Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Oct 2008
    Posts
    255
    Thanks
    113
    Thanked 0 Times in 0 Posts

    UPDATE Form Not Processing

    PHP Code:
    <?php

      
    // start the session 
      
      
      
      
    session_name('pickles');
      
    session_set_cookie_params(900);
      
    session_start();
      
      
    $user_id $_GET['user_id'];
      
    $token $_GET['token'];
      
      if (!isset(
    $_SESSION['news']) || !$_SESSION['news'])
      {
      
        
    // redirect them
        
        
    header("Location: https://uhrebirth.com/staff/admin_login.php");
        
        exit;
        
      }
      
      elseif ((!isset(
    $_GET['token']) || !isset($_SESSION['tokenID'])) || $_GET['token'] != $_SESSION['tokenID'])
      {
      
        die(
    'Your request could not be processed.');
        
        exit;
        
      }
      
      elseif (
    $user_id != $_SESSION['id'])
      {
      
        die(
    'You don\'t have permission to view this page.');
        
        exit;
        
      }
      
      else
      {
      
       
    /* $newToken = md5(uniqid(rand(), true));
        
        $_SESSION['tokenID'] = $newToken; FOR TESTING PURPOSES */
        
        // include the connection and salt settings
        
        
    require_once("path");
        require_once(
    "path");
        
        
    $conn access();
        
        
      }
      
      
    // process the form
      
      
    if (array_key_exists('submit'$_POST) && !empty($_POST['submit']))
      {
      
        
    // begin to search for missing elements
        
        
    $fields = array
        (
        
          
    'newName' => true,
          
    'cPwd' => true,
          
    'newPwd1' => true,
          
    'newPwd2' => true,
          
    'newEmail' => true,
          
    'newAdmin' => true
          
        
    );
        
        function 
    trim_value(&$value// function from php.net
        
    {
        
          
    $value trim($value);
          
        }
        
        
    // create an empty array for missing elements
        
        
    $missing = array();
        
        foreach (
    $fields as $field => $expected)
        {
        
          if (!isset(
    $_POST[$field]) && $expected)
          {
          
            
    $missing[] = $field;
            
          }
          
          else 
    // clean up
          
    {
          
            if (
    is_array($_POST[$field]))
            {
            
              
    array_walk($_POST[$field], 'trim_value');
              
            }
            
            else
            {
            
              
    $_POST[$field] = trim($_POST[$field]);
              
            }
            
          }
          
        }
        
        if (empty(
    $missing))
        {
        
          
    $username $_POST['newName'];
          
    $pwdC $_POST['cPwd'];
          
    $pwdC md5($saltmd5($pwdC $salt));
          
    $pwd1 $_POST['newPwd1'];
          
    $pwd2 $_POST['newPwd2'];
          
    $email $_POST['newEmail'];
          
    $admin $_POST['newAdmin'];
          
    $admin = (int)$admin;
          
          if (!
    ctype_alnum($pwd1) || !ctype_alnum($pwd2))
          {
          
            die(
    'Passwords aren\'t alphanumeric.');
            
            exit;
            
          }
          
          if (
    $pwd1 !== $pwd2)
          {
          
            die(
    'Password aren\'t identical.');
            
            exit;
            
          }
          
          if (
    $pwdC !== $_SESSION['pwd'])
          {
          
            die(
    'Your password was incorrect.');
            
            exit;
            
          }
          
          
    $query "UPDATE `users` SET `admin` = ?, `username` = ?, `pwd` = ?, `user_email` = ? WHERE `user_id` = ?";
          
          if (
    $stmt $conn->prepare($query))
          {
          
            if (
    $stmt->bind_param('isssi'$editAdmin$editUser$editPwd$editEmail$wUserID))
            {
            
              
    $editAdmin $admin;
              
    $editUser $username;
              
    $editPwd $pwd1;
              
    $editEmail $email;
              
    $wUserID $user_id;
              
              if (
    $stmt->execute())
              {
              
                
    $isDone true;
                
              }
              
              else
              {
              
                echo 
    "NO EXECUTE";
                
              }
              
            }
              
            else
            {
            
              echo 
    "NO PARAMS";
              
            }
            
          
    $stmt->close();
          
          }
          
          
          
          else
          {
          
            echo 
    "NO STATEMENT";
            
            
    $stmt->close();
            
          }
          
          
    $conn->commit();
          
          
    $conn->close();
          
          
        }
        
      }
          
        
     
    ?>
     
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>

      <head>
      
        <title>Update Administration Profile -- Ultimate Hogwarts: The Rebirth</title>
        
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <meta http-equiv="cache-control" content="no-cache">
        
        <link href="/css/general2.css" rel="stylesheet" type="text/css">
        
        <script language="javascript" type="text/javascript">
        <!--
        
          function checkInput()
          {
          
            var username = document.getElementById("newName").value;
            var pwd1 = document.getElementById("newPwd1").value;
            var pwd2 = document.getElementById("newPwd2").value;
            var pwdC = document.getElementById("cPwd").value;
            var email1 = document.getElementById("newEmail").value;
            var aUsername = username.replace(/[^a-zA-Z ' ']+/g, '');
            var aPwd = pwd1.replace(/[^a-zA-Z 0-9]+/g, '');
            
            
            if (username.length > 29 || username.length < 8)
            {
            
              alert("Username must be greater than seven characters and less than thirty characters.");
              
              return false;
              
            }
            
            else if (username == "" || username == "NULL")
            {
            
              alert("Please enter a username.");
              
              return false;
              
            }
            
            else if ((pwd1 == "" || pwd1 == "NULL") || pwd2 == "" || pwd2 == "NULL")
            {
            
              alert("Please enter a password.");
              
              return false;
              
            }
            
            else if (pwdC == "" || pwdC == "NULL")
            {
            
              alert("Please enter your current password before confirming your edits.");
              
              return false;
              
            }
            
            else if (pwd1.length > 20 || pwd1.length < 7)
            {
            
              alert("Password must be greater than six characters and less than twenty-one characters.");
              
              return false;
              
            }
            
            else if (email1.length > 39 || email1.length < 7)
            {
            
              alert("Your email address must be greater than six characters and less than forty characters.");
              
              return false;
              
            }
            
            else if (pwd1 != pwd2)
            {
            
              alert("Your passwords do not match. Please correct them.");
              
              return false;
              
            }
            
            else if (pwd1 != aPwd)
            {
            
              alert("Passwords must consist of alphanumeric characters only.");
              
              return false;
              
            }
            
            else
            {
            
              return true;
              
            }
            
          }
          
        
        
         //-->
        
          </script>
          
      </head>
      
      <body>
      
        <div align="center" style="text-align: center;">
        
          <h2>Update Your Profile</h2>
          
          <br> <br>
          
          <?php if ($POST && !empty($missing)) { echo "<p class='warning'>The following fields need to be corrected: " implode(', '$missing) . "</p>"; } ?>
          <?php if ($_POST && $isDone == true) { echo "<p><b>Update successful! <a href='https://uhrebirth.com/staff/admin_center.php'>Return Home</a></p>"; } ?>
          
          <form id="editUserForm" name="editUserForm" onSubmit="return checkInput();" method="post" action="<?php echo "https://uhrebirth.com/staff/update_admin.php?user_id={$user_id}&token={$token}"?>">
          
          
            <p><label for="newName">Username:</label> <br> <input type="text" id="newName" name="newName" maxlength="29"></p>
            
            <p><label for="cPwd">Current Password:</label> <br> <input type="password" id="cPwd" name="cPwd" maxlength="20"></p>
            
            <p><label for="newPwd1">New Password:</label> <br> <input type="text" id="newPwd1" name="newPwd1" maxlength="20"></p>
            
            <p><label for="newPwd2">Confirm New Password:</label> <br> <input type="text" id="newPwd2" name="newPwd2" maxlength="20"></p>
            
            <p><label for="newEmail">New Email Address:</label> <br> <input type="text" id="newEmail" name="newEmai" maxlength="39"></p>
            
            <p><label for="newAdmin">Admin Status:</label> Yes<input type="radio" id="newAdmin" name="newAdmin" value="1"> No<input type="radio" name="newAdmin" value="0" checked></p>
            
            <p><input type="submit" id="submit" name="submit" value="Edit Profile"> <input type="reset" value="Reset"></p>
            
          </form>
          
        </div>
        
        
      </body>
      
    </html>
    This form won't process, yet none of my errors are output. Does anyone have some advice? The database user only has update status. Does he need anything besides that to update a table, such as select?
    Last edited by Joseph Witchard; 12-12-2008 at 10:05 PM.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Time to add a bunch more echo statement I guess, so you can see where the code is derailing.

    Also why two require_once("path") statements in a row? Not that it will do anything, but why is it there?

  • Users who have thanked Fumigator for this post:

    Joseph Witchard (12-12-2008)

  • #3
    Regular Coder
    Join Date
    Oct 2008
    Posts
    255
    Thanks
    113
    Thanked 0 Times in 0 Posts
    Current Script:
    PHP Code:
    <?php

      
    // start the session 
      
      
      
      
    session_name('pickles');
      
    session_set_cookie_params(900);
      
    session_start();
      

      
      if (!isset(
    $_SESSION['news']) || !$_SESSION['news'] || !isset($_SESSION['id']) || !$_SESSION['id'])
      {
      
        
    // redirect them
        
        
    die('Sessions are not set.');
        
      }
      
      
    // require the connection and salt settings
      
      
    require_once("path_to_connection");
      require_once(
    "path_to_salt");
      
      
    // set up the connection
      
      
    $conn Access();
      
      
      
      
    // process the form
      
      
    if (array_key_exists('submit'$_POST) && !empty($_POST['submit']))
      {
      
        
    // begin to search for missing elements
        
        
    $fields = array
        (
        
          
    'newName' => true,
          
    'cPwd' => true,
          
    'newPwd1' => true,
          
    'newPwd2' => true,
          
    'newEmail' => true,
          
    'newAdmin' => true
          
        
    );
        
        function 
    trim_value(&$value// function from php.net
        
    {
        
          
    $value trim($value);
          
        }
        
        
    // create an empty array for missing elements
        
        
    $missing = array();
        
        foreach (
    $fields as $field => $expected)
        {
        
          if (!isset(
    $_POST[$field]) && $expected)
          {
          
            
    $missing[] = $field;
            
          }
          
          else 
    // clean up
          
    {
          
            if (
    is_array($_POST[$field]))
            {
            
              
    array_walk($_POST[$field], 'trim_value');
              
            }
            
            else
            {
            
              
    $_POST[$field] = trim($_POST[$field]);
              
            }
            
          }
          
        }
        
        if (empty(
    $missing))
        {
        
          
    $username $_POST['newName'];
          
    $pwdC $_POST['cPwd'];
          
    $pwdC md5($saltmd5($pwdC $salt));
          
    $pwd1 $_POST['newPwd1'];
          
    $pwd2 $_POST['newPwd2'];
          
    $email $_POST['newEmail'];
          
    $admin $_POST['newAdmin'];
          
    $admin = (int)$admin;
          
          if (!
    ctype_alnum($pwd1) || !ctype_alnum($pwd2))
          {
          
            die(
    'Passwords aren\'t alphanumeric.');
            
            exit;
            
          }
          
          if (
    $pwd1 !== $pwd2)
          {
          
            die(
    'Password aren\'t identical.');
            
            exit;
            
          }
          
          if (
    $pwdC !== $_SESSION['pwd'])
          {
          
            die(
    'Your password was incorrect.');
            
            exit;
            
          }
          
          
    $query "UPDATE `users` SET `admin` = ?, `username` = ?, `pwd` = ?, `user_email` = ? WHERE `user_id` = ?";
          
          if (
    $stmt $conn->prepare($query))
          {
          
            if (
    $stmt->bind_param('isssi'$editAdmin$editUser$editPwd$editEmail$wUserID))
            {
            
              
    $editAdmin $admin;
              
    $editUser $username;
              
    $editPwd $pwd1;
              
    $editEmail $email;
              
    $wUserID $user_id;
              
              if (
    $stmt->execute())
              {
              
                
    $isDone true;
                
              }
              
              else
              {
              
                echo 
    "NO EXECUTE";
                
              }
              
            }
              
            else
            {
            
              echo 
    "NO PARAMS";
              
            }
            
          
    $stmt->close();
          
          }
          
          
          
          else
          {
          
            echo 
    "NO STATEMENT";
            
          }
          
          
    $conn->commit();
          
          
    $conn->close();
          
          
        }
        
        else
        {
        
          die(
    'Missing is not empty.');
          
        }
        
      }
          
        
     
    ?>
     
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>

      <head>
      
        <title>Update Administration Profile -- Ultimate Hogwarts: The Rebirth</title>
        
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <meta http-equiv="cache-control" content="no-cache">
        
        <link href="/css/general2.css" rel="stylesheet" type="text/css">
        
        <script language="javascript" type="text/javascript">
        <!--
        
          function checkInput()
          {
          
            var username = document.getElementById("newName").value;
            var pwd1 = document.getElementById("newPwd1").value;
            var pwd2 = document.getElementById("newPwd2").value;
            var pwdC = document.getElementById("cPwd").value;
            var email1 = document.getElementById("newEmail").value;
            var aUsername = username.replace(/[^a-zA-Z ' ']+/g, '');
            var aPwd = pwd1.replace(/[^a-zA-Z 0-9]+/g, '');
            
            
            if (username.length > 29 || username.length < 8)
            {
            
              alert("Username must be greater than seven characters and less than thirty characters.");
              
              return false;
              
            }
            
            else if (username == "" || username == "NULL")
            {
            
              alert("Please enter a username.");
              
              return false;
              
            }
            
            else if ((pwd1 == "" || pwd1 == "NULL") || pwd2 == "" || pwd2 == "NULL")
            {
            
              alert("Please enter a password.");
              
              return false;
              
            }
            
            else if (pwdC == "" || pwdC == "NULL")
            {
            
              alert("Please enter your current password before confirming your edits.");
              
              return false;
              
            }
            
            else if (pwd1.length > 20 || pwd1.length < 7)
            {
            
              alert("Password must be greater than six characters and less than twenty-one characters.");
              
              return false;
              
            }
            
            else if (email1.length > 39 || email1.length < 7)
            {
            
              alert("Your email address must be greater than six characters and less than forty characters.");
              
              return false;
              
            }
            
            else if (pwd1 != pwd2)
            {
            
              alert("Your passwords do not match. Please correct them.");
              
              return false;
              
            }
            
            else if (pwd1 != aPwd)
            {
            
              alert("Passwords must consist of alphanumeric characters only.");
              
              return false;
              
            }
            
            else
            {
            
              return true;
              
            }
            
          }
          
        
        
         //-->
        
          </script>
          
      </head>
      
      <body>
      
        <div align="center" style="text-align: center;">
        
          <h2>Update Your Profile</h2>
          
          <br> <br>
          
          
          <form id="editUserForm" name="editUserForm" onSubmit="return checkInput();" method="post" action="https://uhrebirth.com/staff/update_admin.php">
          
          
            <p><label for="newName">Username:</label> <br> <input type="text" id="newName" name="newName" maxlength="29"></p>
            
            <p><label for="cPwd">Current Password:</label> <br> <input type="password" id="cPwd" name="cPwd" maxlength="20"></p>
            
            <p><label for="newPwd1">New Password:</label> <br> <input type="text" id="newPwd1" name="newPwd1" maxlength="20"></p>
            
            <p><label for="newPwd2">Confirm New Password:</label> <br> <input type="text" id="newPwd2" name="newPwd2" maxlength="20"></p>
            
            <p><label for="newEmail">New Email Address:</label> <br> <input type="text" id="newEmail" name="newEmail" maxlength="39"></p>
            
            <p><label for="newAdmin">Admin Status:</label> Yes<input type="radio" id="newAdmin" name="newAdmin" value="1"> No<input type="radio" name="newAdmin" value="0" checked></p>
            
            <p><input type="submit" id="submit" name="submit" value="Edit Profile"> <input type="reset" value="Reset"></p>
            
          </form>
          
        </div>
        
        
      </body>
      
    </html>
    It keeps echoing out that the statement NO STATEMENT, which means for some reason, the statement isn't being prepared.

    Also, the reason for the two requires is because one goes to my database connection settings, and one goes to my salt settings to use to encrypt passwords. Is there a better way to include them?

  • #4
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Your query is throwing an error. Syntax is checked when it's prepared. Echo the SQL error.

    Well I see now you are including two different files, so no problem. You were previously including the same file twice so that's why it caught my eye.

  • Users who have thanked Fumigator for this post:

    Joseph Witchard (12-12-2008)

  • #5
    Regular Coder
    Join Date
    Oct 2008
    Posts
    255
    Thanks
    113
    Thanked 0 Times in 0 Posts
    No, I was always including two different files. I just wrote "path" for both of them in order to avoid writing out the actual paths to the file. I'm very paranoid about security

    After much frustration and debugging, I got the script working. Do MySQL UPDATE users always have to have SELECT powers as well in order to be able to update a table? After I found out that was the problem, all I did was connect with a user that has both UPDATE and SELECT powers instead of a user with only UPDATE powers and that fixed it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •