Smudly Posted July 1, 2010 Share Posted July 1, 2010 Currently I'm having troubles getting my Password validation to work properly for my profile page. The user is supposed to be able to change their password after typing in their password. It's currently giving me the error "Invalid Password" no matter what I type. Here is the code. Any help appreciated. (I'm not getting any sql errors) <?php session_start(); include('inc/connect.php'); $username = isset($_SESSION['username']) ? $_SESSION['username'] : ''; $edit = (isset($_POST['edit'])); $passchange = (isset($_POST['passchange'])); if (!empty($username)) { //if user is logged in $sql = mysql_query("SELECT * FROM `users` WHERE `username`='$username'"); $row = mysql_fetch_assoc($sql); $dbfname = $row['fname']; $dblname = $row['lname']; $dbemail = $row['email']; $dbpassword = $row['password']; $password = md5($_POST['password']); $error = ""; if ($edit) { $fnamenew = mysql_real_escape_string(strtolower(strip_tags($_POST['fname']))); $lnamenew = mysql_real_escape_string(strtolower(strip_tags($_POST['lname']))); $emailnew = mysql_real_escape_string(strip_tags($_POST['email'])); $update = "UPDATE `users` SET `fname`='$fnamenew', `lname`='$lnamenew', `email`='$emailnew' WHERE `username`='$username'"; mysql_query($update); //////////// Email Validation //////////// function validEmail($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; } //////////// End Email Validation ///////// $dbfname = $fnamenew; $dblname = $lnamenew; $dbemail = $emailnew; $success = "Success!"; } // Change Password if ($passchange) { if($password){ if($password==$dbpassword){ $passwordnew = md5($_POST['passwordnew']); $passwordconf = md5($_POST['passwordconf']); if (isset($passwordnew) && !empty($passwordnew)){ if (isset($passwordconf) && !empty($passwordconf)){ if ($passwordnew==$passwordconf){ $passupdate = "UPDATE `users` SET `password`='$passwordnew' WHERE `username`='$username'"; mysql_query($passupdate); $passsuccess = "Success!"; } else{ $error = "Your passwords do not match!"; } } else{ $error = "Please type in your Confirmed Password!"; } } else{ $error = "Please type in your New Password!"; } } else{ $error = "Invalid Password"; } } else{ $error = "Please type in your Password!"; } } } ?> <html> <head> <title>Profile</title> <script type="text/javascript" language="javascript"> function inputLimiter(e,allow) { var AllowableCharacters = ''; if (allow == 'UserNameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';} if (allow == 'UsernameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890';} var k; k=document.all?parseInt(e.keyCode): parseInt(e.which); if (k!=13 && k!=8 && k!=0){ if ((e.ctrlKey==false) && (e.altKey==false)) { return (AllowableCharacters.indexOf(String.fromCharCode(k))!=-1); } else { return true; } } else { return true; } } </script> <style> #container{ width: 275px; margin-left: auto; margin-right: auto; } #profile{ width: 222px; text-align: right; margin-left: auto; margin-right: auto; } #changepassword{ width: 268px; text-align: right; margin-left: auto; margin-right: auto; } #centerpro{ width: 60px; margin-left: auto; margin-right: auto; } #centerpas{ width: 120px; margin-left: auto; margin-right: auto; } #center{ width: 150px; margin-left: auto; margin-right: auto; text-align: center; } </style> </head> <body> <div id="container"> <div id="profile"> <h3 align="center">Profile</h3> <form action="newprofile.php" method="POST"> Username: <input type="text" value="<?php echo ucfirst($username); ?>" readonly="readonly"><br /> First Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="fname" value="<?php echo ucfirst($dbfname); ?>"><br /> Last Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="lname" value="<?php echo ucfirst($dblname); ?>"><br /> Email: <input type="text" maxlength="64" name="email" value="<?php echo ucfirst($dbemail); ?>"><br /> <div id="centerpro"><input type="submit" name="edit" value="Submit"></div> <div id="center"><?php echo $success; ?></div> </div> <br /> <br /> <div id="changepassword"> <h3 align="center">Change Password</h3> Password: <input type="password" maxlength="32" name="password"><br /><br /> New Password: <input type="password" maxlength="32" name="passwordnew"><br /> Confirm Password: <input type="password" maxlength="32" name="passwordconf"><br /> <div id="centerpas"><input type="submit" name="passchange" value="Change Password"></div> <div id="center"><?php echo $passsuccess, $error; ?></div> </form> </div> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/206351-take-a-look-at-this-ugly-code/ Share on other sites More sharing options...
ChemicalBliss Posted July 1, 2010 Share Posted July 1, 2010 Looks like somethings up; Echo the Variables, make sure they are what you expect them to be. I'd start with: if($password){ echo("<hr>".$password." == ".$dbpassword."<hr>"); if($password==$dbpassword){ The HR tags are to make it easier to find the output. -cb- Link to comment https://forums.phpfreaks.com/topic/206351-take-a-look-at-this-ugly-code/#findComment-1079461 Share on other sites More sharing options...
Pikachu2000 Posted July 1, 2010 Share Posted July 1, 2010 This may come across as being a rather silly question, but it's not intended to be. You made sure you're using the same hashing algorithm when initially inserting the password in the database, as you're using to compare them now, right? Link to comment https://forums.phpfreaks.com/topic/206351-take-a-look-at-this-ugly-code/#findComment-1079489 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.