Jump to content

User edit update problems due to md5 encryption

flashguy82

By flashguy82
in PHP Coding Help

 Share

Recommended Posts

flashguy82 Newbie

flashguy82

Posted
Posted

I'm having some problems with editing users in my database, i have set the user sign up to encrypt their password and logging in and out works just fine. The problem is the edit user form, after updating the user the password no longer works, i took the md5 encryption off the "edit user" form and it worked fine, but when i put it back on it doesn't! and i'm pretty much stuck at that..here is my code.

 

(GetSQLValueString(md5($_POST['Password']), "text"), is the line with md5 on)

 

i'm very rarely called to do PHP as its not my field so any help would be very very much appreciated. many thanks.

 

<?php require_once('../../Connections/z3phones.php'); ?><?php

if (!isset($_SESSION)) {

  session_start();

}

$MM_authorizedUsers = "1,2";

$MM_donotCheckaccess = "false";

 

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

  // For security, start by assuming the visitor is NOT authorized.

  $isValid = False;

 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

  // Therefore, we know that a user is NOT logged in if that Session variable is blank.

  if (!empty($UserName)) {

    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

    // Parse the strings into arrays.

    $arrUsers = Explode(",", $strUsers);

    $arrGroups = Explode(",", $strGroups);

    if (in_array($UserName, $arrUsers)) {

      $isValid = true;

    }

    // Or, you may restrict access to only certain users based on their username.

    if (in_array($UserGroup, $arrGroups)) {

      $isValid = true;

    }

    if (($strUsers == "") && false) {

      $isValid = true;

    }

  }

  return $isValid;

}

 

$MM_restrictGoTo = "../login.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { 

  $MM_qsChar = "?";

  $MM_referrer = $_SERVER['PHP_SELF'];

  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)

  $MM_referrer .= "?" . $QUERY_STRING;

  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

  header("Location: ". $MM_restrictGoTo);

  exit;

}

?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

 

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

 

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {

  $updateSQL = sprintf("UPDATE users SET Username=%s, Password=%s, FirstName=%s, LastName=%s, EmailAddress=%s, `Admin`=%s, Allowed=%s, UserTypeID=%s WHERE UserID=%s",

                      GetSQLValueString($_POST['Username'], "text"),

                      GetSQLValueString(md5($_POST['Password']), "text"),

                      GetSQLValueString($_POST['FirstName'], "text"),

                      GetSQLValueString($_POST['LastName'], "text"),

                      GetSQLValueString($_POST['EmailAddress'], "text"),

                      GetSQLValueString(isset($_POST['Admin']) ? "true" : "", "defined","1","0"),

                      GetSQLValueString(isset($_POST['Allowed']) ? "true" : "", "defined","1","0"),

                      GetSQLValueString($_POST['UserTypeID'], "int"),

                      GetSQLValueString($_POST['UserID'], "int"));

 

  mysql_select_db($database_z3phones, $z3phones);

  $Result1 = mysql_query($updateSQL, $z3phones) or die(mysql_error());

 

  $updateGoTo = "index.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";

    $updateGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $updateGoTo));

}

 

if ((isset($_POST['UserID'])) && ($_POST['UserID'] != "") && (isset($_POST['Delete']))) {

  $deleteSQL = sprintf("DELETE FROM users WHERE UserID=%s",

                      GetSQLValueString($_POST['UserID'], "int"));

 

  mysql_select_db($database_z3phones, $z3phones);

  $Result1 = mysql_query($deleteSQL, $z3phones) or die(mysql_error());

 

  $deleteGoTo = "index.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";

    $deleteGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $deleteGoTo));

}

 

mysql_select_db($database_z3phones, $z3phones);

$query_rsUserTypes = "SELECT * FROM usertypes ORDER BY UserType ASC";

$rsUserTypes = mysql_query($query_rsUserTypes, $z3phones) or die(mysql_error());

$row_rsUserTypes = mysql_fetch_assoc($rsUserTypes);

$totalRows_rsUserTypes = mysql_num_rows($rsUserTypes);

 

$colname_rsUser = "-1";

if (isset($_GET['UserID'])) {

  $colname_rsUser = (get_magic_quotes_gpc()) ? $_GET['UserID'] : addslashes($_GET['UserID']);

}

mysql_select_db($database_z3phones, $z3phones);

$query_rsUser = sprintf("SELECT * FROM users WHERE UserID = %s", GetSQLValueString($colname_rsUser, "int"));

$rsUser = mysql_query($query_rsUser, $z3phones) or die(mysql_error());

$row_rsUser = mysql_fetch_assoc($rsUser);

$totalRows_rsUser = mysql_num_rows($rsUser);

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.