need help to change password and match old password inserted
Posted: Sat Apr 16, 2011 4:32 am
hi,i need help to solve my problem to change password and match old password inserted with password in database..
display error like this:Parse error: syntax error, unexpected ';' in C:\xampp\htdocs\nagels\save_editProfile.php on line 35
error at here city = "' . mysql_real_escape_string($_REQUEST['city']) . '" WHERE id ='. $id;
can anyone help to check and correct the code??and also help me to check and correct the if and else function in save_editProfile.php..i think perhaps have error in if and else function..
thanks in advance..
editProfile.php
save_editProfile.php
display error like this:Parse error: syntax error, unexpected ';' in C:\xampp\htdocs\nagels\save_editProfile.php on line 35
error at here city = "' . mysql_real_escape_string($_REQUEST['city']) . '" WHERE id ='. $id;
can anyone help to check and correct the code??and also help me to check and correct the if and else function in save_editProfile.php..i think perhaps have error in if and else function..
thanks in advance..
editProfile.php
Code: Select all
<?php
session_start();
require_once 'config.php' ;
require_once 'application.php';
$id = $_SESSION['id'];
$password = $_SESSION['password'];
$query = 'SELECT * FROM register WHERE id = "'. mysql_real_escape_string($id) . '"LIMIT 1';
$result = mysql_query($query);
if ($data = mysql_fetch_object($result))
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css">
<title>::Edit Form::</title>
<meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0;"/>
</head>
<body>
<table width="952px" border="0" cellspacing="0" cellpadding="0" valign="top" align="center">
<tr>
<td align="center"><?php include "header.php"; ?></td>
</tr>
<tr><td><img src="picture/purple_line.jpg" /></td></tr>
<tr>
<td><table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="300px" height="600px" valign="top" align="center"> <?php include "menu.php";?>
</td>
<td width="12px"> </td>
<td width="630px"background="picture/content1.png" style="background-repeat:no-repeat;" valign="top"><table width="100%" border="0">
<tr>
<td><table width="100%" border="0" align="right">
<tr>
<td width="28%"> </td>
<td width="38%"><img src="picture/icon_cart.jpg" /></td>
</tr>
</table></td>
<tr>
<td><p align="center"> <font size="+2"><strong><em><font color="#000000">Edit
Profile </font></em></strong></font></p>
</td>
</tr>
<tr><td><form name="editForm" action="save_editProfile.php" method="post" >
<input type="hidden" name="id" value="<?php echo $data->id ?>"> <input type="hidden" name="password" value="<?php echo $data->password ?>">
<div align="left">
<table>
<tr>
<td><label for="name">Name<span class="info"><font size="0.2"><font color="#ffffff">4-20 chars</font></font></span></label></td>
<td><input type="text" name="name" value="<?php echo $data->name ?>"></td>
</tr>
<tr>
<td><label for="username">Username<span class="info"><font size="0.2"><font color="#ffffff">3-10 chars</font></font></span></label></td>
<td><input type="text" name="username" value="<?php echo $data->username ?>"></td>
</tr>
<tr>
<td><label for="password">Current Password<span class="info"><font size="0.2"><font color="#ffffff">6-12 chars</font></font></span></label></td>
<td><input type="password" name="password1" value="" /></td>
</tr>
<tr>
<td><label for="password1">New Password<span class="info"><font size="0.2"><font color="#ffffff">6-12 chars</font></font></span></label></td>
<td><input type="password" name="password" value="" /></td>
</tr>
<tr>
<td><label for="password2">Retype Password<span class="info"><font size="0.2"><font color="#ffffff">6-12 chars</font></font></span></label></td>
<td><input type="password" name="password2" value="" /></td>
</tr>
<tr>
<td><label for="phone">Contact No</label></td>
<td><input type="text" name="phone" value="<?php echo $data->phone ?>"></td>
</tr>
<tr>
<td><label for="email">Email</label></td>
<td><input type="text" name="email" value="<?php echo $data->email ?>"></td>
</tr>
<tr>
<td><label for="address">Address</label></td>
<td><input type="text" name="address" value="<?php echo $data->address ?>"></td>
</tr>
<tr>
<td><label for="postcode">Postcode</label></td>
<td><input type="text" name="postcode" value="<?php echo $data->postcode ?>"></td>
</tr>
<tr>
<td><label for="city">City</label></td>
<td><input type="text" name="city" value="<?php echo $data->city ?>"></td>
</tr>
</table>
<input type="submit" name="submit" value="Edit">
</div>
</form>
</td></tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</body>
</html>
<?php } ?>
Code: Select all
<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;
$id = $_SESSION['id'];
if(trim($_POST['password']) && ($_POST['password'] == $_POST['password2']) && $_POST['password1']){
$newPassword = mysql_escape_string(md5($_POST['password']));
$retypePassword = mysql_escape_string(md5($_POST['password2']));
$oldPassword = (md5(mysql_escape_string($_POST['passowrd1'])));
$query = 'SELECT * FROM register WHERE id = "'. mysql_real_escape_string($id) . '"LIMIT 1';
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
$password= $row['password'];
$id= $row['id'];
}
if($oldPassword != $password) {
echo"<script>alert(\"Your password does not match with old password!\")</script><script>window.location='editProfile.php?id=$id'</script>";
}
elseif($newPassword != $retypePassword){
echo"<script>alert(\"Your password does not match with new password!\")</script><script>window.location='editProfile.php?id=$id'</script>";}
}
else(
$query1 = 'UPDATE register set name = "' . mysql_real_escape_string($_REQUEST['name']) . '",
username = "' . mysql_real_escape_string($_REQUEST['username']) . '",
password = md5("' . mysql_real_escape_string($_REQUEST["password"]) . '"),
phone = "' . mysql_real_escape_string($_REQUEST['phone']) . '",
email = "' . mysql_real_escape_string($_REQUEST['email']) . '" ,
address = "' . mysql_real_escape_string($_REQUEST['address']) . '",
postcode = "' . mysql_real_escape_string($_REQUEST['postcode']) . '",
city = "' . mysql_real_escape_string($_REQUEST['city']) . '" WHERE id = '.$id;
$result1 = mysql_query($query1);
echo"<script>alert(\"Updated successfully!\")</script><script>window.location='home.php?id=$id'</script>";
}
}
?>