dominickm
09-08-2007, 04:28 AM
On this php page I once had a function that would allow people to change their password from the page where they would also update their profile. I have moved this function to another page but have left the update profile page where people can still edit their profile without changing their password on the same page.
My only problem now is even though I removed the password fields and functions from the update profile template page, if a user makes changes to their profile or changes their avatar, their password automatically changes to null without them knowing.
I think this section of script is the problem but I cannot figure it out how to have it update the profile and avatar without it calling to change the password to a null password.
$new_pwd = md5($_REQUEST[password1]);
$sql="update signup set
email='$_REQUEST[email]',
$addition
pwd='$new_pwd' WHERE UID=$_SESSION[UID]";
$conn->execute($sql);
If anyonly can offer me any assistance on this I would love you for life. I just need it to update the profile and picture but not touch the password.
Any help would be greatly apprecated.
Thank you.
This is the entire script of the page in question:
session_start();
if ( !isset($_SESSION['view_video']) || $_SESSION['view_video'] == false )
{
header('Location: ../');
}
include("include/config.php");
include("include/function.php");
if ($_SESSION['lang'] == ""){
include("language/en.php");
} else {
include("language/".$_SESSION['lang'].".php");
}
chk_member_login();
if($_REQUEST[update_profile]!="")
{
$bdate=$_REQUEST[year]."-".$_REQUEST[month]."-".$_REQUEST[day];
if($_REQUEST[email]=="") $err="Please enter your email address.";
// elseif(!check_email($_REQUEST[email]) && $_REQUEST[prevemail]!="$_REQUEST[email]") $err="Signup: Invalid Email format!";
elseif(check_field_exists($_REQUEST[email],"email","signup")==1 && $_REQUEST[prevemail]!="$_REQUEST[email]")$err="Our records indicate the email address you entered is already in use.";
elseif($bdate!="yyyy-mm-dd"){if(!checkdate($_REQUEST[month],$_REQUEST[day],$_REQUEST[year])) $err="The date you have entered is invalid, please try again.";}
if($err=="")
{
// ADD
// Userpicture Start
if($_FILES['userpic']['tmp_name']!="")
{
$MyLogo = $_SESSION[UID];
$imagesize = getimagesize($_FILES['userpic']['tmp_name']);
if($imagesize[2] == 1)
$MyLogo .= ".gif";
if($imagesize[2] == 2)
$MyLogo .= ".jpg";
if($imagesize[2] == 3)
$MyLogo .= ".png";
if($MyLogo == $_SESSION[UID].".gif" OR $MyLogo == $_SESSION[UID].".jpg" OR $MyLogo == $_SESSION[UID].".png" OR $MyLogo == "")
{
$UserImage = $_FILES[userpic][name];
if($MyLogo != "")
{
$del = $conn->execute("select photo from signup WHERE UID=$_SESSION[UID]");
$del_pic = $del->fields['photo'];
if($del_pic != '')unlink($config['photodir']."/".$del_pic);
move_uploaded_file($_FILES['userpic']['tmp_name'], $config['photodir']."/".$MyLogo);
$BildSize = getimagesize($config['photodir']."/".$MyLogo);
if($BildSize[0] > $config['photowidth'])
{
$source_file = $config['photodir']."/".$MyLogo;
$destination_file = $config['photodir']."/".$MyLogo;
create_picture($source_file, $destination_file, $config['photowidth']);
}
}
} else {
$err="File format not allowed - only GIF, JPG and PNG allowed.";
}
}
// Userpicture End
// END ADD
$addition="";
$addition.="fname='$_REQUEST[fname]',";
$addition.="lname='$_REQUEST[lname]',";
if($bdate!="yyy-mm-dd")$addition.="bdate='$bdate',";
if($_REQUEST[gender]!="---")$addition.="gender='$_REQUEST[gender]',";
if($_REQUEST[relation]!="---")$addition.="relation='$_REQUEST[relation]',";
$addition.="aboutme='$_REQUEST[aboutme]',";
$addition.="website='$_REQUEST[url]',";
$addition.="town='$_REQUEST[hometown]',";
$addition.="city='$_REQUEST[city]',";
$addition.="zip='$_REQUEST[zip]',";
if($_REQUEST[country]!="Select Country")$addition.="country='$_REQUEST[country]',";
$addition.="occupation='$_REQUEST[occupation]',";
$addition.="company='$_REQUEST[companies]',";
$addition.="school='$_REQUEST[schools]',";
$addition.="interest_hobby='$_REQUEST[hobbies]',";
$addition.="fav_movie_show='$_REQUEST[movies]',";
$addition.="fav_music='$_REQUEST[music]',";
$addition.="fav_book='$_REQUEST[books]',";
// ADD
// Userpicture Start
if (!empty($UserImage)) {
$addition.="photo='$MyLogo',";
}
if ($_REQUEST[delete] == '1') {
$addition.="photo='',";
$del = $conn->execute("select photo from signup WHERE UID=$_SESSION[UID]");
$del_pic = $del->fields['photo'];
$del_file = $config[photodir]."/".$del_pic;
@unlink("$del_file");
}
// Userpicture End
// END ADD
$new_pwd = md5($_REQUEST[password1]);
$sql="update signup set
email='$_REQUEST[email]',
$addition
pwd='$_REQUEST[password1]' WHERE UID=$_SESSION[UID]";
$conn->execute($sql);
if(mysql_affected_rows()==1)
{
header("Location: profileupdated.php");
if($_REQUEST[prevemail]!="$_REQUEST[email]")
{
$ran=time().rand(1,99999999);
$sql="update verify as v, signup as s set
v.vcode='$ran',
s.emailverified='no' WHERE v.UID=s.UID and v.UID=$_SESSION[UID]";
$conn->execute($sql);
STemplate::assign('vcode',$ran);
$to=$_REQUEST[email];
$_SESSION[EMAIL]=$_REQUEST[email];
$name=$config['site_name'];
$from=$config['admin_email'];
$rs = $conn->execute("select * from emailinfo where email_id='verify_email'");
$subj = $rs->fields['email_subject'];
$email_path = $rs->fields['email_path'];
$mailbody=STemplate::fetch($email_path);
mailing($to,$name,$from,$subj,$mailbody,$bcc="");
session_to_db();
}
}
}
}
$sql="select * from signup WHERE UID=$_SESSION[UID]";
$rs=$conn->execute($sql);
$date=explode("-",$rs->fields[bdate]);
STemplate::assign('err',$err);
STemplate::assign('msg',$msg);
STemplate::assign('days',days($date[2]));
STemplate::assign('months',months($date[1]));
STemplate::assign('years',years($date[0]));
STemplate::assign('country',country_box($_REQUEST[country]));
STemplate::assign('answers',$rs->getarray());
STemplate::assign('head_bottom',"homelinks.tpl");
STemplate::display('head1.tpl');
STemplate::display('err_msg.tpl');
STemplate::display('my_profile.tpl');
STemplate::display('footer.tpl');
?>
My only problem now is even though I removed the password fields and functions from the update profile template page, if a user makes changes to their profile or changes their avatar, their password automatically changes to null without them knowing.
I think this section of script is the problem but I cannot figure it out how to have it update the profile and avatar without it calling to change the password to a null password.
$new_pwd = md5($_REQUEST[password1]);
$sql="update signup set
email='$_REQUEST[email]',
$addition
pwd='$new_pwd' WHERE UID=$_SESSION[UID]";
$conn->execute($sql);
If anyonly can offer me any assistance on this I would love you for life. I just need it to update the profile and picture but not touch the password.
Any help would be greatly apprecated.
Thank you.
This is the entire script of the page in question:
session_start();
if ( !isset($_SESSION['view_video']) || $_SESSION['view_video'] == false )
{
header('Location: ../');
}
include("include/config.php");
include("include/function.php");
if ($_SESSION['lang'] == ""){
include("language/en.php");
} else {
include("language/".$_SESSION['lang'].".php");
}
chk_member_login();
if($_REQUEST[update_profile]!="")
{
$bdate=$_REQUEST[year]."-".$_REQUEST[month]."-".$_REQUEST[day];
if($_REQUEST[email]=="") $err="Please enter your email address.";
// elseif(!check_email($_REQUEST[email]) && $_REQUEST[prevemail]!="$_REQUEST[email]") $err="Signup: Invalid Email format!";
elseif(check_field_exists($_REQUEST[email],"email","signup")==1 && $_REQUEST[prevemail]!="$_REQUEST[email]")$err="Our records indicate the email address you entered is already in use.";
elseif($bdate!="yyyy-mm-dd"){if(!checkdate($_REQUEST[month],$_REQUEST[day],$_REQUEST[year])) $err="The date you have entered is invalid, please try again.";}
if($err=="")
{
// ADD
// Userpicture Start
if($_FILES['userpic']['tmp_name']!="")
{
$MyLogo = $_SESSION[UID];
$imagesize = getimagesize($_FILES['userpic']['tmp_name']);
if($imagesize[2] == 1)
$MyLogo .= ".gif";
if($imagesize[2] == 2)
$MyLogo .= ".jpg";
if($imagesize[2] == 3)
$MyLogo .= ".png";
if($MyLogo == $_SESSION[UID].".gif" OR $MyLogo == $_SESSION[UID].".jpg" OR $MyLogo == $_SESSION[UID].".png" OR $MyLogo == "")
{
$UserImage = $_FILES[userpic][name];
if($MyLogo != "")
{
$del = $conn->execute("select photo from signup WHERE UID=$_SESSION[UID]");
$del_pic = $del->fields['photo'];
if($del_pic != '')unlink($config['photodir']."/".$del_pic);
move_uploaded_file($_FILES['userpic']['tmp_name'], $config['photodir']."/".$MyLogo);
$BildSize = getimagesize($config['photodir']."/".$MyLogo);
if($BildSize[0] > $config['photowidth'])
{
$source_file = $config['photodir']."/".$MyLogo;
$destination_file = $config['photodir']."/".$MyLogo;
create_picture($source_file, $destination_file, $config['photowidth']);
}
}
} else {
$err="File format not allowed - only GIF, JPG and PNG allowed.";
}
}
// Userpicture End
// END ADD
$addition="";
$addition.="fname='$_REQUEST[fname]',";
$addition.="lname='$_REQUEST[lname]',";
if($bdate!="yyy-mm-dd")$addition.="bdate='$bdate',";
if($_REQUEST[gender]!="---")$addition.="gender='$_REQUEST[gender]',";
if($_REQUEST[relation]!="---")$addition.="relation='$_REQUEST[relation]',";
$addition.="aboutme='$_REQUEST[aboutme]',";
$addition.="website='$_REQUEST[url]',";
$addition.="town='$_REQUEST[hometown]',";
$addition.="city='$_REQUEST[city]',";
$addition.="zip='$_REQUEST[zip]',";
if($_REQUEST[country]!="Select Country")$addition.="country='$_REQUEST[country]',";
$addition.="occupation='$_REQUEST[occupation]',";
$addition.="company='$_REQUEST[companies]',";
$addition.="school='$_REQUEST[schools]',";
$addition.="interest_hobby='$_REQUEST[hobbies]',";
$addition.="fav_movie_show='$_REQUEST[movies]',";
$addition.="fav_music='$_REQUEST[music]',";
$addition.="fav_book='$_REQUEST[books]',";
// ADD
// Userpicture Start
if (!empty($UserImage)) {
$addition.="photo='$MyLogo',";
}
if ($_REQUEST[delete] == '1') {
$addition.="photo='',";
$del = $conn->execute("select photo from signup WHERE UID=$_SESSION[UID]");
$del_pic = $del->fields['photo'];
$del_file = $config[photodir]."/".$del_pic;
@unlink("$del_file");
}
// Userpicture End
// END ADD
$new_pwd = md5($_REQUEST[password1]);
$sql="update signup set
email='$_REQUEST[email]',
$addition
pwd='$_REQUEST[password1]' WHERE UID=$_SESSION[UID]";
$conn->execute($sql);
if(mysql_affected_rows()==1)
{
header("Location: profileupdated.php");
if($_REQUEST[prevemail]!="$_REQUEST[email]")
{
$ran=time().rand(1,99999999);
$sql="update verify as v, signup as s set
v.vcode='$ran',
s.emailverified='no' WHERE v.UID=s.UID and v.UID=$_SESSION[UID]";
$conn->execute($sql);
STemplate::assign('vcode',$ran);
$to=$_REQUEST[email];
$_SESSION[EMAIL]=$_REQUEST[email];
$name=$config['site_name'];
$from=$config['admin_email'];
$rs = $conn->execute("select * from emailinfo where email_id='verify_email'");
$subj = $rs->fields['email_subject'];
$email_path = $rs->fields['email_path'];
$mailbody=STemplate::fetch($email_path);
mailing($to,$name,$from,$subj,$mailbody,$bcc="");
session_to_db();
}
}
}
}
$sql="select * from signup WHERE UID=$_SESSION[UID]";
$rs=$conn->execute($sql);
$date=explode("-",$rs->fields[bdate]);
STemplate::assign('err',$err);
STemplate::assign('msg',$msg);
STemplate::assign('days',days($date[2]));
STemplate::assign('months',months($date[1]));
STemplate::assign('years',years($date[0]));
STemplate::assign('country',country_box($_REQUEST[country]));
STemplate::assign('answers',$rs->getarray());
STemplate::assign('head_bottom',"homelinks.tpl");
STemplate::display('head1.tpl');
STemplate::display('err_msg.tpl');
STemplate::display('my_profile.tpl');
STemplate::display('footer.tpl');
?>