...

View Full Version : Take a look at this ugly code.



Smudly
07-01-2010, 03:15 AM
Currently I'm having troubles getting my Password validation to work properly for my profile page. The user is supposed to be able to change their password after typing in their password. It's currently giving me the error "Invalid Password" no matter what I type. Here is the code. Any help appreciated. (I'm not getting any sql errors)

<?php
session_start();
include('inc/connect.php');

$username = isset($_SESSION['username']) ? $_SESSION['username'] : '';

$edit = (isset($_POST['edit']));
$passchange = (isset($_POST['passchange']));

if (!empty($username))
{
//if user is logged in

$sql = mysql_query("SELECT * FROM `users` WHERE `username`='$username'");
$row = mysql_fetch_assoc($sql);

$dbfname = $row['fname'];
$dblname = $row['lname'];
$dbemail = $row['email'];
$dbpassword = $row['password'];
$password = md5($_POST['password']);

$error = "";

if ($edit)
{

$fnamenew = mysql_real_escape_string(strtolower(strip_tags($_POST['fname'])));
$lnamenew = mysql_real_escape_string(strtolower(strip_tags($_POST['lname'])));
$emailnew = mysql_real_escape_string(strip_tags($_POST['email']));

$update = "UPDATE `users` SET `fname`='$fnamenew', `lname`='$lnamenew', `email`='$emailnew' WHERE `username`='$username'";
mysql_query($update);


//////////// Email Validation ////////////
function validEmail($email)
{
$isValid = true;
$atIndex = strrpos($email, "@");
if (is_bool($atIndex) && !$atIndex)
{
$isValid = false;
}
else
{
$domain = substr($email, $atIndex+1);
$local = substr($email, 0, $atIndex);
$localLen = strlen($local);
$domainLen = strlen($domain);
if ($localLen < 1 || $localLen > 64)
{
// local part length exceeded
$isValid = false;
}
else if ($domainLen < 1 || $domainLen > 255)
{
// domain part length exceeded
$isValid = false;
}
else if ($local[0] == '.' || $local[$localLen-1] == '.')
{
// local part starts or ends with '.'
$isValid = false;
}
else if (preg_match('/\\.\\./', $local))
{
// local part has two consecutive dots
$isValid = false;
}
else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
{
// character not valid in domain part
$isValid = false;
}
else if (preg_match('/\\.\\./', $domain))
{
// domain part has two consecutive dots
$isValid = false;
}
else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
str_replace("\\\\","",$local)))
{
// character not valid in local part unless
// local part is quoted
if (!preg_match('/^"(\\\\"|[^"])+"$/',
str_replace("\\\\","",$local)))
{
$isValid = false;
}
}
if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
{
// domain not found in DNS
$isValid = false;
}
}
return $isValid;
}
//////////// End Email Validation /////////



$dbfname = $fnamenew;
$dblname = $lnamenew;
$dbemail = $emailnew;


$success = "Success!";

}

// Change Password
if ($passchange)
{
if($password){

if($password==$dbpassword){

$passwordnew = md5($_POST['passwordnew']);
$passwordconf = md5($_POST['passwordconf']);

if (isset($passwordnew) && !empty($passwordnew)){

if (isset($passwordconf) && !empty($passwordconf)){

if ($passwordnew==$passwordconf){

$passupdate = "UPDATE `users` SET `password`='$passwordnew' WHERE `username`='$username'";
mysql_query($passupdate);

$passsuccess = "Success!";

}
else{
$error = "Your passwords do not match!";
}

}
else{
$error = "Please type in your Confirmed Password!";
}

}
else{
$error = "Please type in your New Password!";
}

}
else{
$error = "Invalid Password";
}



}
else{
$error = "Please type in your Password!";
}



}

}

?>

<html>
<head>
<title>Profile</title>


<script type="text/javascript" language="javascript">
function inputLimiter(e,allow) {
var AllowableCharacters = '';

if (allow == 'UserNameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';}
if (allow == 'UsernameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890' ;}

var k;

k=document.all?parseInt(e.keyCode): parseInt(e.which);

if (k!=13 && k!=8 && k!=0){

if ((e.ctrlKey==false) && (e.altKey==false)) {

return (AllowableCharacters.indexOf(String.fromCharCode(k))!=-1);

} else {

return true;

}

} else {

return true;

}

}

</script>
<style>
#container{
width: 275px;
margin-left: auto;
margin-right: auto;
}
#profile{
width: 222px;
text-align: right;
margin-left: auto;
margin-right: auto;

}
#changepassword{
width: 268px;
text-align: right;
margin-left: auto;
margin-right: auto;

}
#centerpro{
width: 60px;
margin-left: auto;
margin-right: auto;
}
#centerpas{
width: 120px;
margin-left: auto;
margin-right: auto;
}
#center{
width: 150px;
margin-left: auto;
margin-right: auto;
text-align: center;
}
</style>
</head>
<body>
<div id="container">
<div id="profile">
<h3 align="center">Profile</h3>
<form action="newprofile.php" method="POST">
Username: <input type="text" value="<?php echo ucfirst($username); ?>" readonly="readonly"><br />
First Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="fname" value="<?php echo ucfirst($dbfname); ?>"><br />
Last Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="lname" value="<?php echo ucfirst($dblname); ?>"><br />
Email: <input type="text" maxlength="64" name="email" value="<?php echo ucfirst($dbemail); ?>"><br />
<div id="centerpro"><input type="submit" name="edit" value="Submit"></div>
<div id="center"><?php echo $success; ?></div>
</div>
<br />
<br />
<div id="changepassword">
<h3 align="center">Change Password</h3>
Password: <input type="password" maxlength="32" name="password"><br /><br />
New Password: <input type="password" maxlength="32" name="passwordnew"><br />
Confirm Password: <input type="password" maxlength="32" name="passwordconf"><br />
<div id="centerpas"><input type="submit" name="passchange" value="Change Password"></div>
<div id="center"><?php echo $passsuccess, $error; ?></div>
</form>
</div>
</div>
</body>
</html>

mlseim
07-01-2010, 03:54 AM
In this part, enter the red code to see why they are not the same ...
Let us know what the two variables are ... you might see what the problem is ...


// Change Password
if ($passchange)
{
if($password){

echo "password: $password<br>";
echo "dbpassword: $dbpassword";
exit;
if($password==$dbpassword){

$passwordnew = md5($_POST['passwordnew']);
$passwordconf = md5($_POST['passwordconf']);



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum