password can only be changed when a particular field has data entred

[Doug]

Hello,

 

I have been wrestling with this for some time now and cannot understand what is happening.

 

I have an area in my website where users can add more information for themselves n their profile, if they wish and change their password. This works apart from the changing password. For some reason the user can only change the password if the fieldd 'age' has data in it. If  'age' has no data then no other fields entered by the user are saved and the password does not change to the users preferred choice.

 

For the life of me I cannot see why this would be

 

Any help greatly appreciated

 

Code below.

<?php require_once('top1.php');
?>

<?php require_once('navmenu.php'); ?>
<title>title</title>
  





<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  
<title>title</title>
  
<link rel="stylesheet" type="text/css" href="style.css" />

</head>

<body>
  
<h3>Edit Profile</h3>


<?php



require_once('appvars.php');
  require_once('connectvars1.php');

  
// Make sure the user is logged in before going any further.
  
if (!isset($_SESSION['user_id'])) {
    echo '<p class="login">Please <a href="login1.php">log in</a> to access this page.</p>';
    
exit();
  
}
  


  // Connect to the database
  
$dbc = mysqli_connect(DB_Host, DB_User, DB_Password, DB_Name);

  
if (isset($_POST['submit'])) {
    

// Grab the profile data from the POST
    
$first_name = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
    
$last_name = mysqli_real_escape_string($dbc, trim($_POST['lastname']));

$age = mysqli_real_escape_string($dbc, trim($_POST['age']));

$username = mysqli_real_escape_string($dbc, trim($_POST['username']));
    
$gender = mysqli_real_escape_string($dbc, trim($_POST['gender']));
    
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));

$lookingfor = mysqli_real_escape_string($dbc, trim($_POST['lookingfor']));

$haircolor = mysqli_real_escape_string($dbc, trim($_POST['haircolor']));

$height = mysqli_real_escape_string($dbc, trim($_POST['height']));

$education = mysqli_real_escape_string($dbc, trim($_POST['education']));

$drink = mysqli_real_escape_string($dbc, trim($_POST['drink']));

$children = mysqli_real_escape_string($dbc, trim($_POST['children']));

$ethnicity = mysqli_real_escape_string($dbc, trim($_POST['ethnicity']));

$smoker = mysqli_real_escape_string($dbc, trim($_POST['smoker']));

$interests = mysqli_real_escape_string($dbc, trim($_POST['interests']));

$aboutme = mysqli_real_escape_string($dbc, trim($_POST['aboutme']));



//$old_password = mysqli_real_escape_string($dbc, trim($_POST['old_password']));

$new_password1 = mysqli_real_escape_string($dbc, trim($_POST['new_password1']));

$new_password2 = mysqli_real_escape_string($dbc, trim($_POST['new_password2']));
    
$old_picture = mysqli_real_escape_string($dbc, trim($_POST['old_picture']));
    
$new_picture = mysqli_real_escape_string($dbc, trim($_FILES['new_picture']['name']));
    
$new_picture_type = $_FILES['new_picture']['type'];
    $new_picture_size = $_FILES['new_picture']['size']; 
    
if (!empty($_FILES['new_picture']['tmp_name'])) {list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']);}




//list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']);
    
$error = false;

    

// Validate and move the uploaded picture file, if necessary
    
if (!empty($new_picture)) {
      if ((($new_picture_type == 'image/gif') || ($new_picture_type == 'image/jpeg') || ($new_picture_type == 'image/pjpeg') ||
        ($new_picture_type == 'image/png')) && ($new_picture_size > 0) && ($new_picture_size <= MM_MAXFILESIZE) &&
        ($new_picture_width <= MM_MAXIMGWIDTH) && ($new_picture_height <= MM_MAXIMGHEIGHT)) {
        if ($_FILES['new_picture']['error'] == 0) {
          

// Move the file to the target upload folder
          
$target = MM_UPLOADPATH . basename($new_picture);
          
if (move_uploaded_file($_FILES['new_picture']['tmp_name'], $target)) {
            

// The new picture file move was successful, now make sure any old picture is deleted
            
if (!empty($old_picture) && ($old_picture != $new_picture)) {
              @unlink(MM_UPLOADPATH . $old_picture);
            }
          }
          else {
            

// The new picture file move failed, so delete the temporary file and set the error flag
            
@unlink($_FILES['new_picture']['tmp_name']);
            
$error = true;
            echo '<p class="error">Sorry, there was a problem uploading your picture.</p>';

          }
        }
      }
      
else {
        
// The new picture file is not valid, so delete the temporary file and set the error flag
        
@unlink($_FILES['new_picture']['tmp_name']);

        $error = true;
        
echo '<p class="error">Your picture must be a GIF, JPEG, or PNG image file no greater than ' . (MM_MAXFILESIZE / 1024) .
          ' KB and ' . MM_MAXIMGWIDTH . 'x' . MM_MAXIMGHEIGHT . ' pixels in size.</p>';
      }
    }

    if ($new_password1 == $new_password2)  { 


echo '<p>passwords ok</p>';
}
else {
$error = true;
echo '<p class="error">The passwords do not match. Please <a href="editprofile3.php"> re enter them</a></p>';
mysqli_close($dbc);
        exit();
}

$error = false;


// Update the profile data in the database
    
if (!$error) {
      if (!empty($first_name) && !empty($last_name) && !empty($username) && !empty($gender) && !empty($email)) {
        // Only set the picture column if there is a new picture
// Only set the password in there is a new one
        if (!empty($new_picture)) {
if (!empty($new_password1)) {
          $query = "UPDATE registration SET first_name = '$first_name', last_name = '$last_name', username = '$username', gender = '$gender', " .
            " email = '$email', password = '$new_password1', picture = '$new_picture' WHERE user_id = '" . $_SESSION['user_id'] .
"'";
        }
}

        else {
          
$query = "UPDATE registration SET first_name = '$first_name', last_name = '$last_name', age = '$age', username = '$username', gender = '$gender', " .
            " email = '$email', lookingfor = '$lookingfor', haircolor = '$haircolor', " .
    " height = '$height', education = '$education', drink = '$drink', children = '$children', ethnicity = '$ethnicity', " .
    " smoker = '$smoker', interests = '$interests', aboutme = '$aboutme', password = '$new_password1'  WHERE user_id = '" . $_SESSION['user_id'] . 

"'";
        }
        mysqli_query($dbc, $query);

        

// Confirm success with the user
        
echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile1.php">view your profile</a>?</p>';


        
mysqli_close($dbc);
        exit();
    
  }
      
else {
        echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>';
   
   }
    }
  } 

// End of check for form submission
  else {
    

// Grab the profile data from the database
    
$query = "SELECT * FROM registration WHERE user_id = '" . $_SESSION['user_id'] . "'";
    
$data = mysqli_query($dbc, $query);
    
$row = mysqli_fetch_array($data);

    
if ($row != NULL) {
      $first_name = $row['first_name'];
      
$last_name = $row['last_name'];

$username = $row['username'];

$age = $row['age'];

$gender = $row['gender'];
      
$email = $row['email'];
      
$lookingfor = $row['lookingfor'];

$haircolor = $row['haircolor'];

$height = $row['height'];

$education = $row['education'];

$drink = $row['drink'];

$children = $row['children'];

$ethnicity = $row['ethnicity'];

$smoker = $row['smoker'];

$interests = $row['interests'];

$aboutme = $row['aboutme'];

$new_password1 = $row['password'];

//$old_password = $row['old_password'];

$old_picture = $row['picture'];
    
}
    else {
      echo '<p class="error">There was a problem accessing your profile.</p>';

    }
  }


  mysqli_close($dbc);

?>

  
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
    
<fieldset>
      <legend>Personal Information</legend>
      <label for="firstname">First name:</label>
      <input type="text" id="firstname" name="firstname" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br />

      <label for="lastname">Last name:</label>
      <input type="text" id="lastname" name="lastname" value="<?php if (!empty($last_name)) echo $last_name; ?>" /><br />

<label for="username">Username:</label>
      <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />

<label for="age">Age:</label>
      <input type="text" id="age" name="age" value="<?php if (!empty($age)) echo $age; ?>" /><br />


      <label for="gender">Gender:</label> <select id="gender" name="gender">
        <option value="M" <?php if (!empty($gender) && $gender == 'M') echo 'selected = "selected"'; 
?>>Male</option>
        <option value="F" <?php if (!empty($gender) && $gender == 'F') echo 'selected = "selected"'; ?>>Female</option>
      </select><br />

<label for="lookingfor">Looking for:</label> <select id="lookingfor" name="lookingfor">

        <option value="a date" <?php if (!empty($lookingfor) && $lookingfor == 'a date') echo 'selected = "selected"'; ?>>a date</option>
<option value="friends" <?php if (!empty($lookingfor) && $lookingfor == 'lookingfor') echo 'selected = "selected"'; ?>>friends</option>
<option value="a sports partner" <?php if (!empty($lookingfor) && $lookingfor == 'lookingfor') echo 'selected = "selected"'; ?>>sports 

partner</option>
<option value="nothing in particular" <?php if (!empty($lookingfor) && $lookingfor == 'lookingfor') echo 'selected = "selected"'; ?>>nothing in 

particular</option>
      </select><br />

<label for="haircolor">Hair colour:</label>
      <input type="text" id="haircolor" name="haircolor" value="<?php if (!empty($haircolor)) echo $haircolor; ?>" /><br />



<label for"height">Height:</label>
<input type="text" id="height" name="height" value="<?php if (!empty($height)) echo $height; ?>" /><br />

<label for="education">Education:</label>
      <input type="text" id="education" name="education" value="<?php if (!empty($education)) echo $education; ?>" /><br />

<label for="drink">Do you drink?:</label>
      <input type="text" id="drink" name="drink" value="<?php if (!empty($drink)) echo $drink; ?>" /><br />

<label for="children">Do you want Children?:</label>
      <input type="text" id="children" name="children" value="<?php if (!empty($children)) echo $children; ?>" /><br />

<label for="ethnicity">Ethnicity:</label>
<input type="text" id="ethnicity" name="ethnicity" value="<?php if (!empty($ethnicity)) echo '$ethnicity'; ?>" /></br />

<label for="smoker">Are you a smoker?</label> <select id="smoker" name="smoker">
	<option value="No" <?php if (!empty($smoker) && $smoker == 'No') echo 'selected = "selected"'; 
?>>No</option>
        <option value="Yes" <?php if (!empty($smoker) && $gender == 'Yes') echo 'selected = "selected"'; ?>>Yes</option>
      </select><br />


<label for="interests">Main interests:</label>
<input type="text" id="interests" name="interests" value="<?php if (!empty($interests)) echo $interests; ?>" /><br />

<label for="aboutme">About me:</label>
      <input type="text" id="aboutme" name="aboutme" value="<?php if (!empty($aboutme)) echo $aboutme; ?>" /><br />

      <label for="email">Email:</label>
      <input type="text" id="email" name="email" value="<?php if (!empty($email)) echo $email; ?>" /><br />


<label for "currentpwd">Current password:</label>
<?php echo $new_password1; ?><br />

<label for="new_password1">New Password:</label>
<input type="password" id="new_password1" name="new_password1" value="<?php if(!empty($new_password1)) echo $new_password1; ?>" /><br />
<label for="new_passowrd2">Verify New Password:</label>
<input type="password" id="new_password2" name="new_password2" value="<?php if(!empty($new_password1)) echo $new_password1; ?>" /><br />


<input type="hidden" name="old_picture" value="<?php if (!empty($old_picture)) echo $old_picture; ?>" />
      <label for="new_picture">Picture:</label>
      <input type="file" id="new_picture" name="new_picture" />
      <?php if (!empty($old_picture)) {
        echo '<img class="profile" src="' . MM_UPLOADPATH . $old_picture . '" alt="Profile Picture"style="max-width:150px; max-height:110px" />';
      } 

    ?>
   
</fieldset>
    
<input type="submit" value="Save Profile" name="submit" />
  
</form>
<?php echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout3.php">Log out</a>.</p>');

  ?>

<p><a href="index5.php">Return to homepage</a></p>


<?php require_once('footer.php');
?>
</body> 

</html>

[mikesta707]

Ok. A couple things. When posting code, only post the relevant code. No one wants to wade through lines and lines of script just to FIND the code that is giving you problems. Please don't just copy and paste your entire page next time.

 

Anyways, this code:

if (!$error) {
      if (!empty($first_name) && !empty($last_name) && !empty($username) && !empty($gender) && !empty($email)) {
        // Only set the picture column if there is a new picture
// Only set the password in there is a new one
        if (!empty($new_picture)) {
if (!empty($new_password1)) {
          $query = "UPDATE registration SET first_name = '$first_name', last_name = '$last_name', username = '$username', gender = '$gender', " .
            " email = '$email', password = '$new_password1', picture = '$new_picture' WHERE user_id = '" . $_SESSION['user_id'] .
"'";
        }
}

        else {

 

Is this the code block that is giving you trouble?

 

What happens when you don't enter in the age? Blank page? an error? Script just doesn't do anything? Is there any feedback from your script (IE one of your error messages pop up)

 

if you don't already have error reporting try turning it on all the way by putting the following at the top of your page

ini_set('display_errors',1);
error_reporting(E_ALL);

[Pikachu2000]

See if the query returns an error under the conditions you've described by using mysqli_error(), and also echo the query string at the same time. Remove the or die() statement for use on a live server, or set up loging and use trigger_error() instead.

 

}
         mysqli_query($dbc, $query) or die("<br>Query $query<br>Failed with error: " . mysqli_error($dbc) . '<br>On line: ' . __LINE__); // <--- Modified this line
         // Confirm success with the user
         echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile1.php">view your profile</a>?</p>';
         mysqli_close($dbc);

[Doug]

Apologies for the long code...but I'm not exactly sure where the error lies.

 

Not sure if I was totally clear. There is no error if the user enters data in the field 'age' It only occurs if this field is left blank. Filling any other fields makes little diference.

 

Using the line mysqli_query($dbc, $query) or die("<br>Query $query<br>Failed with error: " . mysqli_error($dbc) . '<br>On line: ' . __LINE__);  everything appears to be correct the error message being:

 

Failed with error: Incorrect integer value: '' for column 'age' at row 1.

 

Which was expected as the field was left empty.

 

 

[mikesta707]

Ok, well the problem lies in the fact that you try to update all the fields even though they may not be filled out. This produces an error with age, but with the other fields, if they are empty the users row date will be overwritten with that empty data. What you need to do is find out which fields were left empty, and dynamically build you query so you leave out the empty fields from the update query. SO instead of writing

$query = "UPDATE registration SET first_name = '$first_name', last_name = '$last_name', username = '$username', gender = '$gender', " .
            " email = '$email', password = '$new_password1', picture = '$new_picture' WHERE user_id = '" . $_SESSION['user_id'] .
"'";

regardless of what is set and not set, you want to have some conditions (like if (empty($age))), which will change your update statement.

[Doug]

I understand but have not found th right syntax.

 

How far off am I?

 

if (empty($age) {
          $query = "UPDATE registration SET first_name = '$first_name', last_name = '$last_name', username = '$username', gender = '$gender', " .
            " email = '$email', age = '1',  password = '$new_password1', picture = '$new_picture' WHERE user_id = '" . $_SESSION['user_id'] .
"'";
        }
}}

[Doug]

obviuolsy there should be another  ) after age

 

 

Corrected (but still not working)

if (!empty($new_picture)) {
if (!empty($new_password1)) {
if (empty($age)) {
          $query = "UPDATE registration SET first_name = '$first_name', last_name = '$last_name', username = '$username', gender = '$gender', " .
            " email = '$email', age = '1',  password = '$new_password1', picture = '$new_picture' WHERE user_id = '" . $_SESSION['user_id'] .
"'";
        }
}}