here is the form that i want to allow a user to change there username.
Code: Select all
<?php
include_once 'Connect.php';
if (!is_authed())
{
die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.');
}
$thequery = ("SELECT * FROM members WHERE username = '$username' ");
$query = mysql_query($thequery) or die ('session data dont match.');
while ($row = mysql_fetch_assoc($query))
{
$username = $row["username"];
}
?>
<html><head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="scripts/ShowHint.js" type="text/javascript"></script>
</head>
<body>
<div class=logo><?php include "logo.php";?></div>
<div class=navigationbarbox><?php include "navigationbar.php";?></div>
<div class=editpriform>
<form action="user.php" method="POST" name="myform2">
<?php if (isset($username_errorone)) {?>There was an error: <?php echo $username_errorone; ?> please try again.<?php } ?>
<?php if (isset($username_errortwo)) {?>There was an error: <?php echo $username_errortwo; ?> please try again.<?php } ?>
<?php if (isset($usernameexisits_error)) {?>There was an error: <?php echo $usernameexisits_error; ?> please try again.<?php } ?>
<fieldset>
<table width="100%" >
<tr>
<td width="35%">Username:</td>
<td width="58%"><input type="text" size="20" maxlength="20" name="username" value="<?php echo $username?>" align="" tabindex=""/></td>
<td width="7%"><a href="#" class="hintanchor" onMouseover="showhint('Please choose a username. Should consist of alphanumeric characters only.', this, event, '150px')">[?]</a></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Register" name="submit" align="" tabindex=""></td>
<td> </td>
</tr>
</table>
</fieldset>
</form>
</div>
<div class=footerbox><?php include "footer.php";?></div>
</body>
</html>Code: Select all
<?php
include 'Connect.php';
if(!isset($_POST[submit])) // checks that the data being recieved came from a POST variable named 'submit'
{
// if error reshow the form You cannot access this page directly.
include 'userform.php';
exit;
}
else
{
//CHECKS USERNAME
if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[username]))
{
// Reshow the form with an error
$username_errorone = "Your username must only contain letter and numbers and be at least 5 characters but no longer than 12 characters in length!<br />";
include 'userform.php';
exit;
}
$username = $_POST['username'];
if ($username == $_SESSION['username']);
{
// Reshow the form with an error
$username_errortwo = "You entered the same username if you wish to change please choose something new<br />";
include 'userform.php';
exit;
}
$query = mysql_query("SELECT * FROM members WHERE username = '". $username ."'");
if (mysql_num_rows($query) > 0)
{
// Reshow the form with an error
$usernameexisits_error = 'username already taken';
include 'userform.php';
exit;
}
$query = "insert into members (username) values ('$username')";
$result= mysql_query ($query) or die ('Could not edit user.');
// if suceesfully inserted data into database,
if($result)
{
header('Location: index.php');
}
}
?>when i test it, and use the same username it throws the error message has it should,
when i test if incorrect length and chacters if it threws up the error message as it should. now when i enter and name already in the database it reshows the form page but blank with the message 'You are not permitted to view this page'