forumnz Posted January 2, 2007 Share Posted January 2, 2007 I have this code where someone can update their user information.I cant figure out how to validate the password and im not even sure if its updating the password.Heres the code:[code]<?php session_start(); $con = mysql_connect("localhost","$$$","$$$"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con);if( isset($_POST['Submit']) ) { //Store/validate/escape $email = $_POST['email']; $area = $_POST['area']; $phone = $_POST['phone']; $age = $_POST['age']; $message = $_POST['message']; //Reset unset($_POST); $id = $_SESSION['userid']; $query = "UPDATE members SET email='$email', area='$area', phone='$phone', age='$age', message='$message' WHERE id='$id'"; mysql_query($query); //echo "$query\n\n"; if( mysql_errno() ) { echo "\n\nERROR: " . mysql_error(); }} $valid = false; if( isset($_SESSION['userid']) ) { //do whatever appropriate validation is necessary on id //if we encounter errors abort? $id = $_SESSION['userid']; //No errors... proceed //connect to database $query = "SELECT email, area, phone, age, message FROM members WHERE id = '$id'"; //echo "$query\n\n"; $result = mysql_query($query); if( mysql_errno() ) { echo "\n\nERROR: " . mysql_error(); } $row = mysql_fetch_row($result); $email = ""; //echo "EMAIL: $email\n"; $area = ""; //echo "AREA: $area\n"; $phone = ""; //echo "PHONE: $phone\n"; $age = ""; //echo "AGE: $age\n"; $message = ""; //echo "MESSAGE: $message\n"; if( $row ) { $valid = true; $email = $row[0]; $area = $row[1]; $phone = $row[2]; $age = $row[3]; $message = $row[4]; } else { //Invalid username... handle error appropriately $valid = false; } //disconnect from database } else { //ERROR - Not logged in.... //Redirect to login page? $valid = false; } if( !$valid ) { //Errors, redirect.... }?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Page to test</title></head><body><p>Edit Profile</p><form id="form1" name="form1" method="post" action="edit.php"><p>Password : <input name="password" type="text" id="password" /> Confirm Password : <input name="password" type="text" id="password" /></p><p>Email Address : <?php echo "<input name=\"email\" type=\"text\" id=\"email\" value=\"$email\" />\n"; ?></p><p>Area : <?php echo "<input name=\"area\" type=\"text\" id=\"area\" value=\"$area\" />\n"; ?></p><p>Phone Number :<?php echo "<input name=\"phone\" type=\"text\" id=\"phone\" value=\"$phone\" />\n"; ?> </p><p>Age : <?php echo "<input name=\"age\" type=\"text\" id=\"age\" value=\"$age\" />\n";?></p><p>Personal Message : <?php echo "<textarea name=\"message\" id=\"message\">$message</textarea>\n"; ?></p><p> <label> <input type="submit" name="Submit" value="Go!" /> </label></p></form><p> </p></body></html>[/code] Link to comment https://forums.phpfreaks.com/topic/32615-how-can-i-validate-the-password/ Share on other sites More sharing options...
trq Posted January 2, 2007 Share Posted January 2, 2007 I dont see anything in your code about a password. What do you want to do? Link to comment https://forums.phpfreaks.com/topic/32615-how-can-i-validate-the-password/#findComment-151701 Share on other sites More sharing options...
forumnz Posted January 2, 2007 Author Share Posted January 2, 2007 Im sorry heres the code:The password isnt being updated either:[code]<?php session_start(); $con = mysql_connect("localhost","$$$","$$$"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con);if( isset($_POST['Submit']) ) { //Store/validate/escape $password = $_POST['password']; $email = $_POST['email']; $area = $_POST['area']; $phone = $_POST['phone']; $age = $_POST['age']; $message = $_POST['message']; //Reset unset($_POST); $id = $_SESSION['userid']; $query = "UPDATE members SET password='$password', email='$email', area='$area', phone='$phone', age='$age', message='$message' WHERE id='$id'"; mysql_query($query); //echo "$query\n\n"; if( mysql_errno() ) { echo "\n\nERROR: " . mysql_error(); }} $valid = false; if( isset($_SESSION['userid']) ) { //do whatever appropriate validation is necessary on id //if we encounter errors abort? $id = $_SESSION['userid']; //No errors... proceed //connect to database $query = "SELECT password, email, area, phone, age, message FROM members WHERE id = '$id'"; //echo "$query\n\n"; $result = mysql_query($query); if( mysql_errno() ) { echo "\n\nERROR: " . mysql_error(); } $row = mysql_fetch_row($result); $password = ""; //echo "PASSWORD: $password\n"; $email = ""; //echo "EMAIL: $email\n"; $area = ""; //echo "AREA: $area\n"; $phone = ""; //echo "PHONE: $phone\n"; $age = ""; //echo "AGE: $age\n"; $message = ""; //echo "MESSAGE: $message\n"; if( $row ) { $valid = true; $password = $row[0]; $email = $row[1]; $area = $row[2]; $phone = $row[3]; $age = $row[4]; $message = $row[5]; } else { //Invalid username... handle error appropriately $valid = false; } //disconnect from database } else { //ERROR - Not logged in.... //Redirect to login page? $valid = false; } if( !$valid ) { //Errors, redirect.... }?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Page to test</title></head><body><p>Edit Profile</p><form id="form1" name="form1" method="post" action="edit.php"><p>Password : <?php echo "<input name=\"password\" type=\"password\" id=\"password\" value=\"$password\" />\n"; ?> Confirm Password : <input name="password" type="text" id="password" /></p><p>Email Address : <?php echo "<input name=\"email\" type=\"text\" id=\"email\" value=\"$email\" />\n"; ?></p><p>Area : <?php echo "<input name=\"area\" type=\"text\" id=\"area\" value=\"$area\" />\n"; ?></p><p>Phone Number :<?php echo "<input name=\"phone\" type=\"text\" id=\"phone\" value=\"$phone\" />\n"; ?> </p><p>Age : <?php echo "<input name=\"age\" type=\"text\" id=\"age\" value=\"$age\" />\n";?></p><p>Personal Message : <?php echo "<textarea name=\"message\" id=\"message\">$message</textarea>\n"; ?></p><p> <label> <input type="submit" name="Submit" value="Go!" /> </label></p></form><p> </p></body></html>[/code] Link to comment https://forums.phpfreaks.com/topic/32615-how-can-i-validate-the-password/#findComment-151707 Share on other sites More sharing options...
trq Posted January 2, 2007 Share Posted January 2, 2007 What does....[code=php:0]mysql_query($query) or die(mysql_error() . $query);[/code]produce? Link to comment https://forums.phpfreaks.com/topic/32615-how-can-i-validate-the-password/#findComment-151722 Share on other sites More sharing options...
JasonLewis Posted January 2, 2007 Share Posted January 2, 2007 well first both your password and confirm password both have the same name. try changing the names.then you gotta add in another variable.[code=php:0]$confirm_password = $_POST['confirm_password'];[/code]then you could just do a check before the query.[code=php:0]if($confirm_password != $password){echo "Your passwords did not match.";}else{$query = "UPDATE members SET password='$password', email='$email', area='$area', phone='$phone', age='$age', message='$message' WHERE id='$id'"; }[/code] Link to comment https://forums.phpfreaks.com/topic/32615-how-can-i-validate-the-password/#findComment-151751 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.