Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Updating User Problem

Status
Not open for further replies.
moviejunkie

moviejunkie

IS-IT--Management
Oct 12, 2006
21
US
I need to be able to update a user from a form on a page, but I need a couple of variables for the form.

I need to be able to change the first name and last name of the user (this is no problem) the problem is when I want to change the password, If the user leaves the password text box empty it will not change the current password. Also if the user wants to change the password he/she must enter there current password and also type the new password twice to verify.

Here is the code I have so far

Code: 
<?php

require_once ('db.php');

function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
		}

		$password = clean($_POST['newpass']);
		$passwordchk = clean($_POST['retypepass']);
		$first_name = clean($_POST['first_name']);
		$last_name = clean($_POST['last_name']);
		$id = clean($_POST['id']);
		$cpass = md5(clean($_POST['currpass']));
		
		$sql ="";
		$res="";
		$newpass="";
		
		$sql = "SELECT password FROM mis_users WHERE id = '$id'";
		$res = mysql_query($sql) or die(mysql_error());
		
		if ($res)
		{
			$currentPass = mysql_fetch_assoc($res);
		
			$res="";
			$sql="";
		
			if ($currentPass["password"] != $cpass) {
				header("location: ../setup.php?code=5");
				exit();
			}
		
			if($password != $passwordchk){
				header("location: ../setup.php?code=6");
				exit();
			}
			else
			{
				$newpass = md5($password);
				$sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name', password = '$newpass' WHERE id='id'";
				$res = mysql_query($sql) or die(mysql_error());
				$sql="";
				
				if ($res)
				{
					$res="";
					header("location: ../setup.php?code=3");
					exit();
				}
				else {
					$res="";
					die("Query failed");
					header("location: ../setup.php?code=4");
					exit();
				}
			}
				
		
			if($password == ""){
				$sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name' WHERE id='$id'";
				$res = mysql_query($sql) or die(mysql_error());
				
				$sql="";
				
				if ($res)
				{
					$res="";
					header("location: ../setup.php?code=3");
					exit();
				}
				else {
					$res="";
					die("Query failed");
					header("location: ../setup.php?code=4");
					exit();
				}	
			}
		
		}
		
		else {
		die("Query failed");
			header("location: ../setup.php?code=2");
		}

Thanks for your help.
 
Sort by date Sort by votes
It looks from from this snippet:

Code: 
if($password == ""){
                $sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name' WHERE id='$id'";


etc...

will never be executed, as right a bove it is an if/else that both exit().

Scott Prelewicz
Web Developer
COMAND Solutions
 
Upvote 0 Downvote
it will update users but it will not update the password
 
Upvote 0 Downvote
$sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name', password = '$newpass' WHERE id='id'";

You haven't put the $ before the $id variable?

Can't see anything else wrong...
 
Upvote 0 Downvote
That will fix that issue, but there still seems to be another.

Code: 
if ($currentPass["password"] != $cpass) {
                header("location: ../setup.php?code=5");
                exit();
            }
        
[COLOR=#ff0000]//The problem starts here. This is an if/else block so one or the other will always be executed[/color]


            if ($password != $passwordchk){
[COLOR=#ff0000]//So if this *if* evaluates true, this is executed, redirected and the script exit()s[/color]
                header("location: ../setup.php?code=6");
                [b][i][COLOR=#ff0000]exit();[/color][/i][/b]
            } else {
[COLOR=#ff0000]//If the *if* above evaluates false, this is executed[/color]
                $newpass = md5($password);
                $sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name', password = '$newpass' WHERE id='id'";
                $res = mysql_query($sql) or die(mysql_error());
                $sql="";
                
[COLOR=#ff0000]//Another if else, so one or the other will always execute. However, they both also exit()[/color]
                if ($res) {
                    $res="";
                    header("location: ../setup.php?code=3");
                    [b][i][COLOR=#ff0000]exit();[/color][/i][/b]
                } else {
                    $res="";
                    die("Query failed");
                    header("location: ../setup.php?code=4");
                    [b][i][COLOR=#ff0000]exit();[/color][/i][/b]
                }
            }
[COLOR=#ff0000]//So how will any of the code below ever execute?[/color]                
        
            if($password == ""){
                $sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name' WHERE id='$id'";
                $res = mysql_query($sql) or die(mysql_error());
                
                $sql="";
                
                if ($res)
                {
                    $res="";
                    header("location: ../setup.php?code=3");
                    exit();
                }
                else {
                    $res="";
                    die("Query failed");
                    header("location: ../setup.php?code=4");
                    exit();
                }    
            }

Scott Prelewicz
Web Developer
COMAND Solutions
 
Upvote 0 Downvote
if you look that if statement is inside an else statement

Code: 
if ($password != $passwordchk){
//So if this *if* evaluates true, this is executed, redirected and the script exit()s
                header("location: ../setup.php?code=6");
                exit();
            } else {
//If the *if* above evaluates false, this is executed
                $newpass = md5($password);
                $sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name', password = '$newpass' WHERE id='id'";
                $res = mysql_query($sql) or die(mysql_error());
                $sql="";

               if ($res) {
                    $res="";
                    header("location: ../setup.php?code=3");
                    exit();
                } else {
                    $res="";
                    die("Query failed");
                    header("location: ../setup.php?code=4");
                    exit();
                }
            }

the next block of code is outside of the previous if statement

Code: 
if($password == ""){
                $sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name' WHERE id='$id'";
                $res = mysql_query($sql) or die(mysql_error());
                
                $sql="";
                
                if ($res)
                {
                    $res="";
                    header("location: ../setup.php?code=3");
                    exit();
                }
                else {
                    $res="";
                    die("Query failed");
                    header("location: ../setup.php?code=4");
                    exit();
                }    
            }
 
Upvote 0 Downvote
This is getting way off the original topic, but driving me crazy. You programmers know how that is. :) Let me try again, because I'm still not seeing it. I'll assume you're right, because it must be working for you, I'm going by your original code posted.

Code: 
<?php

require_once ('db.php');

function clean($str) {
	$str = @trim($str);
    
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
    }
    
	return mysql_real_escape_string($str);
}

$password = clean($_POST['newpass']);
$passwordchk = clean($_POST['retypepass']);
$first_name = clean($_POST['first_name']);
$last_name = clean($_POST['last_name']);
$id = clean($_POST['id']);
$cpass = md5(clean($_POST['currpass']));
        
$sql ="";
$res="";
$newpass="";
        
$sql = "SELECT password FROM mis_users WHERE id = '$id'";
$res = mysql_query($sql) or die(mysql_error());


[COLOR=green]//We come to our very first if statement here. We'll assume that $res does indeed evaluate to true, so we enter this if[/color]       
if ($res) {
	$currentPass = mysql_fetch_assoc($res);
	$res="";
    $sql="";
    
[COLOR=green]Okay, so now we come to our second conditional, still inside the first. However, this conditional has no else. We'll assume that this evaluates to false, otherwise the script would exit here[/color]    
    if ($currentPass["password"] != $cpass) {
		header("location: ../setup.php?code=5");
        exit();
    }

[COLOR=green]Okay, now we come to where I think there is a problem. At this point, we are only inside of ONE if(), the original one that we assumed $res evaluated to true. This is an if/else. One of these two are guaranteed to ALWAYS execute. We are not inside any else here at this point. We are only iside the *if* mentioned above.

So, one of two things can happen at this point.

1) This *if* evaluates true, redirecting us and exit[/color]        
    if($password != $passwordchk) {
		header("location: ../setup.php?code=6");
		[COLOR=red]exit();[/color]
    } else {
[COLOR=green]2) The if evaluated false, so 1 is now irrelevant and we execute this, the else instead. We are now inside an else[/color]
		$newpass = md5($password);
		$sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name', password = '$newpass' WHERE id='id'";
		$res = mysql_query($sql) or die(mysql_error());
		$sql="";
                
[COLOR=green]We are inside the else as mentioned above, but now we encounter a whole different if/else. Being an if/else, one of these 2 will ALWAYS be executed, Well, it will NOT be executed ONLY if the if that belongs to the else we are in evaluated to true. But if that happened, as described aboved, we also exit. 

Anyway, if we got to this point, we have this new if/else. One of the 2 has to be executed, and they both exit(). So, since the if that belongs to this else exit()s, and both conditions in the else() exit, we will always exit.[/color]
		if ($res) {
			$res="";
            header("location: ../setup.php?code=3");
            exit();
        } else {
			$res="";
			die("Query failed");
			header("location: ../setup.php?code=4");
			exit();
        }
	}
                
        
	if($password == ""){
		$sql="UPDATE mis_users SET first_name='$first_name', last_name='$last_name' WHERE id='$id'";
		$res = mysql_query($sql) or die(mysql_error());
                
		$sql="";
                
		if ($res) {
			$res="";
			header("location: ../setup.php?code=3");
			exit();
		} else {
			$res="";
			die("Query failed");
			header("location: ../setup.php?code=4");
			exit();
		}    
	}
        
} else {
	die("Query failed");
	header("location: ../setup.php?code=2");
}
?>

Scott Prelewicz
Web Developer
COMAND Solutions
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rmak78
  • Locked
  • Helpful tip
LIMIT USERS ACCESS PER DAY BY IP
Replies
0
Views
119
rmak78
rmak78
jason.lex
  • Locked
  • Question
Problem with table output and calendar picker bug
Replies
3
Views
113
spamjim
spamjim
notsoevilgenius
  • Locked
  • Question
Error Updating From mySQL To MySQLi
Replies
2
Views
114
vacunita
vacunita
charlion
  • Locked
  • Question
another json problem. 1
Replies
2
Views
103
charlion
charlion
Krus1972
  • Locked
  • Question
Special Character Filter Function Problem
Replies
2
Views
107
Unscruffed
Unscruffed

Part and Inventory Search

Sponsor

Back
Top