Take a look at this ugly code.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Smudly
Forum Commoner
Posts: 71
Joined: Wed Jun 09, 2010 10:09 pm

Take a look at this ugly code.

Post by Smudly »

Currently I'm having troubles getting my Password validation to work properly for my profile page. The user is supposed to be able to change their password after typing in their password. It's currently giving me the error "Invalid Password" no matter what I type. Here is the code. Any help appreciated. (I'm not getting any sql errors)

Code: Select all

<?php
session_start();
include('inc/connect.php');

$username = isset($_SESSION['username']) ? $_SESSION['username'] : ''; 

$edit = (isset($_POST['edit']));
$passchange = (isset($_POST['passchange']));

if (!empty($username))
{ 
	//if user is logged in 

    $sql = mysql_query("SELECT * FROM `users` WHERE `username`='$username'"); 
    $row = mysql_fetch_assoc($sql); 

    $dbfname = $row['fname']; 
    $dblname = $row['lname']; 
    $dbemail = $row['email']; 
    $dbpassword = $row['password'];
	$password = md5($_POST['password']); 
	
	$error = "";
	
	if ($edit)
	{
	
		$fnamenew = mysql_real_escape_string(strtolower(strip_tags($_POST['fname']))); 
        $lnamenew = mysql_real_escape_string(strtolower(strip_tags($_POST['lname']))); 
        $emailnew = mysql_real_escape_string(strip_tags($_POST['email'])); 
		
		$update = "UPDATE `users` SET `fname`='$fnamenew', `lname`='$lnamenew', `email`='$emailnew' WHERE `username`='$username'";
		mysql_query($update);
		
	
	//////////// Email Validation ////////////
	function validEmail($email)
	{
	   $isValid = true;
	   $atIndex = strrpos($email, "@");
	   if (is_bool($atIndex) && !$atIndex)
	   {
		  $isValid = false;
	   }
	   else
	   {
		  $domain = substr($email, $atIndex+1);
		  $local = substr($email, 0, $atIndex);
		  $localLen = strlen($local);
		  $domainLen = strlen($domain);
		  if ($localLen < 1 || $localLen > 64)
		  {
			 // local part length exceeded
			 $isValid = false;
		  }
		  else if ($domainLen < 1 || $domainLen > 255)
		  {
			 // domain part length exceeded
			 $isValid = false;
		  }
		  else if ($local[0] == '.' || $local[$localLen-1] == '.')
		  {
			 // local part starts or ends with '.'
			 $isValid = false;
		  }
		  else if (preg_match('/\\.\\./', $local))
		  {
			 // local part has two consecutive dots
			 $isValid = false;
		  }
		  else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
		  {
			 // character not valid in domain part
			 $isValid = false;
		  }
		  else if (preg_match('/\\.\\./', $domain))
		  {
			 // domain part has two consecutive dots
			 $isValid = false;
		  }
		  else if
		(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
						 str_replace("\\\\","",$local)))
		  {
			 // character not valid in local part unless 
			 // local part is quoted
			 if (!preg_match('/^"(\\\\"|[^"])+"$/',
				 str_replace("\\\\","",$local)))
			 {
				$isValid = false;
			 }
		  }
		  if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
		  {
			 // domain not found in DNS
			 $isValid = false;
		  }
	   }
	   return $isValid;
	}
	//////////// End Email Validation /////////
	
	
	
	$dbfname = $fnamenew; 
    $dblname = $lnamenew; 
    $dbemail = $emailnew; 
	
	
	$success = "Success!";
	
	}
	
	// Change Password
	if ($passchange)
	{
			if($password){
				
				if($password==$dbpassword){
				
					$passwordnew = md5($_POST['passwordnew']); 
					$passwordconf = md5($_POST['passwordconf']);
					
					if (isset($passwordnew) && !empty($passwordnew)){
					
						if (isset($passwordconf) && !empty($passwordconf)){
							
							if ($passwordnew==$passwordconf){
								
							$passupdate = "UPDATE `users` SET `password`='$passwordnew' WHERE `username`='$username'";
							mysql_query($passupdate);
							
							$passsuccess = "Success!";
								
							}
							else{
								$error = "Your passwords do not match!";
							}
						
						}
						else{
							$error = "Please type in your Confirmed Password!";
						}
					 
					}
					else{
						$error = "Please type in your New Password!";
					}
				
				}
				else{
					$error = "Invalid Password";
				}
		
		
		
			}
			else{
				$error = "Please type in your Password!";
			}
	
	
	
	}
	
}

?>

<html> 
<head> 
<title>Profile</title> 


<script type="text/javascript" language="javascript">
function inputLimiter(e,allow) {
var AllowableCharacters = '';

if (allow == 'UserNameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';}
if (allow == 'UsernameChar'){AllowableCharacters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890';}

var k;

k=document.all?parseInt(e.keyCode): parseInt(e.which);

if (k!=13 && k!=8 && k!=0){

if ((e.ctrlKey==false) && (e.altKey==false)) {

return (AllowableCharacters.indexOf(String.fromCharCode(k))!=-1);

} else {

return true;

}

} else {

return true;

}

}

</script>
<style>
#container{
	width: 275px;
	margin-left: auto;
	margin-right: auto;
}
#profile{
	width: 222px;
	text-align: right;
	margin-left: auto;
	margin-right: auto;
	
}
#changepassword{
	width: 268px;
	text-align: right;
	margin-left: auto;
	margin-right: auto;
	
}
#centerpro{
	width: 60px;
	margin-left: auto;
	margin-right: auto;
}
#centerpas{
	width: 120px;
	margin-left: auto;
	margin-right: auto;
}
#center{
	width: 150px;
	margin-left: auto;
	margin-right: auto;
	text-align: center;
}
</style>
</head> 
<body> 
<div id="container">
<div id="profile">
	<h3 align="center">Profile</h3>
<form action="newprofile.php" method="POST"> 
    Username: <input type="text" value="<?php echo ucfirst($username); ?>" readonly="readonly"><br /> 
    First Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="fname" value="<?php echo ucfirst($dbfname); ?>"><br /> 
    Last Name: <input type="text" maxlength="25" id="UserNameChar" onkeypress="return inputLimiter(event,'UserNameChar')" name="lname" value="<?php echo ucfirst($dblname); ?>"><br /> 
    Email: <input type="text" maxlength="64" name="email" value="<?php echo ucfirst($dbemail); ?>"><br />
	<div id="centerpro"><input type="submit" name="edit" value="Submit"></div>
	<div id="center"><?php echo $success; ?></div>
</div>	
	<br />
	<br />
<div id="changepassword">
	<h3 align="center">Change Password</h3>
    Password: <input type="password" maxlength="32" name="password"><br /><br /> 
    New Password: <input type="password" maxlength="32" name="passwordnew"><br /> 
    Confirm Password: <input type="password" maxlength="32" name="passwordconf"><br /> 
	<div id="centerpas"><input type="submit" name="passchange" value="Change Password"></div>
	<div id="center"><?php echo $passsuccess, $error; ?></div>
</form> 
</div>
</div>
</body> 
</html>
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Take a look at this ugly code.

Post by Benjamin »

If your indentation is correct, it means that $password==$dbpassword is evaluating to false. So, that would be my starting point.
eruna
Forum Newbie
Posts: 17
Joined: Mon Jun 28, 2010 2:02 pm

Re: Take a look at this ugly code.

Post by eruna »

Have you tried echoing the query to make sure the variables have the variables you think they have?
Post Reply