Jump to content


Photo

username/password change


  • Please log in to reply
3 replies to this topic

#1 simonsays

simonsays
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 29 August 2006 - 04:21 PM

I seem to be a bit in trouble with changing username or password of a logged in user. Everytime the user changes it, the username/password in session don't seem to be updated and when a user tries to go to any page he gets automatically logged out and has to log in again... How can I solve the problem?

Here are both complete scripts, that I use:

index.php
<?

require_once('Smarty.class.php');
$smarty = new Smarty();

function checkUser($login, $pass) {
$sql = mysql_query("SELECT id FROM admin WHERE login = '$login' AND password = '$pass'") or die(mysql_error());
if (mysql_num_rows($sql) == 1) {
return true;
} else {return false;}
}

function GetName($login){$result=mysql_query("SELECT name FROM admin WHERE login='$login'") or die(mysql_error());
return $name=mysql_result($result, 0, 'name');
}

include_once 'data.php';
include_once 'security.php';
session_start();
 
$junk = array(',' , '/' ,"\\", '`' , ';' , '[' ,  ']' , '-', '_', '*', '&', '^', '#', '!', '~', '+', '(', ')', '|', '{', '}', '<', '>', '?', ':', '"', '=', 'ь', 'х', 'д', 'ц');
 
if (isset($_POST['uid']) && isset($_POST['pwd'])){
$len = strlen($_POST['uid']);
$_POST['uid'] = str_replace($junk, '', $_POST['uid']);
$test = $_POST['uid'];
if(strlen($test) != $len) {
$smarty->assign('viga', 1);
  }
$passlen = strlen($_POST['pwd']);
$_POST['pwd'] = str_replace($junk, '', $_POST['pwd']);
$test2 = $_POST['pwd'];
if(strlen($test2) != $passlen) {
$smarty->assign('viga', 1);
  }}

 if (isset($_POST['uid']) && isset($_POST['pwd'])) {
 
$uid = security($_POST['uid']);
$pwd = security($_POST['pwd']);

if (checkUser($uid, $pwd)) {

$_SESSION['auid'] = $uid;
$_SESSION['apwd'] = $pwd;

$smarty->assign('uid', $_SESSION['auid']);
$smarty->assign('pwd', $_SESSION['apwd']);

$name=GetName($_SESSION['auid']);
$smarty->assign('name', $name);

} else {
$smarty->assign('viga', 1);
}} 
 
 elseif (isset($_SESSION['auid']) && isset($_SESSION['apwd'])) {

$uid = $_SESSION['auid'];
$pwd = $_SESSION['apwd'];

$name=GetName($_SESSION['auid']);
$smarty->assign('name', $name);

if (checkUser($uid, $pwd)) {
	
$smarty->assign('uid', $uid);
$smarty->assign('pwd', $pwd);

	}
	else {
	$smarty->assign('viga', 1);
	}
 }

if ((isset($_GET['logout'])) && ($_GET['logout']==1)) {
        session_unset();
 	session_destroy();
	header("Location:index.php");
}

switch ($_GET['page'])
{
case 'change':
  $smarty->assign('show', 'change');
  break;
  case 'addevent':
  $smarty->assign('show', 'addevent');
  break;
default:
  $smarty->assign('page', 1);
}

$smarty->assign('target', $_SERVER[PHP_SELF]);
$smarty->display('back.tpl');


?>

change.php, that gets included into back.tpl when $_GET[page] == change
<?

require_once('Smarty.class.php');
$smarty = new Smarty();

include_once 'security.php';
include_once 'data.php';

include_once 'checkuser2.php';

if(isset($_POST['olduid'])){

if($_POST['olduid']==NULL OR $_POST['uid1']==NULL OR $_POST['uid2']==NULL){
$smarty->assign('emptyuser', 1);
}
elseif($_POST['uid1']!=$_POST['uid2']){
$smarty->assign('umismatch', 1);
}
else{
$old=security($_POST['olduid']);
if ($_SESSION['auid'] == $old){

$new=security($_POST['uid1']);

if (checkUser2($new)==TRUE){

$result=mysql_query("UPDATE admin SET login='$new' WHERE login='$old'") or die(mysql_error());
$smarty->assign('uuspeh', 1);
$_SESSION['auid']=$new;
}else{$smarty->assign('exists', 1);}
}
else {$smarty->assign('wrongold', 1);}
}
}

if(isset($_POST['oldpass'])){
if($_POST['oldpass']==NULL OR $_POST['pass1']==NULL OR $_POST['pass2']==NULL){
$smarty->assign('emptypass', 1);
}
elseif($_POST['pass1']!=$_POST['pass2']){
$smarty->assign('pmismatch', 1);
}
else{
$old=security($_POST['oldpass']);
if ($_SESSION['apwd']==$old){
$new=security($_POST['pass1']);
$result=mysql_query("UPDATE admin SET password='$new' WHERE password='$old' AND login='$_SESSION[auid]'") or die(mysql_error());
$smarty->assign('puspeh', 1);
$_SESSION['apwd']=$new;
} else {$smarty->assign('wrongoldp', 1);}
}
}

$smarty->assign('target', $_SERVER[PHP_SELF]);
$smarty->display('change.tpl');


?>


#2 Corona4456

Corona4456
  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts
  • LocationEl Paso, TX

Posted 29 August 2006 - 09:20 PM

$_SESSION['apwd']==$new

You check for equality and don't actually set the password for the session
What is the CoronaMatrix?

#3 simonsays

simonsays
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 29 August 2006 - 10:43 PM

that was a silly mistake. shame on me. I corrected it, but the situation seemed to be the same
Then I realized that I simply never assigned new value to Smarty engine. Thanks!

#4 Corona4456

Corona4456
  • Members
  • PipPipPip
  • Advanced Member
  • 244 posts
  • LocationEl Paso, TX

Posted 29 August 2006 - 11:27 PM

No problem... glad to help :).
What is the CoronaMatrix?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users