Dada78 Posted January 27, 2008 Share Posted January 27, 2008 I have a form that allows users to update their email and password. Now the password has two text fields. One for the new password, second to verify the first one. Problem is nothing is updated and the passwords don't verify. You can enter two different emails and it won't show an error. Also if you change the email it will say it has been updated but it hasn't. Here is the code for the entire file. <?php require ('session.php'); include ('db_connect.php'); $email = $_SESSION['email']; if(isset($_POST['submit'])) { $email = $_POST['email']; $password = $_POST['password']; $verify = $_POST['newpass2']; if($verify != $password) { $update = "Passwords don't match"; } $password = md5($password); mysql_query("UPDATE users SET email = '$email', password = '$password' WHERE email='$email'"); $update = "Profile Updated"; } $email = $_SESSION['email']; $sql = "SELECT * FROM users WHERE email='$email'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); $id = $row["id"]; $email = $row["email"]; $password = $row["password"]; } else { die("No user found"); } } else { die(mysql_error()); } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <table width="100%" border="0" align="left" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <td><a href="user.php?action=editprofile">Edit Profile</a> | <a href="submit.php">Add Entry</a> | <a href="user.php?action=edit">Edit Display</a> | <a href="user.php?action=images">Edit Images</a> | <a href="logout.php">Log Out</a></td> </tr> </table> </td> </form> </tr> </table> </td> </tr> <tr> <td class="errorText"> <div align="center"><?php if($_POST['submit']) { echo $update; } ?></div></td> </tr> <tr> <td> </td> </tr> <tr> <td> <form action="user.php?action=editprofile" method="post"> <input type="hidden" name="email" value=""> <table width="100%" border="0" align="left" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <td></p>Current E-mail:<br><input name="email" size="30" value="<? echo $email; ?>" type="text"><p> Desired Password:<br><input name="password" size="30" type="password"></p><p> Verify Password:<br><input name="newpass2" size="30" type="password"></p><p> <input value="Save Now" name="submit" type="submit"></p><p> </p></td> </tr> </table> </form> </td> </form> </tr> </table> -Thanks Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/ Share on other sites More sharing options...
toplay Posted January 27, 2008 Share Posted January 27, 2008 You have logic flow flaws here. The condition that checks if the passwords are different will just fall through and update anyway. In your query put backtick marks around users and password since these are reserved words in MySQL. Also, you're not check if the update worked...you blindly set $update to just say it updated when it might not have worked. Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/#findComment-450276 Share on other sites More sharing options...
Dada78 Posted January 27, 2008 Author Share Posted January 27, 2008 What are backtick marks and what do you mean I blindly set $update? Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/#findComment-450282 Share on other sites More sharing options...
toplay Posted January 27, 2008 Share Posted January 27, 2008 Example: <?php $result = mysql_query("UPDATE `users` SET `email` = '$email', `password` = '$password' WHERE `email` = '$email'"); if ($result) { $update = "Profile Updated"; } else { // Update didn't work so display error to see what's wrong $update = "Updated didn't work. Error: " . mysql_error(); } ?> Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/#findComment-450285 Share on other sites More sharing options...
Dada78 Posted January 27, 2008 Author Share Posted January 27, 2008 I have never used those marks on any of my other UPDATE queries and they work. I tried the above suggestion and still doesn't work. Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/#findComment-450288 Share on other sites More sharing options...
toplay Posted January 27, 2008 Share Posted January 27, 2008 When posting always be as specific as you can and post current/latest code and don't simply state that something didn't work (not clear enough). Well, did you fix the other logic problem I mentioned earlier (with the password check condition)? Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/#findComment-450291 Share on other sites More sharing options...
MikeDXUNL Posted January 27, 2008 Share Posted January 27, 2008 well wouldnt it be cause you are trying to set something where the email does not exsist? like in the form, i put "[email protected]" and password "123123" now if my email in the db is "[email protected]", the query wont pull through.. it'd be say this mysql_query("UPDATE users SET email = '[email protected]', password = '123123' WHERE email='[email protected]'"); in which, [email protected] does not exsist yet... if you have a session var, $_SESSION['email] try this <?php $old_email = $_SESSION['email']; $email = $_POST['email']; $password = $_POST['password']; $verify = $_POST['newpass2']; if($verify != $password) { echo "Passwords don't match"; } else { mysql_query("UPDATE users SET email = '$email', password = '$password' WHERE email='$old_email'"); echo "updated!" } ?> Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/#findComment-450296 Share on other sites More sharing options...
Dada78 Posted January 27, 2008 Author Share Posted January 27, 2008 well wouldnt it be cause you are trying to set something where the email does not exsist? like in the form, i put "[email protected]" and password "123123" now if my email in the db is "[email protected]", the query wont pull through.. it'd be say this mysql_query("UPDATE users SET email = '[email protected]', password = '123123' WHERE email='[email protected]'"); in which, [email protected] does not exsist yet... if you have a session var, $_SESSION['email] try this <?php $old_email = $_SESSION['email']; $email = $_POST['email']; $password = $_POST['password']; $verify = $_POST['newpass2']; if($verify != $password) { echo "Passwords don't match"; } else { mysql_query("UPDATE users SET email = '$email', password = '$password' WHERE email='$old_email'"); echo "updated!" } ?> I understand what you are saying but when you update the email field your session will still be registered by the email field regardless if you change the email or not. Once you navigate to another part of the User CP it will break session and ask for you to login again because you have redefined the variable for the session. Link to comment https://forums.phpfreaks.com/topic/88003-update-passwords-with-form/#findComment-450301 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.