...

View Full Version : Help PHP login form



SteveDD
08-11-2008, 06:43 PM
Hi everyone I hope you can help I have a problem,

The problem is when I submit the form it always goes to the wrong username/password page even though I have entered a valid one.

I am looking for the username and password in a table called onlineoffers There is also other information contained within it. The table has about 10 fields and username and password is two of them. I have done a similar form that works fine (but that table only contains username and password)

Can anyone see why my script may not be picking up the username and password from the DB and moving me on to the next page (corparea.php)
Getting annoyed, not getting any errors just not getting to my corparea.php page.

My orginal form is index.php where the username and password is entered. This then links to the code below checkcorplogin.php, which should go to the corparea.php (logged in)



<?php
$host="LOCALHOST"; // Host name
$username="USERNAME"; // Mysql username
$password="PASSWORD"; // Mysql password
$db_name="DBNAME"; // Database name
$tbl_name="onlineoffers"; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = sha1($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("location:corparea.php");
}
else {
echo "Wrong Username or Password";

}
?>


For info this is the code I have on the corparea.php page


<?php if(empty($_SESSION['myusername'])){
header("location:index.php");
exit();
}
?> but with this code out it still doesn't let me log in.

Steve

mlseim
08-11-2008, 06:54 PM
This (see red line) should be the first thing on every page that uses your SESSION

<?php
session_start();
if(empty($_SESSION['myusername'])){
header("location:index.php");
exit();
}
?>

SteveDD
08-11-2008, 07:57 PM
This (see red line) should be the first thing on every page that uses your SESSION

<?php
session_start();
if(empty($_SESSION['myusername'])){
header("location:index.php");
exit();
}
?>

I have added this code to the corparea.php page but sadly I still get the wrong username/password entered bit. Doesn't seem like i'm getting that far. I think it is struggling to find the username and password in the table onlineoffers. Could this be the case & can you see anything that may be stopping this.

mlseim
08-11-2008, 08:03 PM
And this ...

<?php
session_start();

is also at the top of "checkcorplogin.php"?


EDIT:
Is sha1() deprecated?
Maybe now it's sha256() ?
Possibly the password stored in the database is not encrypted (or encrypted differently)?



.

Brandoe85
08-11-2008, 08:48 PM
Do some debugging and echo out $sql and $count and see what the output is.

SteveDD
08-11-2008, 09:29 PM
I have looked at this and I am using Sha1 wrong, I orginally just used
$mypassword= mysql_real_escape_string($mypassword); and changed it to the sha1 code. I realise my password field in my DB is not saved in any special way just a standard VARCHAR with no special features. How do I implement the sha1 on this field?

SteveDD
08-11-2008, 10:01 PM
I think it is easier if I just change it away from sha1 and just to a simpler form that checks the username and password and then logs the user in.

Can anyone amend the code above to reflect that?

Steve

mlseim
08-12-2008, 12:59 PM
This is now getting out of my "knowledge area".
Here are some possible script examples:
http://www.google.com/search?hl=en&q=php+sha256()&btnG=Google+Search

hinch
08-12-2008, 01:18 PM
storing an sha'd password as a varchar is just fine only make sure your field is long enough to allow the string to fit without being truncated.

personally i use md5() instead below is something approximately correct :)



//Login Query
if (($_POST['user'] == "") || ($_POST['pass'] == "")) {
$err="Complete both boxes to continue";
} else {
$sql = "SELECT * FROM `tblusers` where User ='".mysql_real_escape_string($_POST['user'])."'";
$result = mysql_query($sql);
// Login check and error reporting
if ($result==FALSE) {
$err="Username invalid please check you typed it in correctly and try again";
} else {
$userdetails = mysql_fetch_row($result);
if(md5($_POST['pass'])==$userdetails[2])
{
session_cache_expire(40);
session_start();
$_SESSION['userid'] =
header( 'Location: dashboard.php' ) ;
} else {
$err="Password invalid please check you put it in correctly and try again";
}
}
}

SteveDD
08-12-2008, 04:47 PM
So if my table is "onlineoffers" in the DB and my username and password fields are the same as they sound, within the same table. I link my code login code to this code? (amended for my site) and the page i want to go to is corparea.php
In my orginal form index.php the username field is named "myusername" and the password field is "mypassword"> I am not sure I have completed the code correctly?




<?php
//Login Query
if (($_POST['username'] == "myusername") || ($_POST['mypassword'] == "password")) {
$err="Complete both boxes to continue";
} else {
$sql = "SELECT * FROM `onlineoffers` where User ='".mysql_real_escape_string($_POST['user'])."'";
$result = mysql_query($sql);
// Login check and error reporting
if ($result==FALSE) {
$err="Username invalid please check you typed it in correctly and try again";
} else {
$userdetails = mysql_fetch_row($result);
if(md5($_POST['password'])==$userdetails[2])
{
session_cache_expire(40);
session_start();
$_SESSION['userid'] =
header( 'Location: corparea.php' ) ;
} else {
$err="Password invalid please check you put it in correctly and try again";
}
}
}
?>

hinch
08-12-2008, 05:19 PM
the below would work but assumes your table is in the format

ID, username, password
0 , 1 , 2
(to allow the $userdetails[2] statement to work)

It also assumes your passwords are stored in your password field in MD5 has so when you inserted your passwords you md5'd the incoming password

It also sets nothing into the actual session called userid so you would have to add something in there, I usually add the ID field from the database so I can look up the logged in user often so you'd set for example $_SESSION['userid']=$userdetails[0];
stick all that code at the top of the page (very first thing) then in your login form stick an <?php echo $err;?> somewhere that way if it errors out it'll display the reason it errored out to the user and redisplay the form.



<?php
//Login Query
if (($_POST['myusername'] == "") || ($_POST['mypassword'] == "")) {
$err="Complete both boxes to continue";
} else {
$sql = "SELECT * FROM `onlineoffers` where username='".mysql_real_escape_string($_POST['myusername'])."'";
$result = mysql_query($sql);
// Login check and error reporting
if ($result==FALSE) {
$err="Username invalid please check you typed it in correctly and try again";
} else {
$userdetails = mysql_fetch_row($result);
if(md5($_POST['mypassword'])==$userdetails[2])
{
session_cache_expire(40);
session_start();
$_SESSION['userid'] = "SET WHAT EVER YOU WANT IN SESSION HERE"
header( 'Location: corparea.php' ) ;
} else {
$err="Password invalid please check you put it in correctly and try again";
}
}
}
?>

SteveDD
08-12-2008, 06:10 PM
right making a bit more sence :) At the minute I have about 12 fields in the database and the username and password are 4 & 5. I can move them to the start if thats eaier so they are 2/3, would this work?

Also I am getting this MD5 thing wrapped around my head. Currently my subscription form adds the password to the database just in text form. Does this also need to be ammended? & do I need to do anything special to the field in the DB other than making it more than 40 characters?

hinch
08-12-2008, 09:07 PM
if your password field is field 5 just change $userdetails[2] to $userdetails[5]

when you insert the password into the data base do something like this

insert into onlineoffers (username,password) values ('".mysql_real_escape_string($_POST['myusername'])."', '".md5($_POST['mypassword'])."'";

that will insert an md5'd password into your database (which will appear in the db as just a random string of characters so your db field only needs to be a varchar with a decent length though) then you compare the stored md5 password against the submitted password then md5'd on your login.
Thats what this bit does
if(md5($_POST['mypassword'])==$userdetails[2])
{
}

hinch
08-12-2008, 09:07 PM
if your struggling post the .sql structure to your db and i'll knock you together a simple example insert and login page to work from

SteveDD
08-12-2008, 10:54 PM
thanks I will have a look at this tomorrow and get back to you then. Thanks for your help.

One quick question how do I insert the other fields around it

id (auto)
catagory
compname
username
PASSWORD
image
help
notes
path
visable
time
date

hinch
08-13-2008, 01:16 AM
you mean update the other fields after its already populated with username and password or doing it all in a single insert statement ?

SteveDD
08-13-2008, 04:35 PM
At the minute I have a form that enters all the above fields to the database. Obviously currently the password is stored as the text. If I want it to store as MD5 how do I go about adding the other fields as text and the password as MD5, in relation to the list I added before and your example?

Sorry to seem so stupid

hinch
08-13-2008, 06:30 PM
think i answered this earlier.

your normal insert statement that adds everything into the database just put md5() around the $_POST['mypassword']

job done

SteveDD
08-13-2008, 10:31 PM
Currently I have this.

Steve


$query="INSERT INTO onlineoffers values ('', '$catagory', '$companyname', '$username', '$password', '$contactemail', '$contactname', '$contactother', '$description', '$promotion', '$conditions', '$offercode', '$picture', '$visable')";

$sql_run = mysql_query($query, $conn) or die(mysql_error());

hinch
08-13-2008, 10:45 PM
$query="INSERT INTO onlineoffers values ('', '$catagory', '$companyname', '$username', '".md5($password)."', '$contactemail', '$contactname', '$contactother', '$description', '$promotion', '$conditions', '$offercode', '$picture', '$visable')";

$sql_run = mysql_query($query, $conn) or die(mysql_error());


will do it although personally i'm not a fan of writing inserts like that. Also you may want to consider escaping the inputs at some point in the future too look into mysql_real_escape_string() iirc

SteveDD
08-13-2008, 11:43 PM
Great that code worked well I have now got a password in the DB i can't understand :)
I need to apply this to my login, standby and hopefully with some luck it will work.

SteveDD
08-13-2008, 11:48 PM
just quickly for the login script now as we were orginally discussing on the first page :) does the 'userid' have to relate to anything and for the set whatever you want for the session what is this ??


session_cache_expire(40);
session_start();
$_SESSION['userid'] = "SET WHAT EVER YOU WANT IN SESSION HERE"
header( 'Location: corparea.php' ) ;

I have just run it and this part is cauing a syntax error :(

hinch
08-14-2008, 09:01 AM
its missing a ;
$_SESSION['userid'] = "SET WHAT EVER YOU WANT IN SESSION HERE";

basically the session is called userid (you can change it to anything you like).

and the "set whatever you want in session here" is an example you need to change it so that the session contains what you want in it.

for example i store the userid out of the DB usually so I can look up who's logged in later on or you may want to store a time in there or just a word logged in. its entirely upto you

SteveDD
08-14-2008, 12:14 PM
//Login Query
if (($_POST['myusername'] == "") || ($_POST['mypassword'] == "")) {
$err="Complete both boxes to continue";
} else {
$sql = "SELECT * FROM `onlineoffers` where username='".mysql_real_escape_string($_POST['myusername'])."'";
$result = mysql_query($sql);
// Login check and error reporting
if ($result==FALSE) {
$err="Username invalid please check you typed it in correctly and try again";
} else {
$userdetails = mysql_fetch_row($result);
if(md5($_POST['mypassword'])==$userdetails[5])
{
session_cache_expire(40);
session_start();
$_SESSION['userid'] = "username"
header( 'Location: corparea.php' ) ;
} else {
$err="Password invalid please check you put it in correctly and try again";
}
}
}
?>

Still getting the syntax error, on line 28 which is
header( 'Location: corparea.php' ) ;

Is the code I have placed in the whatever you want to put here sufficient to log the username?

abduraooft
08-14-2008, 12:18 PM
$_SESSION['userid'] = "username"
header( 'Location: corparea.php' ) ;
Missing a semi-colon(; ) at the end of previous line

hinch
08-14-2008, 12:31 PM
think thats what I said 2 posts up :)

at least we're getting there.

to log the username into the session you want the following
$_SESSION['userid'] = $_POST['myusername'];

dont forget the semi colon :)

SteveDD
08-14-2008, 01:12 PM
{
session_cache_expire(40);
session_start();
$_SESSION['userid'] = $_POST['myusername'];
header( 'Location: corparea.php' ) ;
} else {
$err="Password invalid please check you put it in correctly and try again";
}

The Syntax error has gone now but it just goes to checkcorplogin.php and stays there and displays nothing doesn't login and even when I enter a wrong password I get no error message just the blank script page.

hinch
08-14-2008, 01:29 PM
can you zip up and attach the files your using to here so i can have a proper look over them save having a 2 and forth between posts

SteveDD
08-14-2008, 01:54 PM
Right I have attached the zip. I have given you the login form and the main script. I didn't see the point of adding the main area page as I only want it to divert to that page.

Thanks for the help

hinch
08-14-2008, 02:56 PM
hrmp well i'm abit confused atm the code just isn't working not even flagging wrong username yet on another site on the same dev server (the place i copy and pasted it from basically) it works fine oO.

am going through it all now give me a few mins to sort it out.

hinch
08-14-2008, 03:12 PM
Right got it working again god knows what went on there.

copy and paste this entire lot into your index1.php and you can delete the other file checklogin.php or whatever it was you dont need it any more.



<?php
include("data/data.php");
if ($_POST['action']=="Login"){
//connect to DB
$database = mysql_pconnect($serverAddress, $databaseUsername, $databasePassword);
mysql_select_db($databaseToUse,$database);

//Login Query
if (($_POST['myusername'] == "") || ($_POST['mypassword'] == "")) {
$err="Complete both boxes to continue";
} else {
$sql = "SELECT * FROM `onlineoffers` where username ='".$_POST['myusername']."'";
$result = mysql_query($sql);
// Login check and error reporting
if ($result==FALSE) {
$err="Username invalid please check you typed it in correctly and try again";
} else {
$userdetails = mysql_fetch_row($result);
if(md5($_POST['mypassword'])==$userdetails[5])
{
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
$_SESSION['userid'] = $_POST['myusername'];
}
header( 'Location: corparea.php' ) ;
} else {
$err="Password invalid please check you put it in correctly and try again";
}
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Blue Light Card</title>
<style type="text/css">
<!--
.style1 {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
font-size: 12px;
color: #333333;
}
.style2 {
font-size: 9px;
font-style: italic;
}
.style3 {color: #000000}
a:link {
text-decoration: none;
}
a:visited {
text-decoration: none;
}
a:hover {
text-decoration: none;
}
a:active {
text-decoration: none;
}
body,td,th {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
}
-->
</style>
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
</head>

<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#DAE8FF" bgcolor="#DAE8FF">
<tr>
<form action="index1.php" method="post" name="form1" id="form1">
<td><table width="100&#37;" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td colspan="3" bordercolor="#DAE8FF" bgcolor="#DAE8FF"><strong>Corp Login </strong></td>
</tr>
<?php if (strlen($err)>0) {?>
<tr>
<td colspan="3" bordercolor="#DAE8FF" bgcolor="#DAE8FF"><strong><font color="red"><?php echo $err;?></font></strong></td>
</tr>
<?php } ?>
<tr>
<td width="78" bordercolor="#DAE8FF" bgcolor="#DAE8FF">Username</td>
<td width="6" bordercolor="#DAE8FF" bgcolor="#DAE8FF">:</td>
<td width="294" bordercolor="#DAE8FF" bgcolor="#DAE8FF"><input name="myusername" type="text" id="myusername" /></td>
</tr>
<tr>
<td bordercolor="#DAE8FF" bgcolor="#DAE8FF">Password</td>
<td bordercolor="#DAE8FF" bgcolor="#DAE8FF">:</td>
<td bordercolor="#DAE8FF" bgcolor="#DAE8FF"><input name="mypassword" type="password" id="mypassword" /></td>
</tr>
<tr>
<td bordercolor="#DAE8FF" bgcolor="#DAE8FF">&nbsp;</td>
<td bordercolor="#DAE8FF" bgcolor="#DAE8FF">&nbsp;</td>
<td bordercolor="#DAE8FF" bgcolor="#DAE8FF"><input type="submit" name="action" id="action" value="Login" /></td>
</tr>
</table></td>
</form>
</tr>
</table>
</body>
</html>

hinch
08-14-2008, 03:13 PM
oh you may want to change the vars in the DB connection to match the ones in your data.php or you can change the ones in your data.php to match the ones in the db connection (force of habit I use different ones)

$database = mysql_pconnect($serverAddress, $databaseUsername, $databasePassword);
mysql_select_db($databaseToUse,$database);

SteveDD
08-15-2008, 12:20 AM
I have changed the data code and all it says is invalid username or password in red in the login box and doesn't let me go any further.

I can't understand why it is not.

Just for ur info the password is field 5 in the DB and username is field 4

Getting fed up with it now :(

Steve

hinch
08-15-2008, 06:13 AM
field 5 starting from 0 ? or field 5 starting from 1 ?

php counts from 0 so if its the 4th field starting from zero change $userdetails[5] to $userdetails[4]

SteveDD
08-15-2008, 10:20 AM
Hey looks like we are working. !!!

Is there a bit of code that I can put at the top of each page in order to stop anyone jumping directly to it and also to hold the "username" as my next mission is to try and create a return details page which will returen the description, promotion, condtions & offercode which can be edited and updated?

SteveDD
08-15-2008, 01:14 PM
A problem I have just noticed is it doesn't divert you to the page corparea.php instead goes to index.php and when i tried to make the login page for a different area of the site changing a few details it logs in and goes to index1.php. Is this because the form is running in itself and after it has validated for some reason isnt moving on to the corparea.php page?

hinch
08-15-2008, 03:54 PM
the form posts to its self if you look at the <form> tag it has action="index1.php" so that if you rename it from index1.php to say login.php then you'll need to change the action to whatever you renamed the file to it will only divert to the corparea.php page if the login was successful else it'll always go to whatever the action="" is set to

also always make sure that block of php code that is above the <html> in my example above is always above everything else on your login page.

to secure page's underneath the login ie: corparea.php and any thing else that you want people to log in to first put this code at the top of each page.



<?php
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
header( 'Location: index1.php' ) ;
}
?>


again remember to rename the index1.php to whatever you call your login page

since we stored the username in the session on login if you want to print out the username anywhere you do it like this



echo "Welcome back ".$_SESSION['userid'].",<br />";


have a bash at the display/update of the details stuff and just post if you have problems again

SteveDD
08-15-2008, 04:12 PM
hi,
Yes I have been doing that i.e. login.php has been changed in the form to login.php so it runs itself. When I enter a wrong password it comes up with wrong password etc in the red writting, however when i enter a correct one it just displays a fail to load page with the web address still the same i.e. login.php

hinch
08-15-2008, 04:15 PM
got a url and a test username/password PM them me so i can see what its doing exactly for you. or you could pase the fail to load page error in full but often easier if I can actually see what its doing

SteveDD
08-16-2008, 03:34 AM
Attached file as requested. I have found that the login re-directs me to the right page is done in Firefox but doesn't re-direct when using explorer.

hinch
08-16-2008, 11:42 AM
right I have no idea why thats not working in IE:

I've checked the code locally and it works fine IE and FF both redirect OK,
On your live server FF redirects correctly.
On the live server IE throws up a DNS/Server not available error.

Thing is I dont have a clue why hopefully someone else will chip in and help now as I'm confused.

SteveDD
08-16-2008, 04:28 PM
did you figure out why the box had the text in red on load?

Can anyone else help with the last problem?

hinch
08-16-2008, 05:44 PM
yeah i know why its doing that but when i thought about it it makes sense to have it there anyway so people know to fill in both boxes though can show you how to remove it if you want.

SteveDD
08-16-2008, 06:56 PM
No thats fine I think it makes sense aswell. I have sorted the IE problem it was due to the location file being missing. IE didn't want to divert but firefox would even though it wasn't there.

In relation to the amend details page I want to do I can'r figure out how to use the username string I am storing when user log in to gather the correct details. I obviously want to remember the username i.e. steve so when I click edit my details it will go and get the relevent info for Steve.

This is what I have so far the changedetails.php page and then the updatedetails.php which updates the DB. I am struggling to carry the username string so it knows what to update.


<?php
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
header( 'Location: index1.php' ) ;
}
?>
<?php
session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);

$sql = "select companyname, description, promotion, conditions, offercode from onlineoffers where = '$_GET[userid]'";
$sql_run = mysql_query($sql, $conn) or die(mysql_error());


while ($values = mysql_fetch_array($sql_run)) {
$companyname = $values['companyname'];
$description = $values['description'];
$promotion = $values['promotion'];
$conditions = $values['conditions'];
$offercode = $values['offercode'];


echo "<font face=\"verdana\">";
echo "<form method=\"POST\" action=\"updatedetails.php?username=$_GET[userid]\">";
echo "<input type=\"hidden\" name=\"id\" value=\"$id\">";


echo "Company name: <input type=\"text\" name=\"companyname\" value=\"$companyname\" size=\"36\">";
echo "<BR><BR>";

echo "Description:<BR>";
echo "<textarea rows=\"7\" name=\"description\" cols=\"64\">$description</textarea>";
echo "<BR><BR>";

echo "Deal Details:<BR>";
echo "<textarea rows=\"7\" name=\"promotion\" cols=\"64\">$promotion</textarea>";
echo "<BR><BR>";

echo "Conditions:<BR>";
echo "<textarea rows=\"7\" name=\"conditions\" cols=\"64\">$conditions</textarea>";
echo "<BR><BR>";

echo "Offer/deal code: <input type=\"text\" name=\"offercode\" value=\"$offercode\" size=\"36\">";
echo "<BR><BR>";

echo "<input type=\"submit\" value=\"Submit\" name=\"submit\">";
echo "</form>";


}

?>

& then the later script


<?php

session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);



$sql = "update onlineoffers set companyname = '$_POST[companyname]', description = '$_POST[description]', promotion = '$_POST[promotion]', conditions = '$_POST[conditions]', offercode = '$_POST[offercode]' where username = '$_POST[userid]'";
$sql_run = mysql_query($sql, $conn) or die(mysql_error());


echo "$_POST[companyname]";
echo "<BR>";
echo "$_POST[description]";
echo "<BR>";
echo "$_POST[promotion]";
echo "<BR>";
echo "$_POST[conditions]";
echo "<BR>";
echo "$_POST[offercode]";
echo "<BR>";

echo "Thank you, you have updated your details";
}
?>

hinch
08-17-2008, 11:20 AM
you've stored the userid (username) into a session so you can do this

$sql = "select companyname, description, promotion, conditions, offercode from onlineoffers where username = '".$_SESSION[userid]."'";

same for the update pay attention to the '". and ."' encapsulating the sessionuserid



session_start(); needs to be the very first thing on the page above the login check so move it up above that

SteveDD
08-17-2008, 03:06 PM
Nearly there, I have got it to bring back the details but when I edit them and hover over the submit button it say username=(nothing is here). This is the code for the updating script I have now.

<?php

session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);



$sql = "update onlineoffers set companyname = '$_POST[companyname]', description = '$_POST[description]', promotion = '$_POST[promotion]', conditions = '$_POST[conditions]', offercode = '$_POST[offercode]' where username = '".$_SESSION[userid]."'";
$sql_run = mysql_query($sql, $conn) or die(mysql_error());


echo "$_POST[companyname]";
echo "<BR>";
echo "$_POST[description]";
echo "<BR>";
echo "$_POST[promotion]";
echo "<BR>";
echo "$_POST[conditions]";
echo "<BR>";
echo "$_POST[offercode]";
echo "<BR>";

echo "Thank you, you have updated your details";
}
?>


I get a Syntax error on line 26? Do I need to include the session variable at the top of that page aswell or will the first be enough?

hinch
08-17-2008, 06:02 PM
your sql statement is wrong the session bit is correct but your not escaping your sql properly.

atm you have companyname = '$_POST[companyname]'

it should be
companyname = '".mysql_real_escape_string($_POST[companyname])."'

notice the '". and the ."' again also escaping the input to stop it breaking if people use special chars like ' or " etc


oh yead and when echoing a php var you don't need the "
echo "$_POST[companyname]"; becomes echo $_POST[companyname];

SteveDD
08-17-2008, 06:23 PM
like this?


<?php

session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);



$sql = "update onlineoffers set companyname = '".mysql_real_escape_string($_POST[companyname])."', description = '$_POST[description]', promotion = '$_POST[promotion]', conditions = '$_POST[conditions]', offercode = '$_POST[offercode]' where username = '".$_SESSION[userid]."'";
$sql_run = mysql_query($sql, $conn) or die(mysql_error());


echo $_POST[companyname];
echo <BR>;
echo $_POST[description];
echo <BR>;
echo $_POST[promotion];
echo <BR>;
echo $_POST[conditions];
echo <BR>;
echo $_POST[offercode];
echo <BR>;

echo "Thank you, you have updated your details";
}
?>

hinch
08-17-2008, 07:23 PM
yup but you need to do it around ALL the variables in your sql statement not just the one I used as an example

also $_POST[] needs ' ' around the post var name eg: $_POST['myvar']

SteveDD
08-17-2008, 08:54 PM
<?php

session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);


$sql = "update onlineoffers set companyname = '".mysql_real_escape_string($_POST[companyname])."', description = '".mysql_real_escape_string($_POST[description])."',
promotion = '".mysql_real_escape_string($_POST[promotion])."',
conditions = '".mysql_real_escape_string($_POST[conditions])."',
offercode = '".mysql_real_escape_string($_POST[offercode])."' where username = '".$_SESSION[userid]."'";
$sql_run = mysql_query($sql, $conn) or die(mysql_error());


echo $_POST['companyname'];
echo <BR>;
echo $_POST['description'];
echo <BR>;
echo $_POST['promotion'];
echo <BR>;
echo $_POST['conditions'];
echo <BR>;
echo $_POST['offercode'];
echo <BR>;

echo "Thank you, you have updated your details";
}
?>



Nope still SQL errors

hinch
08-17-2008, 09:39 PM
you didn't put the ' in the _POST[] as I said above :)

$sql = "update onlineoffers set companyname = '".mysql_real_escape_string($_POST['companyname'])."', description = '".mysql_real_escape_string($_POST['description'])."',
promotion = '".mysql_real_escape_string($_POST['promotion'])."',
conditions = '".mysql_real_escape_string($_POST['conditions'])."',
offercode = '".mysql_real_escape_string($_POST['offercode'])."' where username = '".$_SESSION['userid']."'";

SteveDD
08-18-2008, 12:45 PM
<?php

session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);


$sql = "update onlineoffers set companyname = '".mysql_real_escape_string($_POST['companyname'])."', description = '".mysql_real_escape_string($_POST['description'])."',
promotion = '".mysql_real_escape_string($_POST['promotion'])."',
conditions = '".mysql_real_escape_string($_POST['conditions'])."',
offercode = '".mysql_real_escape_string($_POST['offercode'])."' where username = '".$_SESSION[userid]."'";
$sql_run = mysql_query($sql, $conn) or die(mysql_error());


echo $_POST['companyname'];
echo <BR>;
echo $_POST['description'];
echo <BR>;
echo $_POST['promotion'];
echo <BR>;
echo $_POST['conditions'];
echo <BR>;
echo $_POST['offercode'];
echo <BR>;

echo "Thank you, you have updated your details";
}
?>



nope still more syntax errors now..

hinch
08-18-2008, 01:28 PM
post up the errors then so we can see them :)

SteveDD
08-18-2008, 02:01 PM
Parse error: syntax error, unexpected '<' in http://www.etc/updatedetails.php on line 17

hinch
08-18-2008, 03:02 PM
ahh you haven't put "" around your <br>'s can't believe i didn't notice that :)

echo "<br>";

SteveDD
08-18-2008, 03:31 PM
Done that still the same error

hinch
08-18-2008, 03:45 PM
post up code again wrap it in [php] tags though please makes it colour coded for easy readage :)

SteveDD
08-18-2008, 03:59 PM
Its working I have gone through it again slowly. I will add this to the top of the relevent passworded pages but remember to change the names.


<?php
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
header( 'Location: index1.php' ) ;
}
?>

My change password script is as follows and am having problems with this :) I basically have my login details from before. Storing the userid used, which in this case is the email and is called email in the DB in the table "sign_up" doesn't saying the password I have entered doesn't match


<?php
session_start();
session_register("session");

session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);

//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}
// This is displayed if all the fields are not filled in

$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$password = $_POST['password'];
$password1 = $_POST['password1'];
if (!isset($_POST['password'])) {
?>

<h2>Change password! <? echo $_SESSION['userid']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password"">New password:</label>
<input type="password" title="Please enter a password" name="password" size="30"></p>
<p class="style3"><label for="password1">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password1" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>

<?php
}
elseif (empty($password) || empty($password1)) {
echo $empty_fields_message;
}
else {
$db_password=md5(mysql_real_escape_string($password));
//Setting flags for checking
$status = "OK";
$msg="";

if ( strlen($password) < 3 or strlen($password) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";$status= "NOTOK";}
if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update sign_up set password='$db_password' where userid='$session[userid]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password1;
}
}
}
?>

hinch
08-18-2008, 04:30 PM
based off the code earlier your userid session stores the username NOT the email so your where statement in your pasword update sql is wrong

atm you have

where userid=

it should be

where username='".$_SESSION['userid']."'

need to wrap the session in ". ." because it has ' in it if i remember correctly you can't just dump it in.

SteveDD
08-18-2008, 05:18 PM
I am getting confused now. On one script I am storing the username field as "username". In my other script I am storing the username but this is called "email".

I am working on the change password for the second area above,

The script below when ran says in the title of the page CHANGE PASSWORD! steve@myemail.com
This is the email I logged in on, so it must be storing this variable correctly my username which is the "email". When I click submit it just comes up with both passwords do not match error.


<?php
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
header( 'Location: login.php' ) ;
}


session_start();
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);

//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}
// This is displayed if all the fields are not filled in

$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$password = $_POST['password'];
$password1 = $_POST['password1'];
if (!isset($_POST['password'])) {
?>

<h2>Change password! <? echo $_SESSION['userid']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password"">New password:</label>
<input type="password" title="Please enter a password" name="password" size="30"></p>
<p class="style3"><label for="password1">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password1" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>

<?php
}
elseif (empty($password) || empty($password1)) {
echo $empty_fields_message;
}
else {
$db_password=md5(mysql_real_escape_string($password));
//Setting flags for checking
$status = "OK";
$msg="";

if ( strlen($password) < 3 or strlen($password) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";$status= "NOTOK";}
if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update sign_up set password='$db_password' where email='$session[userid]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password;
}
}
}
?>

oesxyl
08-19-2008, 01:48 PM
read comments and post questions.


<?php
ini_set('display_errors',1); // <-- add this
error_reporting(E_ALL); // <-- add this
session_cache_expire(40);
session_start(); // <-- this is first session_start
// next have no sense: if this is login.php and user come here to login then
// why if don't have userid <=> are not logged in you redirect them here???
if (!isset($_SESSION['userid'])) {
header( 'Location: login.php' ) ;
}

session_start(); // <-- second session_start ?????
include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
// why don't check mysql_select_db???
mysql_select_db($user, $conn);

//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}
// This is displayed if all the fields are not filled in

$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$password = $_POST['password'];
$password1 = $_POST['password1'];
// is to late to check if $_POST['password'] isset if you already use it
if (!isset($_POST['password'])) {
?>

<h2>Change password! <? echo $_SESSION['userid']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password"">New password:</label>
<input type="password" title="Please enter a password" name="password" size="30"></p>
<p class="style3"><label for="password1">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password1" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>

<?php
}elseif (empty($password) || empty($password1)) {
echo $empty_fields_message;
}else{
$db_password=md5(mysql_real_escape_string($password));
//Setting flags for checking
$status = "OK";
$msg="";

if ( strlen($password) < 3 or strlen($password) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";
}
if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";
}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
// check next lines, I change them
$query = "update sign_up set password='".$db_password."' where email='".$session[userid]."'";
$result = mysql_query($query);
if($result){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password;
}else{
print '<pre>'.mysql_error().'</pre>';
}
}
}
?>


regards

SteveDD
08-19-2008, 02:51 PM
Thank you it says it is changing the password (it isnt) and I have the following errors.
more errors now on lines 22,23, & 56.

22 = Undefined index: password in
23 = Undefined index: password1 in
56 = Use of undefined constant userid - assumed 'userid' in
56 = Undefined variable: session in



How do I replace what you have suggested above.


<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
header( 'Location: login.php' ) ;
}

include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
mysql_select_db($user, $conn);

//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}
// This is displayed if all the fields are not filled in

$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$password = $_POST['password'];
$password1 = $_POST['password1'];
if (!isset($_POST['password'])) {
?>

<h2>Change password! <? echo $_SESSION['userid']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password"">New password:</label>
<input type="password" title="Please enter a password" name="password" size="30"></p>
<p class="style3"><label for="password1">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password1" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>

<?php
}
elseif (empty($password) || empty($password1)) {
echo $empty_fields_message;
}
else {
$db_password=md5(mysql_real_escape_string($password));
//Setting flags for checking
$status = "OK";
$msg="";

if ( strlen($password) < 3 or strlen($password) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";$status= "NOTOK";}
if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
$query = "update sign_up set password='".$db_password."' where email='".$session[userid]."'";
$result = mysql_query($query);
if($result){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password;
}else{
print '<pre>'.mysql_error().'</pre>';
}
}
}
?>

oesxyl
08-19-2008, 03:10 PM
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
session_cache_expire(40);
session_start();

include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
if(!mysql_select_db($user, $conn)){
echo mysql_error();
exit;
}

$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
if (!isset($_POST['password'])) {
// Convert to simple variables
$password = $_POST['password'];
$password1 = $_POST['password1'];
?>

<h2>Change password! <? echo $_SESSION['userid']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password"">New password:</label>
<input type="password" title="Please enter a password" name="password" size="30"></p>
<p class="style3"><label for="password1">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password1" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>

<?php
}elseif(empty($password) || empty($password1)){
echo $empty_fields_message;
}else{
$db_password=md5(mysql_real_escape_string($password));
//Setting flags for checking
$status = "OK";
$msg="";
if(strlen($password) < 3 or strlen($password) > 10){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";
}
if(strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";
}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
$query = "update sign_up set password='".$db_password."' where email='".$session['userid']."'";
$result = mysql_query($query);
if($result){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password;
}else{
print '<pre>'.mysql_error().'</pre>';
}
}
}
?>

from where did you get the value you want to store in session for userid?
I changed few lines in script:
- remove redirection and second session_start
- add error message and exit to mysql_connect_db
- moved password + post inside if
- quote userid in last query


regards

SteveDD
08-19-2008, 04:46 PM
I have used the code you have placed above. I still get the two errors when the form loads

Notice: Undefined index: password in LINE 17
Notice: Undefined index: password1 in LINE 18

and when I press submit it says please fill in all the form etc... when I have done.

I get the session from "email" which is the username for logging in. All these details are stored in the same table
I have done an edit details page using the same session variable "email" and it has changed everything with no issues. It is just this password form I can't get to work.

Steve

oesxyl
08-19-2008, 04:56 PM
replace this:


if (!isset($_POST['password'])) {
// Convert to simple variables
$password = $_POST['password'];
$password1 = $_POST['password1'];
?>


with this:


// Convert to simple variables
$password = '';
$password1 = '';
if(isset($_POST['password'])){
$password = $_POST['password'];
}
if(isset($_POST['password1'])){
$password1 = $_POST['password1'];
}
if (!isset($_POST['password'])) {
?>


regards

SteveDD
08-19-2008, 05:23 PM
Notice: Undefined variable: password2 in changepass.php on line 50
Both passwords do not match

They do match :(

My code



<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
session_cache_expire(40);
session_start();

include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
if(!mysql_select_db($user, $conn)){
echo mysql_error();
exit;
}

$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$password = '';
$password1 = '';
if(isset($_POST['password'])){
$password = $_POST['password'];
}
if(isset($_POST['password1'])){
$password1 = $_POST['password1'];
}
if (!isset($_POST['password'])) {
?>


<h2>Change password! <? echo $_SESSION['userid']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password"">New password:</label>
<input type="password" title="Please enter a password" name="password" size="30"></p>
<p class="style3"><label for="password1">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password1" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>

<?php
}elseif(empty($password) || empty($password1)){
echo $empty_fields_message;
}else{
$db_password=md5(mysql_real_escape_string($password));
//Setting flags for checking
$status = "OK";
$msg="";
if(strlen($password) < 3 or strlen($password) > 10){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";
}
if(strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";
}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
$query = "update sign_up set password='".$db_password."' where email='".$session['userid']."'";
$result = mysql_query($query);
if($result){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password;
}else{
print '<pre>'.mysql_error().'</pre>';
}
}
}
?>

oesxyl
08-19-2008, 05:51 PM
Notice: Undefined variable: password2 in changepass.php on line 50
Both passwords do not match

They do match :(

My code
you don't have any $password2, is $password and $password1.

this:


if(strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";
}


become:


if(strcmp( $password,$password1) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";
}


regards

SteveDD
08-19-2008, 06:00 PM
Now this error on line 57
Notice: Undefined variable: session in

This line refers to
$query = "update sign_up set password='".$db_password."' where email='".$session['userid']."'";

oesxyl
08-19-2008, 06:07 PM
from where did you get the value you want to store in session for userid?




I get the session from "email" which is the username for logging in. All these details are stored in the same table
I have done an edit details page using the same session variable "email" and it has changed everything with no issues. It is just this password form I can't get to work.


Now this error on line 57
Notice: Undefined variable: session in

This line refers to
$query = "update sign_up set password='".$db_password."' where email='".$session['userid']."'";

regards

SteveDD
08-19-2008, 07:22 PM
Sorted thanks...

SteveDD
08-19-2008, 07:31 PM
This is my code below to make it better what do I need to add to this to make it check to see if the current password matches before it changes.

So on my form I have a new field checkpass aswell as the other two password & password1. I want it to check sign_up to see if password = password in DB, if not it will echo an error wrong password, go back. but if it is correct it will go ahead and change it.


<?php
session_cache_expire(40);
session_start();
if (!isset($_SESSION['userid'])) {
header( 'Location: login.php' ) ;
}

include("data/data.php");
$conn = mysql_connect($servername, $user, $password) or die("Could not connect: " . mysql_error());
if(!mysql_select_db($user, $conn)){
echo mysql_error();
exit;
}

$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$password = '';
$password1 = '';
if(isset($_POST['password'])){
$password = $_POST['password'];
}
if(isset($_POST['password1'])){
$password1 = $_POST['password1'];
}
if (!isset($_POST['password'])) {
?>


<h2>Change password! <? echo $_SESSION['userid']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password"">New password:</label>
<input type="password" title="Please enter a password" name="password" size="30"></p>
<p class="style3"><label for="password1">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password1" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>

<?php
}elseif(empty($password) || empty($password1)){
echo $empty_fields_message;
}else{
$db_password=md5(mysql_real_escape_string($password));
//Setting flags for checking
$status = "OK";
$msg="";
if(strlen($password) < 3 or strlen($password) > 10){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";
}
if(strcmp( $password,$password1 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";
}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
$query = "update sign_up set password='".$db_password."' where email = '".$_SESSION[userid]."'";
$result = mysql_query($query);
if($result){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password;
}else{
print '<pre>'.mysql_error().'</pre>';
}
}
}
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum