anastasia0181 Posted June 17, 2011 Share Posted June 17, 2011 Hi, I have an application for creating accounts with : "Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i only change name or email the password gets encrypted a second time. -------------------------------------------------------------------------- Below is my code for the update page, I want to update the password only when it is changed. *********************************************************************** <?php require_once('../../Connections/myDB.php'); ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) { $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Name'], "text"), GetSQLValueString($_POST['Email'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int")); mysql_select_db($database_myDB, $myDB); $Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error()); $updateGoTo = "accounts.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } $colname_rsUp = "1"; if (isset($_GET['id'])) { $colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']); } mysql_select_db($database_myDB, $myDB); $query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp); $rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error()); $row_rsUp = mysql_fetch_assoc($rsUp); $totalRows_rsUp = mysql_num_rows($rsUp); ?> <form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST"> <table width="280" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <th height="34" width="85"><div align="left" >Name : </div></th> <td colspan="4"> <input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Email:</div></th> <td colspan="4"> <span id="two"> <input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Password:</div></th> <td colspan="4"> <input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" /> </td> </tr> <tr> <td> </td> <td width="61"> </td> <td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td> </tr> </table> <input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" /> <input type="hidden" name="MM_update" value="loginForm"> </form> <?php mysql_free_result($rsUp); ?> ************************************************************************** Thank you. Quote Link to comment Share on other sites More sharing options...
RussellReal Posted June 17, 2011 Share Posted June 17, 2011 Welcome to the forum, congrats on the first post, but I hate to be a jerk.. Please use code tags or php tags, trying to read that code without punctuation or anything really hurts my eyes (I got bad eyes <3) Thanks, I'll check back when you got code tags or php tags in there! Quote Link to comment Share on other sites More sharing options...
anastasia0181 Posted June 17, 2011 Author Share Posted June 17, 2011 Hi RussellReal I really appreciate you trying to help me, this is the first time I put code in a forum, do you want me to put all code between tags <code> and </code> like this <?php require_once('../../Connections/myDB.php'); ?> <?php if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) { $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Name'], "text"), GetSQLValueString($_POST['Email'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int")); mysql_select_db($database_myDB, $myDB); $Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error()); } $colname_rsUp = "1"; if (isset($_GET['id'])) { $colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']); } mysql_select_db($database_myDB, $myDB); $query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp); $rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error()); $row_rsUp = mysql_fetch_assoc($rsUp); $totalRows_rsUp = mysql_num_rows($rsUp); ?> <form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST"> <table width="280" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <th height="34" width="85"><div align="left" >Name : </div></th> <td colspan="4"> <input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Email:</div></th> <td colspan="4"> <span id="two"> <input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Password:</div></th> <td colspan="4"> <input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" /> </td> </tr> <tr> <td> </td> <td width="61"> </td> <td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td> </tr> </table> <input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" /> <input type="hidden" name="MM_update" value="loginForm"> </form> <?php mysql_free_result($rsUp); ?> MOD EDIT: . . . tags added. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted June 18, 2011 Share Posted June 18, 2011 In this forum, you post your code between tags. Ken Quote Link to comment Share on other sites More sharing options...
anastasia0181 Posted June 18, 2011 Author Share Posted June 18, 2011 Hi , With the tags I get the same results as my first post. Quote Link to comment Share on other sites More sharing options...
RussellReal Posted June 18, 2011 Share Posted June 18, 2011 make sure you back up your code, I am not absolutely sure what it is that you want change: $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Name'], "text"), GetSQLValueString($_POST['Email'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int")); to: $updateSQL = sprintf("UPDATE userTbl SET Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int")); Quote Link to comment Share on other sites More sharing options...
anastasia0181 Posted June 23, 2011 Author Share Posted June 23, 2011 Thank you RussellReal that is what I acctually did, I created a separate page for changing password. Your help was appreciated . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.