Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Jun 2010
    Posts
    163
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Take a look at this ugly code.

    Currently I'm having troubles getting my Password validation to work properly for my profile page. The user is supposed to be able to change their password after typing in their password. It's currently giving me the error "Invalid Password" no matter what I type. Here is the code. Any help appreciated. (I'm not getting any sql errors)
    PHP Code:
    <?php
    session_start
    ();
    include(
    'inc/connect.php');

    $username = isset($_SESSION['username']) ? $_SESSION['username'] : ''

    $edit = (isset($_POST['edit']));
    $passchange = (isset($_POST['passchange']));

    if (!empty(
    $username))

        
    //if user is logged in 

        
    $sql mysql_query("SELECT * FROM `users` WHERE `username`='$username'"); 
        
    $row mysql_fetch_assoc($sql); 

        
    $dbfname $row['fname']; 
        
    $dblname $row['lname']; 
        
    $dbemail $row['email']; 
        
    $dbpassword $row['password'];
        
    $password md5($_POST['password']); 
        
        
    $error "";
        
        if (
    $edit)
        {
        
            
    $fnamenew mysql_real_escape_string(strtolower(strip_tags($_POST['fname']))); 
            
    $lnamenew mysql_real_escape_string(strtolower(strip_tags($_POST['lname']))); 
            
    $emailnew mysql_real_escape_string(strip_tags($_POST['email'])); 
            
            
    $update "UPDATE `users` SET `fname`='$fnamenew', `lname`='$lnamenew', `email`='$emailnew' WHERE `username`='$username'";
            
    mysql_query($update);
            
        
        
    //////////// Email Validation ////////////
        
    function validEmail($email)
        {
           
    $isValid true;
           
    $atIndex strrpos($email"@");
           if (
    is_bool($atIndex) && !$atIndex)
           {
              
    $isValid false;
           }
           else
           {
              
    $domain substr($email$atIndex+1);
              
    $local substr($email0$atIndex);
              
    $localLen strlen($local);
              
    $domainLen strlen($domain);
              if (
    $localLen || $localLen 64)
              {
                 
    // local part length exceeded
                 
    $isValid false;
              }
              else if (
    $domainLen || $domainLen 255)
              {
                 
    // domain part length exceeded
                 
    $isValid false;
              }
              else if (
    $local[0] == '.' || $local[$localLen-1] == '.')
              {
                 
    // local part starts or ends with '.'
                 
    $isValid false;
              }
              else if (
    preg_match('/\\.\\./'$local))
              {
                 
    // local part has two consecutive dots
                 
    $isValid false;
              }
              else if (!
    preg_match('/^[A-Za-z0-9\\-\\.]+$/'$domain))
              {
                 
    // character not valid in domain part
                 
    $isValid false;
              }
              else if (
    preg_match('/\\.\\./'$domain))
              {
                 
    // domain part has two consecutive dots
                 
    $isValid false;
              }
              else if
            (!
    preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                             
    str_replace("\\\\","",$local)))
              {
                 
    // character not valid in local part unless 
                 // local part is quoted
                 
    if (!preg_match('/^"(\\\\"|[^"])+"$/',
                     
    str_replace("\\\\","",$local)))
                 {
                    
    $isValid false;
                 }
              }
              if (
    $isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
              {
                 
    // domain not found in DNS
                 
    $isValid false;
              }
           }
           return 
    $isValid;
        }
        
    //////////// End Email Validation /////////
        
        
        
        
    $dbfname $fnamenew
        
    $dblname $lnamenew
        
    $dbemail $emailnew
        
        
        
    $success "Success!";
        
        }
        
        
    // Change Password
        
    if ($passchange)
        {
                if(
    $password){
                    
                    if(
    $password==$dbpassword){
                    
                        
    $passwordnew md5($_POST['passwordnew']); 
                        
    $passwordconf md5($_POST['passwordconf']);
                        
                        if (isset(
    $passwordnew) && !empty($passwordnew)){
                        
                            if (isset(
    $passwordconf) && !empty($passwordconf)){
                                
                                if (
    $passwordnew==$passwordconf){
                                    
                                
    $passupdate "UPDATE `users` SET `password`='$passwordnew' WHERE `username`='$username'";
                                
    mysql_query($passupdate);
                                
                                
    $passsuccess "Success!";
                                    
                                }
                                else{
                                    
    $error "Your passwords do not match!";
                                }
                            
                            }
                            else{
                                
    $error "Please type in your Confirmed Password!";
                            }
                         
                        }
                        else{
                            
    $error "Please type in your New Password!";
                        }
                    
                    }
                    else{
                        
    $error "Invalid Password";
                    }
            
            
            
                }
                else{
                    
    $error "Please type in your Password!";
                }
        
        
        
        }
        
    }

    ?>

    <html> 
    <head> 
    <title>Profile</title> 


    <script type="text/javascript" language="javascript">
    function inputLimiter(e,allow) {
    var AllowableCharacters = '';

    if (allow == 'UserNameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';}
    if (allow == 'UsernameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890';}

    var k;

    k=document.all?parseInt(e.keyCode): parseInt(e.which);

    if (k!=13 && k!=8 && k!=0){

    if ((e.ctrlKey==false) && (e.altKey==false)) {

    return (AllowableCharacters.indexOf(String.fromCharCode(k))!=-1);

    } else {

    return true;

    }

    } else {

    return true;

    }

    }

    </script>
    <style>
    #container{
        width: 275px;
        margin-left: auto;
        margin-right: auto;
    }
    #profile{
        width: 222px;
        text-align: right;
        margin-left: auto;
        margin-right: auto;
        
    }
    #changepassword{
        width: 268px;
        text-align: right;
        margin-left: auto;
        margin-right: auto;
        
    }
    #centerpro{
        width: 60px;
        margin-left: auto;
        margin-right: auto;
    }
    #centerpas{
        width: 120px;
        margin-left: auto;
        margin-right: auto;
    }
    #center{
        width: 150px;
        margin-left: auto;
        margin-right: auto;
        text-align: center;
    }
    </style>
    </head> 
    <body> 
    <div id="container">
    <div id="profile">
        <h3 align="center">Profile</h3>
    <form action="newprofile.php" method="POST"> 
        Username: <input type="text" value="<?php echo ucfirst($username); ?>" readonly="readonly"><br /> 
        First Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="fname" value="<?php echo ucfirst($dbfname); ?>"><br /> 
        Last Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="lname" value="<?php echo ucfirst($dblname); ?>"><br /> 
        Email: <input type="text" maxlength="64" name="email" value="<?php echo ucfirst($dbemail); ?>"><br />
        <div id="centerpro"><input type="submit" name="edit" value="Submit"></div>
        <div id="center"><?php echo $success?></div>
    </div>    
        <br />
        <br />
    <div id="changepassword">
        <h3 align="center">Change Password</h3>
        Password: <input type="password" maxlength="32" name="password"><br /><br /> 
        New Password: <input type="password" maxlength="32" name="passwordnew"><br /> 
        Confirm Password: <input type="password" maxlength="32" name="passwordconf"><br /> 
        <div id="centerpas"><input type="submit" name="passchange" value="Change Password"></div>
        <div id="center"><?php echo $passsuccess$error?></div>
    </form> 
    </div>
    </div>
    </body> 
    </html>

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,502
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    In this part, enter the red code to see why they are not the same ...
    Let us know what the two variables are ... you might see what the problem is ...


    // Change Password
    if ($passchange)
    {
    if($password){

    echo "password: $password<br>";
    echo "dbpassword: $dbpassword";
    exit;

    if($password==$dbpassword){

    $passwordnew = md5($_POST['passwordnew']);
    $passwordconf = md5($_POST['passwordconf']);


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •