Page 1 of 1

update username

Posted: Thu Nov 19, 2009 12:24 pm
by chris_s_22
im trying to have a way for a user to change there username. i think the problem i have is that the session data i store contains the username

here is the form that i want to allow a user to change there username.

Code: Select all

<?php
include_once 'Connect.php';
if (!is_authed()) 
{
     die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.');
}
    $thequery = ("SELECT * FROM members WHERE username = '$username' ");
    $query = mysql_query($thequery) or die ('session data dont match.');
    while ($row = mysql_fetch_assoc($query)) 
{
$username = $row["username"];
}
?>
<html><head>
<link href="style.css" rel="stylesheet" type="text/css">
<script src="scripts/ShowHint.js" type="text/javascript"></script>
</head>
 
<body>
<div class=logo><?php include "logo.php";?></div>
 
<div class=navigationbarbox><?php include "navigationbar.php";?></div>
<div class=editpriform>
<form action="user.php" method="POST" name="myform2">
<?php if (isset($username_errorone)) {?>There was an error: <?php echo $username_errorone; ?> please try again.<?php } ?>
<?php if (isset($username_errortwo)) {?>There was an error: <?php echo $username_errortwo; ?> please try again.<?php } ?>
<?php if (isset($usernameexisits_error)) {?>There was an error: <?php echo $usernameexisits_error; ?> please try again.<?php } ?>
 
 
  <fieldset>
      <table width="100%" >
  <tr>
    <td width="35%">Username:</td>
    <td width="58%"><input type="text" size="20" maxlength="20" name="username" value="<?php echo $username?>" align="" tabindex=""/></td>
    <td width="7%"><a href="#" class="hintanchor" onMouseover="showhint('Please choose a username. Should consist of alphanumeric characters only.', this, event, '150px')">[?]</a></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><input type="submit" value="Register" name="submit" align=""  tabindex=""></td>
    <td>&nbsp;</td>
  </tr>
</table>
  </fieldset>
</form>
</div>  
 
<div class=footerbox><?php include "footer.php";?></div>
</body>
</html>

Code: Select all

 
<?php
include 'Connect.php';
 
if(!isset($_POST[submit])) // checks that the data being recieved came from a POST variable named 'submit'  
{
     // if error reshow the form You cannot access this page directly.
     include 'userform.php';
     exit;
}
else
{
    //CHECKS USERNAME
    if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[username]))
    {  
        // Reshow the form with an error
        $username_errorone = "Your username must only contain letter and numbers and be at least 5 characters but no longer than 12 characters in length!<br />";
        include 'userform.php';
        exit;  
    }
        $username = $_POST['username'];
    if  ($username == $_SESSION['username']);
    {   
        // Reshow the form with an error
        $username_errortwo = "You entered the same username if you wish to change please choose something new<br />";
        include 'userform.php';
        exit;
    }
    
    $query = mysql_query("SELECT * FROM members WHERE username = '". $username ."'");
    if (mysql_num_rows($query) > 0)
    {   
    // Reshow the form with an error
    $usernameexisits_error = 'username already taken';
    include 'userform.php';
    exit;
    }
    
    $query = "insert into members (username) values ('$username')";
    $result= mysql_query ($query) or die ('Could not edit user.');
    // if suceesfully inserted data into database,  
    if($result)
    {
    header('Location: index.php');
    }
}
?>
as you can see this is where form data is sent and checks feild input.
when i test it, and use the same username it throws the error message has it should,
when i test if incorrect length and chacters if it threws up the error message as it should. now when i enter and name already in the database it reshows the form page but blank with the message 'You are not permitted to view this page'

Posted: Thu Nov 19, 2009 1:19 pm
by Jonah Bron
Your problem is on line 22.
  • It has a semicolon at the end.
  • You are using an assignment, instead of a comparison. You need ==, not =

Re: update username

Posted: Thu Nov 19, 2009 1:40 pm
by chris_s_22
ive added the extra =

though im stil gettting similar results

when testing if i try enter a name already in database it displays

You are not permitted to view this page, click here to go back.

any more advice?

Posted: Thu Nov 19, 2009 2:10 pm
by Jonah Bron
I'd say there's a problem with is_authed(). Post the code for that function here.

Re: update username

Posted: Fri Nov 20, 2009 4:36 am
by chris_s_22
i dont think its this ive been using this without any problem in the past but here it is anyways

Code: Select all

function is_authed()
{
     // Check if the encrypted username is the same
     // as the unencrypted one, if it is, it hasn't been changed
     if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
     {
          return true;
     }
     else
     {
          return false;
     }
}

Re: update session

Posted: Sun Nov 22, 2009 11:12 am
by chris_s_22
any ideas how i update my session?

when someone logs into site it creates a session

Code: Select all

 
// Now encrypt the data to be stored in the session
     $encrypted_id = md5($user['id']);
     $encrypted_name = md5($user['username']);
 
     // Store the data in the session
     $_SESSION['id'] = $id;
     $_SESSION['username'] = $username;
     $_SESSION['encrypted_id'] = $encrypted_id;
     $_SESSION['encrypted_name'] = $encrypted_name;
 
this code is what im using

Code: Select all

 
$query = "UPDATE members SET username = '$newusername' WHERE username = '$username'";
    $result= mysql_query ($query) or die ('Could not create user.');
    // if suceesfully inserted data into database, 
    if($result)
    {
    $_SESSION['username'] = $newusername;
    header('Location: home.php');
    }
 
as you can see this updates the username then redirects to home.php
this page checks if the user is_authed so i need to update session data

Re: update username

Posted: Sun Nov 22, 2009 11:18 am
by iankent
I'm sure I was reading about a problem setting session vars before using a header to set location a few days back.

See here:
http://snipplr.com/view/9186/save-sessi ... -redirect/

apparently, session_write_close() before the redirect should sort it

Re: update username

Posted: Sun Nov 22, 2009 11:31 am
by chris_s_22
the following page calls for the is_authed which checks

Code: Select all

if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
will i need to re define the whole session or just the username?

Code: Select all

 
// Now encrypt the data to be stored in the session
     $encrypted_id = md5($user['id']);
     $encrypted_name = md5($user['username']);
 
     // Store the data in the session
     $_SESSION['id'] = $id;
     $_SESSION['username'] = $username;
     $_SESSION['encrypted_id'] = $encrypted_id;
     $_SESSION['encrypted_name'] = $encrypted_name;
 

Re: update username

Posted: Sun Nov 22, 2009 11:35 am
by iankent
I think you'd just need to update username and encrypted_name. Set them in the same way you do when the user logs in (i.e. your second bit of code in the last post) then call session_write_close() before you call the header() command. That should force PHP to save the new username/encrypted_name variables in the session.

hth