chris_s_22 Posted November 22, 2009 Share Posted November 22, 2009 The connect.php what my code refers to, starts the session, connects to database then includes functions.php <?php include_once 'Connect.php'; if (!is_authed()) { die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.'); } $thequery = ("SELECT * FROM members WHERE username = '$username' "); $query = mysql_query($thequery) or die ('session data dont match.'); while ($row = mysql_fetch_assoc($query)) { $username = $row["username"]; } ?> <form action="profileuser.php" method="POST" name="myform2"> <?php if (isset($username_errorone)) {?>There was an error: <?php echo $username_errorone; ?> please try again.<?php } ?> <?php if (isset($username_errortwo)) {?>There was an error: <?php echo $username_errortwo; ?> please try again.<?php } ?> <?php if (isset($usernameexisits_error)) {?>There was an error: <?php echo $usernameexisits_error; ?> please try again.<?php } ?> Username:<input type="text" size="20" maxlength="20" name="newusername" value=" <?php echo $username?>" align="" tabindex=""/> <input type="submit" value="Register" name="submit" align="" tabindex=""> <!--[if IE]><input type="text" style="display: none;" disabled="disabled" size="1" value="Ignore field. IE bug fix" /><![endif]--> </form> this is my form as you can see it starts session,connects to database, checks the function is_authed then gets existing username and dispalys it in the username form value. the data is the passed to the code below <?php include 'Connect.php'; if(!isset($_POST[submit])) // checks that the data being recieved came from a POST variable named 'submit' { // if error reshow the form You cannot access this page directly. include 'profileuserform.php'; exit; } else { //CHECKS USERNAME if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[newusername])) { // Reshow the form with an error $username_errorone = "Your username must only contain letter and numbers and be at least 5 characters but no longer than 12 characters in length!<br />"; include 'profileuserform.php'; exit; } $newusername = $_POST['newusername']; if ($newusername == $_SESSION['username']); { // Reshow the form with an error $username_errortwo = "You entered the same username if you wish to change please choose something new<br />"; include 'profileuserform.php'; exit; } $query = mysql_query("SELECT * FROM members WHERE username = '". $newusername ."'"); if (mysql_num_rows($query) > 0) { // Reshow the form with an error $usernameexisits_error = 'username already taken'; include 'profileuserform.php'; exit; } $query = "UPDATE members SET username = '$newusername' WHERE username = '$username'"; $result= mysql_query ($query) or die ('Could not create user.'); // if suceesfully inserted data into database, send confirmation link to email if($result) { $_SESSION['username'] = $newusername; header('Location: index.php'); } } ?> this then checks data passed to it came from post variable named submit, checks it contains right length and correct characters. (this works fine) it then checks if the new username is same as the old one.(this shows error message as it should) So far everything does everything it should when i tested it. the next check is to see if the new username is unique so it checks the database if its not unique it should dispaly username already taken but if i choose a username already in database or if i enter a complete new username it echos out the $username_errortwo nothing gets updated in mysql and the session data doesnt update either Link to comment https://forums.phpfreaks.com/topic/182498-can-anyone-see-where-im-going-wrong/ Share on other sites More sharing options...
rajivgonsalves Posted November 22, 2009 Share Posted November 22, 2009 where is your session_start() is it there somewhere in the included files ? Link to comment https://forums.phpfreaks.com/topic/182498-can-anyone-see-where-im-going-wrong/#findComment-963209 Share on other sites More sharing options...
chris_s_22 Posted November 22, 2009 Author Share Posted November 22, 2009 yes it is in the connect.php like i say at the start of my post it is from this line it isnt doing what i want it to do if ($newusername == $_SESSION['username']); if i echo out $newusername it always is what i type in the form box i have since replaced this $_SESSION['username'] with $username and if i echo out $username i get the stored session username but no matter what i type it echos out the $username_errortwo error Link to comment https://forums.phpfreaks.com/topic/182498-can-anyone-see-where-im-going-wrong/#findComment-963238 Share on other sites More sharing options...
Cardale Posted November 22, 2009 Share Posted November 22, 2009 You might want to try changing how this code is laid out for one. //CHECKS USERNAME //should also check and make sure no bad input entered by user malicious code. $query = mysql_query("SELECT * FROM members WHERE username = ".$newusername); $usernamecheck = mysql_num_rows($query); $newusername = $_POST['newusername']; if(!preg_match("/^[a-z\d]{5,12}$/i", $newusername) && $usernamecheck > 0){ // show form user entered bad username $username_errorone = "Your username must only contain letter and numbers and be at least 5 characters but no longer than 12 characters in length!<br />"; include 'profileuserform.php'; }else{ $query = "UPDATE members SET username = '$newusername' WHERE username = '$username'"; $result= mysql_query ($query) or die ('Could not create user.'); // if suceesfully inserted data into database, send confirmation link to email if($result){ $_SESSION['username'] = $newusername; header('Location: index.php'); } } ?> This should help you in the right direction. I believe this should work. I didn't test it. Link to comment https://forums.phpfreaks.com/topic/182498-can-anyone-see-where-im-going-wrong/#findComment-963327 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.