$Three3 Posted February 6, 2010 Share Posted February 6, 2010 Hey I am stuck on this code. I cannot seem to figure out why this is not working. I have been on it for a couple of hours now and I just need a pair of fresh eyes to look at this. Here is the code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Update Your Information</title> </head> <body> <?php //Check to see if form has been submitted if (isset($_POST['submiited'])) { //Intialize errors array $errors = array() ; //Validate all information received if (empty($_POST['first_name'])) { $errors[] = '<p>You must enter a first name.</p>' ; } else { $fn = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['first_name']))) ; } if (empty($_POST['last_name'])) { $errors[] = '<p>You must enter a last name.</p>' ; } else { $ln = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['last_name']))) ; } if (empty($_POST['email'])) { $errors[] = '<p>You must enter an email.</p>' ; } else { $email = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['email']))) ; } if (empty($_POST['current_password'])) { $errors[] = '<p>You must enter your current password.</p>' ; } else { $current_password = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['current_password']))) ; } if (!empty($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { $errors[] = '<p>Your new password does not match the confirm new password. Please try again.</p>' ; } else { $pass = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['pass1']))) ; } } else { $errors[] = '<p>You must enter a new password.</p>' ; } //Check to see if there were any errors if (empty($errors)) { //Connect to the database if ($dbc = mysqli_connect('localhost', 'root', 'Sophia211', 'sitename')) { //Create the query for getting the user_id $query = "SELECT user_id FROM users WHERE email = '$email' AND pass = SHA1('$current_password')" ; $result = mysqli_query($dbc, $query) ; if ($result) { $row = mysqli_fetch_array($result, MYSQLI_NUM) ; //Create the UPDATE query $query = "UPDATE users SET first_name = '$fn', last_name = '$ln', email = '$email', pass = '$pass' WHERE user_id = '$row[0]' LIMIT 1" ; $result = mysqli_query($dbc, $query) ; if (mysqli_affected_rows($dbc) == 1) { //The users information has succesfully been updated echo '<p>Thank You! You have successfully updated your personal information.</p>' ; } else { echo '<p><font color ="FF0000">There was an error with the update. Please try again.</font></p>' ; } } else { echo '<p><font color ="FF0000">There was an error validating your information. Please try again.</font></p>' ; } } else { echo '<p><font color ="FF0000">There was an error connection to the database. Please contact the system adminastrator.</font></p>' ; } } else { //There were errors with the validation checks echo '<p><font color ="FF0000">The following errors have occurred:</font></p><br />' ; foreach ($errors as $message) { echo '-<b> $message</b><br />' ; } } } //End of IF SUBMITTED //Display the form echo '<form action="update2.php" method="post"> <p>First Name: <input name="first_name" type="text" size="20" maxlength="20" /></p> <p>Last Name: <input name="last_name" type="text" size="20" maxlength="20" /></p> <p>Email: <input name="email" type="text" size="30" maxlength="80" /></p> <p>Current Password: <input name="current_password" type="password" size="20" maxlength="20" /></p> <p>New Password: <input name="pass1" type="password" size="20" maxlength="20" /></p> <p>Confrim New Password: <input name="pass2" type="password" size="20" maxlength="20" /></p> <p><input name="submit" type="submit" value="Update" /></p> <input name="submitted" type="hidden" value="true" /> </form>' ; ?> </body> </html> When I click on submit it gives me no errors whatsoever and displays the form again. If I click on the submit button with no information in the text boxes it is not giving me any errors that it is supposed to be. I have made plenty of these kind of scripts before but I have no idea why this one is not working. I really appreciate the help on this. Thanks in advance for the help. Quote Link to comment Share on other sites More sharing options...
tmh766 Posted February 6, 2010 Share Posted February 6, 2010 submiited is spelled wrong if (isset($_POST['submiited'])) { Quote Link to comment Share on other sites More sharing options...
$Three3 Posted February 7, 2010 Author Share Posted February 7, 2010 Awesome thanks a lot man. That worked perfectly. Now I have one more problem though. When this page loads you get the html form. When I am testing it the first time for example with the following values: First Name: John Last Name: Smith Email: jsmith@exmple.com Current Password: 1234 New Password: 123456 Confirm New: 123456 Everything works perfectly and I get the message saying everything has worked successfully. But when I put the exact same values in again but just change the passwords around like: First Name: John Last Name: Smith Email: jsmith@exmple.com Current Password: 123456 New Password: 1234 Confirm New: 1234 It gives me an error saying "There was an error with the update. Please try again." Any help on this is greatly appreciated. Here is the PHP code again: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Update Your Information</title> </head> <body> <?php //Check to see if form has been submitted if (isset($_POST['submitted'])) { //Connect to the database if (!$dbc = mysqli_connect('localhost', 'root', 'Sophia211', 'sitename')) { echo '<p><font color ="FF0000">There was an error connection to the database. Please contact the system adminastrator.</font></p>' ; } //Intialize errors array $errors = array() ; //Validate all information received if (empty($_POST['first_name'])) { $errors[] = 'You must enter a first name.' ; } else { $fn = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['first_name']))) ; } if (empty($_POST['last_name'])) { $errors[] = 'You must enter a last name.' ; } else { $ln = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['last_name']))) ; } if (empty($_POST['email'])) { $errors[] = 'You must enter an email.' ; } else { $email = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['email']))) ; } if (empty($_POST['current_password'])) { $errors[] = 'You must enter your current password.' ; } else { $current_password = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['current_password']))) ; } if (!empty($_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { $errors[] = 'Your new password does not match the confirm new password. Please try again.' ; } else { $pass = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['pass1']))) ; } } else { $errors[] = 'You must enter a new password.' ; } //Check to see if there were any errors if (empty($errors)) { //Create the query for getting the user_id $query = "SELECT user_id FROM users WHERE email = '$email' AND pass = SHA1('$current_password')" ; $result = mysqli_query($dbc, $query) ; if ($result) { $row = mysqli_fetch_array($result, MYSQLI_NUM) ; //Create the UPDATE query $query = "UPDATE users SET first_name = '$fn', last_name = '$ln', email = '$email', pass = '$pass' WHERE user_id = '$row[0]' LIMIT 1" ; $result = mysqli_query($dbc, $query) ; if (mysqli_affected_rows($dbc) == 1) { //The users information has succesfully been updated echo '<p>Thank You! You have successfully updated your personal information.</p>' ; } else { echo '<p><font color ="FF0000">There was an error with the update. Please try again.</font></p>' ; } } else { echo '<p><font color ="FF0000">There was an error validating your information. Please try again.</font></p>' ; } } else { //There were errors with the validation checks echo '<p><font color ="FF0000"><b>The following errors have occurred:</b></font></p>' ; foreach ($errors as $message) { echo "- <b>$message</b><br />" ; } } } //End of IF SUBMITTED //Display the form echo '<form action="update2.php" method="post"> <p>First Name: <input name="first_name" type="text" size="20" maxlength="20" /></p> <p>Last Name: <input name="last_name" type="text" size="20" maxlength="20" /></p> <p>Email: <input name="email" type="text" size="30" maxlength="80" /></p> <p>Current Password: <input name="current_password" type="password" size="20" maxlength="20" /></p> <p>New Password: <input name="pass1" type="password" size="20" maxlength="20" /></p> <p>Confirm New Password: <input name="pass2" type="password" size="20" maxlength="20" /></p> <p><input name="submit" type="submit" value="Update" /></p> <input name="submitted" type="hidden" value="true" /> </form>' ; ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
$Three3 Posted February 7, 2010 Author Share Posted February 7, 2010 Never mind figured it out. When updating the database I was forgetting to apply the SHA1 function to the new password. Works great now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.