was an error: <?php echo $username_errorone; ?> please try again.<?php } ?>
<?php if (isset($username_errortwo)) {?>There was an error: <?php echo $username_errortwo; ?> please try again.<?php } ?>
<?php if (isset($usernameexisits_error)) {?>There was an error: <?php echo $usernameexisits_error; ?> please try again.<?php } ?>
Username:<input type="text" size="20" maxlength="20" name="newusername" value="
<?php echo $username?>" align="" tabindex=""/>
<input type="submit" value="Register" name="submit" align=""  tabindex="">
<!--[if IE]><input type="text" style="display: none;" disabled="disabled" size="1" value="Ignore field. IE bug fix" /><![endif]-->
</form>

this is my form as you can see it starts session,connects to database, checks the function is_authed then gets existing username and dispalys it in the username form value.

the data is the passed to the code below

 

<?php
include 'Connect.php';

if(!isset($_POST[submit])) // checks that the data being recieved came from a POST variable named 'submit'  
{
   	 // if error reshow the form You cannot access this page directly.
   	 include 'profileuserform.php';
   	 exit;
}
else
{
//CHECKS USERNAME
if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[newusername]))
{  
	// Reshow the form with an error
    	$username_errorone = "Your username must only contain letter and numbers and be at least 5 characters but no longer than 12 characters in length!<br />";
	include 'profileuserform.php';
    	exit;  
}
	$newusername = $_POST['newusername'];
if	($newusername == $_SESSION['username']);
{	
	// Reshow the form with an error
    	$username_errortwo = "You entered the same username if you wish to change please choose something new<br />";
	include 'profileuserform.php';
    	exit;
}

$query = mysql_query("SELECT * FROM members WHERE username = '". $newusername ."'");
if (mysql_num_rows($query) > 0)
{	
// Reshow the form with an error
    $usernameexisits_error = 'username already taken';
    include 'profileuserform.php';
    exit;
}
$query = "UPDATE members SET username = '$newusername' WHERE username = '$username'";
    $result= mysql_query ($query) or die ('Could not create user.');
// if suceesfully inserted data into database, send confirmation link to email 
if($result)
{
$_SESSION['username'] = $newusername;
header('Location: index.php');
}
}
?>

this then checks data passed to it came from post variable named submit,

checks it contains right length and correct characters. (this works fine)

it then checks if the new username is same as the old one.(this shows error message as it should)

So far everything does everything it should when i tested it.

the next check is to see if the new username is unique so it checks the database

if its not unique it should dispaly username already taken

but if i choose a username already in database or if i enter a complete new username it echos out the $username_errortwo

 

nothing gets updated in mysql and the session data doesnt update either

 

Link to comment
https://forums.phpfreaks.com/topic/182498-can-anyone-see-where-im-going-wrong/
Share on other sites

yes it is in the connect.php like i say at the start of my post

 

it is from this line it isnt doing what i want it to do

if	($newusername == $_SESSION['username']);

 

if i echo out $newusername it always is what i type in the form box

i have since replaced this 

$_SESSION['username']

with

$username

and if i echo out $username i get the stored session username

 

but no matter what i type it echos out the $username_errortwo error

You might want to try changing how this code is laid out for one.

 

//CHECKS USERNAME
//should also check and make sure no bad input entered by user malicious code.
$query = mysql_query("SELECT * FROM members WHERE username = ".$newusername);
$usernamecheck = mysql_num_rows($query);
$newusername = $_POST['newusername'];

   if(!preg_match("/^[a-z\d]{5,12}$/i", $newusername) && $usernamecheck > 0){  
      // show form user entered bad username
       $username_errorone = "Your username must only contain letter and numbers and be at least 5 characters but no longer than 12 characters in length!<br />";
      include 'profileuserform.php';
   }else{
   $query = "UPDATE members SET username = '$newusername' WHERE username = '$username'";
    $result= mysql_query ($query) or die ('Could not create user.');
   // if suceesfully inserted data into database, send confirmation link to email 
   if($result){
   $_SESSION['username'] = $newusername;
   header('Location: index.php');
   }
   }
?>

 

This should help you in the right direction.  I believe this should work.  I didn't test it.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.