simonsays Posted August 29, 2006 Share Posted August 29, 2006 I seem to be a bit in trouble with changing username or password of a logged in user. Everytime the user changes it, the username/password in session don't seem to be updated and when a user tries to go to any page he gets automatically logged out and has to log in again... How can I solve the problem?Here are both complete scripts, that I use:index.php[code]<?require_once('Smarty.class.php');$smarty = new Smarty();function checkUser($login, $pass) {$sql = mysql_query("SELECT id FROM admin WHERE login = '$login' AND password = '$pass'") or die(mysql_error());if (mysql_num_rows($sql) == 1) {return true;} else {return false;}}function GetName($login){$result=mysql_query("SELECT name FROM admin WHERE login='$login'") or die(mysql_error());return $name=mysql_result($result, 0, 'name');}include_once 'data.php';include_once 'security.php';session_start(); $junk = array(',' , '/' ,"\\", '`' , ';' , '[' , ']' , '-', '_', '*', '&', '^', '#', '!', '~', '+', '(', ')', '|', '{', '}', '<', '>', '?', ':', '"', '=', 'ь', 'х', 'д', 'ц'); if (isset($_POST['uid']) && isset($_POST['pwd'])){$len = strlen($_POST['uid']);$_POST['uid'] = str_replace($junk, '', $_POST['uid']);$test = $_POST['uid'];if(strlen($test) != $len) {$smarty->assign('viga', 1); }$passlen = strlen($_POST['pwd']);$_POST['pwd'] = str_replace($junk, '', $_POST['pwd']);$test2 = $_POST['pwd'];if(strlen($test2) != $passlen) {$smarty->assign('viga', 1); }} if (isset($_POST['uid']) && isset($_POST['pwd'])) { $uid = security($_POST['uid']);$pwd = security($_POST['pwd']);if (checkUser($uid, $pwd)) {$_SESSION['auid'] = $uid;$_SESSION['apwd'] = $pwd;$smarty->assign('uid', $_SESSION['auid']);$smarty->assign('pwd', $_SESSION['apwd']);$name=GetName($_SESSION['auid']);$smarty->assign('name', $name);} else {$smarty->assign('viga', 1);}} elseif (isset($_SESSION['auid']) && isset($_SESSION['apwd'])) {$uid = $_SESSION['auid'];$pwd = $_SESSION['apwd'];$name=GetName($_SESSION['auid']);$smarty->assign('name', $name);if (checkUser($uid, $pwd)) { $smarty->assign('uid', $uid);$smarty->assign('pwd', $pwd); } else { $smarty->assign('viga', 1); } }if ((isset($_GET['logout'])) && ($_GET['logout']==1)) { session_unset(); session_destroy(); header("Location:index.php");}switch ($_GET['page']){case 'change': $smarty->assign('show', 'change'); break; case 'addevent': $smarty->assign('show', 'addevent'); break;default: $smarty->assign('page', 1);}$smarty->assign('target', $_SERVER[PHP_SELF]);$smarty->display('back.tpl');?>[/code]change.php, that gets included into back.tpl when $_GET[page] == change[code]<?require_once('Smarty.class.php');$smarty = new Smarty();include_once 'security.php';include_once 'data.php';include_once 'checkuser2.php';if(isset($_POST['olduid'])){if($_POST['olduid']==NULL OR $_POST['uid1']==NULL OR $_POST['uid2']==NULL){$smarty->assign('emptyuser', 1);}elseif($_POST['uid1']!=$_POST['uid2']){$smarty->assign('umismatch', 1);}else{$old=security($_POST['olduid']);if ($_SESSION['auid'] == $old){$new=security($_POST['uid1']);if (checkUser2($new)==TRUE){$result=mysql_query("UPDATE admin SET login='$new' WHERE login='$old'") or die(mysql_error());$smarty->assign('uuspeh', 1);$_SESSION['auid']=$new;}else{$smarty->assign('exists', 1);}}else {$smarty->assign('wrongold', 1);}}}if(isset($_POST['oldpass'])){if($_POST['oldpass']==NULL OR $_POST['pass1']==NULL OR $_POST['pass2']==NULL){$smarty->assign('emptypass', 1);}elseif($_POST['pass1']!=$_POST['pass2']){$smarty->assign('pmismatch', 1);}else{$old=security($_POST['oldpass']);if ($_SESSION['apwd']==$old){$new=security($_POST['pass1']);$result=mysql_query("UPDATE admin SET password='$new' WHERE password='$old' AND login='$_SESSION[auid]'") or die(mysql_error());$smarty->assign('puspeh', 1);$_SESSION['apwd']=$new;} else {$smarty->assign('wrongoldp', 1);}}}$smarty->assign('target', $_SERVER[PHP_SELF]);$smarty->display('change.tpl');?>[/code] Link to comment https://forums.phpfreaks.com/topic/19034-usernamepassword-change/ Share on other sites More sharing options...
Corona4456 Posted August 29, 2006 Share Posted August 29, 2006 [code]$_SESSION['apwd']==$new[/code]You check for equality and don't actually set the password for the session Link to comment https://forums.phpfreaks.com/topic/19034-usernamepassword-change/#findComment-82459 Share on other sites More sharing options...
simonsays Posted August 29, 2006 Author Share Posted August 29, 2006 that was a silly mistake. shame on me. I corrected it, but the situation seemed to be the sameThen I realized that I simply never assigned new value to Smarty engine. Thanks! Link to comment https://forums.phpfreaks.com/topic/19034-usernamepassword-change/#findComment-82499 Share on other sites More sharing options...
Corona4456 Posted August 29, 2006 Share Posted August 29, 2006 No problem... glad to help :). Link to comment https://forums.phpfreaks.com/topic/19034-usernamepassword-change/#findComment-82521 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.