Page 1 of 1

Change password and other information in php

Posted: Tue Dec 13, 2011 11:47 am
by aquilina
I having a difficulty in the part where user setting up his account.

below is my code.. Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\sources\login\ucp\account.php on line 81

Code: Select all

<div id="main">
<div class="h3">Account Settings</div>
<div class="mainbox">


<?php
if(isset($_SESSION['usernamejob'])) {
	if(!isset($_POST['modify'])){
		$query = mysql_query("SELECT * FROM `employee_user` WHERE `usernamejob`='".$_SESSION['usernamejob']."'") or die(mysql_error());
		$row = mysql_fetch_array($query);
		?>
		<center>
		<table cellspacing=1 cellpadding=5>
		<tr><td class=listtitle colspan=2><center><span class='title2'></span></center></td></tr>
		<?php
		echo "
		<form method=\"POST\">
		<tr><td class=list align=left>Current Password</td><td class=list> <input type=\"password\" name=\"current\" maxlength=\"12\"><br></td></tr>
		<tr><td class=list align=left>New Password</td><td class=list> <input type=\"password\" name=\"password\" maxlength=\"12\"><br></td></tr>
		<tr><td class=list align=left>Confirm Password</td><td class=list> <input type=\"password\" name=\"cpassword\" maxlength=\"12\"><br></td></tr>
		<tr><td class=list align=left>E-mail</td><td class=list> <input type=\"text\" name=\"email\" value=\"".$row['email']."\"><br></td></tr>
		<tr><td class=list align=left>Phone Number</td><td class=list> <input type=\"text\" name=\"phone\" value=\"".$row['phone']."\"><br></td></tr>
		<tr>
        <td class=list align=left>Current Location:</td>
        <td class=list>
          <select name=\"location\">
            <option value=\"\"></option>
            <option value=\"N/A\">N/A</option>
            <option value=\"Johor\">Johor</option>
            <option value=\"Kedah\">Kedah</option>
            <option value=\"Kelantan\">Kelantan</option>
            <option value=\"KL\">Kuala Lumpur</option>
            <option value=\"Labuan\">Labuan</option>
            <option value=\"Melaka\">Melaka</option>
            <option value=\"N9\">Negeri Sembilan</option>
            <option value=\"Pahang\">Pahang</option>
            <option value=\"Penang\">Penang</option>
            <option value=\"Perak\">Perak</option>
            <option value=\"Perlis\">Perlis</option>
            <option value=\"Putrajaya\">Putrajaya</option>
            <option value=\"Sabah\">Sabah</option>
            <option value=\"Sarawak\">Sarawak</option>
            <option value=\"Selangor\">Selangor</option>
            <option value=\"Terengganu\">Terengganu</option>
          </select>
        </td>
        <br>
</tr>
<tr>
        <td class=list align=left>Education Level:</td>
        <td class=list>
          <select name=\"education_lvl\">
            <option value=\"SPM\">SPM</option>
            <option value=\"STPM\">STPM</option>
            <option value=\"Diploma\">Diploma</option>
            <option value=\"Degree\">Degree</option>
          </select>
        </td>
        <br>
</tr>
                <tr><td class=listtitle align=left colspan=2><center><input type=\"submit\" name=\"modify\" value=\"Modify\"></form></td></tr></center>";
	} else {
		$usernamejob = mysql_query("SELECT * FROM `employee_user` WHERE `usernamejob`='".$_SESSION['usernamejob']."'") or die(mysql_error());
		$user = mysql_fetch_array($usernamejob);
		$current = mysql_real_escape_string($_POST['current']);
		$password = mysql_real_escape_string($_POST['password']);
		$cpass = mysql_real_escape_string($_POST['cpassword']);
		$email = mysql_real_escape_string($_POST['email']);
		$phone = mysql_real_escape_string($_POST['phone']);
		$location = mysql_real_escape_string($_POST['location']);
	if($current) {
			if($usernamejob['password'] == $current.$usernamejob['password'] || sha1($current) == $usernamejob['password']) {
				if($password != $cpass) {
					echo "Passwords do not match!";
				} else {
					if(strlen($password) < 6) {
						echo "Your password must be between 6 and 12 characters!";
					} elseif(strlen($password) > 12) {
						echo "Your password must be between 6 and 12 characters!";
					} else {
						$u = mysql_query("UPDATE `employee_user` SET `password`='"$password"' WHERE `usernamejob`='".$usernamejob['usernamejob']."'") or die(mysql_error());
						echo "Your changes have been saved.";
					}
				}
			} else {
				echo "Your current password is wrong!";
			}
		} elseif($email == "") {
			echo "Please supply an e-mail!";
		} else {
			$usernamejob = mysql_query("UPDATE `employee_user` SET `email`='".$email."' WHERE `usernamejob`='".$usernamejob['usernamejob']."'") or die(mysql_error());
			echo "Your changes have succesfully been saved to the database!";
		} elseif($phone == ""){
                        echo "Please enter ur new phone number";
                        } else {
                          $usernamejob = mysql_query("UPDATE `employee_user` SET `phone`='".$phone."' WHERE `usernamejob`='".$usernamejob['usernamejob']."'") or die(mysql_error());
                          }elseif($location == ""){
                            echo "Please insert new location";
                          } else {
                           $usernamejob = mysql_query("UPDATE `employee_user` SET `location`='".$location."' WHERE `usernamejob`='".$usernamejob['usernamejob']."'") or die(mysql_error());
                }
	}
	echo "</fieldset>";
} else {
	echo "You are not logged in!";
}
echo "</td></tr></table>";
?>
</div>
</div>




Re: Change password and other information in php

Posted: Tue Dec 13, 2011 12:28 pm
by Amanda1998
If it were my code, I will try to something like:

Code: Select all

/*********/
			$u = mysql_query("UPDATE employee_user SET password ='$password' WHERE usernamejob ='".$usernamejob['usernamejob']."'");
			elseif(!$u) {
			die('Unable to update data ' . mysql_error());
	    }
			echo "Your changes have been saved.";
                                        }
                                }
                        } else {
			echo "Your current password is wrong!";
                        }
/*******/

Re: Change password and other information in php

Posted: Tue Dec 13, 2011 12:31 pm
by twinedev
You left out a period to concatenate two strings:

Code: Select all

$u = mysql_query("UPDATE `employee_user` SET `password`='"$password"' WHERE `usernamejob`='".$usernamejob['usernamejob']."'") or die(mysql_error());
Should be:

Code: Select all

$u = mysql_query("UPDATE `employee_user` SET `password`='".$password."' WHERE `usernamejob`='".$usernamejob['usernamejob']."'") or die(mysql_error());                                       ^         ^

Re: Change password and other information in php

Posted: Tue Dec 13, 2011 12:56 pm
by twinedev
Additionally your mess of IF/ELSE's (and ELSEIF's) needs reworked. You have elseif's after the else's and that isn't allowed.

-Greg

Re: Change password and other information in php

Posted: Tue Dec 13, 2011 1:10 pm
by Amanda1998
HOW ABOUT TO DECLARE NEW "CLEAN" VARIBLES FROM ALLREADY INPUT VALUES ?

Code: Select all

//....
//....
                                        } elseif(strlen($password) > 12) {
                                                echo "Your password must be between 6 and 12 characters!";
                                        } else {
		function clean($str) {
				$str = @trim($str);
				if(get_magic_quotes_gpc()) {
						$str = stripslashes($str);
				}
				return mysql_real_escape_string($str);
		}
		/***/
        $NewNameForUsernamejob = clean($_POST['usernamejob']);
		/***/
			$u = mysql_query("UPDATE employee_user SET password ='$password' WHERE usernamejob ='$NewNameForUsernamejob'") or die(mysql_error());
THAT DEFINITELY WILL DO IT

Re: Change password and other information in php

Posted: Tue Dec 13, 2011 2:42 pm
by twinedev
The code was so rough, and I had time while waiting for pizza, so I wrote this for you to try: (note, some other formatting issues I would do otherwise, but just used what you had for the HTML for the most part)

Code: Select all

<?php

    function echoHSC($strText) { echo htmlspecialchars($strText,ENT_QUOTES ); }

    $aryData = array();
    $aryErr = array();
    foreach(array('current','password','cpassword','email','phone','location','education_lvl') as $key) {
        $aryData[$key] = (isset($_POST[$key]) && is_string($_POST[$key])) ? trim($_POST[$key]) : '';
    }
    
    $aryLocation = array('N/A'=>'N/A','Johor'=>'Johor','Kedah'=>'Kedah','Kelantan'=>'Kelantan',
        'KL'=>'Kuala Lumpur','Labuan'=>'Labuan','Melaka'=>'Melaka','N9'=>'Negeri Sembilan','Pahang'=>'Pahang',
        'Penang'=>'Penang','Perak'=>'Perak','Perlis'=>'Perlis','Putrajaya'=>'Putrajaya','Sabah'=>'Sabah',
        'Sarawak'=>'Sarawak','Selangor'=>'Selangor','Terengganu'=>'Terengganu');

    $aryEmployee = FALSE;
    if(isset($_SESSION['usernamejob'])) {
        $SQL = 'SELECT * FROM `employee_user` WHERE `usernamejob`="'.$_SESSION['usernamejob'].'"';
        $rsEmployee = mysql_query($SQL) or die(mysql_error());
        if ($rsEmployee && mysql_num_rows($rsEmployee)>1) {
            $aryEmployee = mysql_fetch_assoc($rsEmployee);
            mysql_free_result($tsEmployee); 
        }
        unset($rsEmployee);
    }

    if($aryEmployee) {
        if(isset($_POST['modify'])) {

            if ($aryData['current']=='') {
                $aryErr['current'] = 'You must enter current password';
            }
            elseif (sha1($aryData['current']) != $aryEmployee['passowrd']) {
                $aryErr['currnet'] = 'Current password does not mach';
            }

            if (strlen($aryData['password'])<6 || strlen($aryData['password'])>12) {
                $aryErr['password'] = 'You must enter a new password between 6 and 12 characters';
            }
            elseif ($aryData['cpassword']=='') {
                $aryErr['password'] = 'You must confirm your new password';
            }
            elseif ($aryData['password'] != $aryData['cpassword']) {
                $aryErr['password'] = 'Your new password entries do not match';
            }
            elseif ($aryData['password'] == $aryData['current']) {
                $aryErr['password'] = 'Your new password is the same as you old one.';
            }

            if (!preg_match('/^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,6}$/i',$aryData['email'])) {
                $aryErr['email'] = 'You must enter a valid email address';
            }
            elseif ($aryData['email'] != $aryEmployee['email']) {
                // They changed their e-mail check to make sure it isn't a duplicate
                $SQL = 'SELECT `email` FROM `employee_user` WHERE `email`="'.mysql_real_escape_string($aryData['email']).'"';
                $rsEmail = mysql_query($SQL) or die(mysql_error());
                if ($rsEmail && mysql_num_rows($rsEmail)>1) {
                    $aryErr['email'] = 'Email already in use';
                    mysql_free_result($rsEmail); 
                }
                unset($rsEmail);
            }

            // Add similar checking for phone and others if you require it...

            if (count($aryErr)==0) {
                // get rid of post data that is not sent to database
                unset($aryData['current'],$aryData['cpassword']);

                $SQL = 'UPDATE `employee_user` SET ';
                foreach($aryData as $key=>$val) {
                    if ($aryEmployee[$key] != $aryData[$key]) {
                        $SQL = '`'.$key.'`="'.mysql_real_escape_string($val).'",';
                    }
                } 
                $SQL = substr($SQL,0,-1) . ' WHERE WHERE `usernamejob`="'.$_SESSION['usernamejob'].'"';
                mysql_query($SQL) or die(mysql_error());
            }
        }
        else {
            // Prefill data with values from database
            foreach($aryData as $key=>$val) {
                if ($key!='password' && array_key_exists($key,$aryEmployee)) {
                    $aryData[$key] = $aryErr[$key];
                }
            }
        }
    }
?>

<div id="main">
    <div class="h3">Account Settings</div>
        <div class="mainbox">
            <center>
                <?php if (!$aryEmployee): ?>
                    <p>You are not logged in.</p>
                <?php if (isset($_POST['modify']) && count($aryErr)==0): ?>
                    <p>Your changes have been saved.</p>
                <?php else: ?>

                    <div id="frmErr">
                        <?php if (count($aryErr)>0): ?>
                            <p>We found the following error(s):</p>
                            <ul><li><?php echo implode('</li><li>',$aryErr); ?></li></ul>
                        <?php endif; ?>
                    </div>

                    <form method="post" action="">
                        <table cellspacing="1" cellpadding="5" align="center">
                            <tr>
                                <td class="listtitle" colspan="2" align="center"><span class='title2'></span></td>
                            </tr>
                            <tr>
                                <td class="list" align="left"><label for="current">Password</label></td>
                                <td class="list"> <input type="password" name="current" id="current" maxlength="12"><br>&nbsp;</td>
                            </tr>
                            <tr>
                                <td class="list" align="left"><label for="password">New Password</label></td>
                                <td class="list"> <input type="password" name="password" id="password" maxlength="12"><br>&nbsp;</td>
                            </tr>
                            <tr>
                                <td class="list" align="left"><label for="cpassword">Confirm Password</label></td>
                                <td class="list"> <input type="password" name="cpassword" id="cpassword" maxlength="12"><br>&nbsp;</td>
                            </tr>
                            <tr>
                                <td class="list" align="left"><label for="email">E-mail</label></td>
                                <td class=list> <input type="text" name="email" id="email" value="<?php echoHSC($aryData['email']; ?>"><br>&nbsp;</td>
                            </tr>
                            <tr>
                                <td class="list" align="left"><label for="phone">Phone Number</label></td>
                                <td class="list"> <input type="text" name="phone" id="phone" value="<?php echoHSC($aryData['phone']); ?>"><br>&nbsp;</td>
                            </tr>
                            <tr>
                                <td class="list" align="left"><label for="location">Current Location</label></td>
                                <td class=list>
                                    <select name="location" id="location">
                                        <option value=""></option>
                                        <?php foreach($aryLocation as $abbr=>$location): ?>
                                            <?php if ($aryData['location']==$abbr): ?>
                                                <option value="<?php echo $abbr; ?>" selected="selected"><?php echo $location; ?></option>
                                            <?php else: ?>
                                                <option value="<?php echo $abbr; ?>"><?php echo $location; ?></option>
                                            <?php endif; ?>
                                        <?php endforeach; ?>
                                    </select><br>&nbsp;
                                </td>
                            </tr>
                            <tr>
                                <td class="list" align="left"><label for="education_lvl">Education Level</label></td>
                                <td class="list">
                                    <select name="education_lvl" id="education_lvl">
                                        <option value=""></option>
                                        <?php foreach(array('SPM','STPM','Diploma','Degree') as $level): ?>
                                            <?php if ($aryData['education_lvl']==$level): ?>
                                                <option value="<?php echo $level; ?>" selected="selected"><?php echo $level; ?></option>
                                            <?php else: ?>
                                                <option value="<?php echo $level; ?>"><?php echo $level; ?></option>
                                            <?php endif; ?>
                                        <?php endforeach; ?>
                                    </select><br>&nbsp;
                                </td>
                            </tr>
                            <tr>
                                <td class="listtitle" align="left" colspan="2" align="center"><input type="submit" name="modify" value="Modify"></td>
                            </tr>
                        </table>
                    </form>

                <?php endif; ?>
            </center>
        </div>
    </div>
</div>

Re: Change password and other information in php

Posted: Wed Dec 14, 2011 1:10 am
by aquilina
I edited some code that you gave it to me.. and this is the result >>>> http://prntscr.com/4m0ie Looks like user already logged in btw,,

and below is my code

Code: Select all

<?php

     function echoHSC($strText) { echo htmlspecialchars($strText,ENT_QUOTES); }
     
     $aryData = array();
     $aryErr = array();
     foreach(array('current','password','cpassword','email','phone','location','education_lvl') as $key) {
       $aryData[$key] = (isset($_POST[$key]) && is_string($_POST[$key])) ? trim($_POST[$key]) : '';
     }

     $aryLocation = array('N/A'=>'N/A','Johor'=>'Johor','Kedah'=>'Kedah','Kelantan'=>'Kelantan','KL'=>'Kuala Lumpur','Labuan'=>'Labuan','Melaka'=>'Melaka',
                  'N9'=>'Negeri Sembilan','Pahang'=>'Pahang','Penang'=>'Penang','Perak'=>'Perak','Perlis'=>'Perlis','Putrajaya'=>'Putrajaya','Sabah'=>'Sabah',
                  'Sarawak'=>'Sarawak','Selangor'=>'Selangor','Terengganu'=>'Terengganu');
                  
     $aryEmployee = FALSE;
     if(isset($_SESSION['usernamejob'])) {
       $SQL = 'SELECT * FROM `employee_user` WHERE `usernamejob`="'.$_SESSION['usernamejob'].'"';
       $rsEmployee = mysql_query($SQL) or die(mysql_error());
       if ($rsEmployee && mysql_num_rows($rsEmployee)>1) {
         $aryEmployee = mysql_fetch_assoc($rsEmployee);
       }
       unset($rsEmployee);
     }
     if($aryEmployee) {
       if(isset($_POST['modify'])) {
         
         if ($aryData['current']=='') {
           $aryErr['current'] = 'You must enter password';
         }
         elseif (sha1($aryData['current']) != $aryEmployee['password']) {
           $aryErr['current'] = 'Current password does not match';
         }
         if (strlen($aryData['password'])<6 || strlen($aryData['password'])>12) {
           $aryErr['password'] = 'You must enter a new password between 6-12 characters';
         }
         elseif ($aryData['cpassword']=='') {
           $aryErr['password'] = 'You must confirm a new password';
         }
         elseif ($aryData['password'] != $aryData['cpassword']) {
           $aryErr['password'] = 'Your new password entries do not match';
         }
         elseif ($aryData['password'] == $aryData['current']) {
           $aryErr['password'] = 'Your new password is the same as your old password';
         }
         if (!preg_match('/^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,6}$/i',$aryData['email'])) {
           $aryErr['email'] = 'You must enter a valid email address';
         }
         elseif ($aryData['email'] != $aryEmployee['email']) {
           
           $SQL = 'SELECT `email` FROM `employee_user` WHERE `email`="'.mysql_real_escape_string($aryData['email']).'"';
           $rsEmail = mysql_query($SQL) or die(mysql_error());
           if ($rsEmail && mysql_num_rows($rsEmail)>1) {
             $aryErr['email'] = 'Email already in use';
             mysql_free_result($rsEmail);
           }
           unset($rsEmail);
         }
         
         if (count($aryErr)==0) {
           
           unset($aryData['current'],$aryData['cpassword']);
           
           $SQL = 'UPDATE `employee_user` SET ';
           foreach($aryData as $key=>$val) {
             if ($aryEmployee[$key] != $aryData[$key]) {
               $SQL = '`'.$key.'`="'.mysql_real_escape_string($val).'",';
             }
           }
           $SQL = substr($SQL,0,-1) . ' WHERE `usernamejob`="'.$SESSION['usernamejob'].'"';
           mysql_query($SQL) or die(mysql_error());
         }
       }
       else {
         
         foreach($aryData as $key=>$val) {
           if ($key!='password' && array_key_exists($key,$aryEmployee)) {
             $aryData[$key] = $aryErr[$key];
           }
         }
       }
     }
?>

<div id="main">
     <div class="h3">Account Setting</div>
          <div class="mainbox">
               <center>
                       <?php if (!$aryEmployee): ?>
                             <p>You are not logged in.</p>
                       <?php if (isset($_POST['modify']) && count($aryErr)==0); ?>
                             <p>Your changes have been saved</p>
                       <?php else: ?>
                       
                             <div id="frmErr">
                                  <?php if (count($aryErr)>0); ?>
                                        <p>We found the following error(s):</p>
                                        <ul><li><?php echo implode('</li><li>',$aryErr); ?></li></ul>
                                  <?php endif; ?>
                             </div>
                             
                             <form method="post" action="">
                                   <table cellspacing="1" cellpadding="5" aligh="center">
                                          <tr>
                                              <td class="listtitle" colspan="2" align="center"><span class="title2"></span></td>
                                          </tr>
                                          <tr>
                                              <td class="list" align="left"><label for="current">Password</label></td>
                                              <td class="list"><input type="password" name="current" id="current" maxlength="12"><br>&nbsp;</td>
                                          </tr>
                                          <tr>
                                              <td class="list" align="left"><label for="password">New Password</label></td>
                                              <td class="list"><input type="password" name="password" maxlength="12"><br>&nbsp;</td>
                                          </tr>
                                          <tr>
                                              <td class="list" align="left"><label for="cpassword">Confirm Password</label></td>
                                              <td class="list"><input type="password" name="cpassword" maxlength="12"><br>&nbsp;</td>
                                          </tr>
                                          <tr>
                                              <td class="list" align="left"><label for="email">Email</label></td>
                                              <td class="list"><input type="text" name="email" id="email" value="<?php echoHSC($aryData['email']); ?>"><br>&nbsp;</td>
                                          </tr>
                                          <tr>
                                              <td class="list" align="left"><label for="phone">Phone Number</label></td>
                                              <td class="list"><input type="text" name="phone" id="phone" value="<?php echoHSC($aryData['phone']); ?>"><br>&nbsp;</td>
                                          </tr>
                                          <tr>
                                              <td class="list" align="left"><label for="location">Current Location</label></td>
                                              <td class="list">
                                                  <select name="location" id="location">
                                                          <option value=""></option>
                                                          <?php foreach($aryLocation as $abbr=>$location): ?>
                                                                <?php if ($aryData['location']==$abbr): ?>
                                                                      <option value="<?php echo $abbr; ?>" selected="selected"><?php echo $location; ?></option>
                                                                <?php else: ?>
                                                                      <option value="<?php echo $abbr; ?>"><?php echo $location; ?></option>
                                                                <?php endif; ?>
                                                          <?php endforeach; ?>
                                                          </select><br>&nbsp;
                                                  </td>
                                                  <tr>
                                                      <td class="list" align="left"><label for="education_lvl">Education Level</label></td>
                                                      <td class="list">
                                                          <select name="education_lvl" id="education_lvl">
                                                          <?php foreach(array('SPM','STPM','Diploma','Degree') as $level): ?>
                                                                <?php if ($aryData['education_lvl']==$level): ?>
                                                                      <option value="<?php echo $level; ?>" selected="selected"><?php echo $level; ?></option>
                                                                <?php else: ?>
                                                                      <option value="<?php echo $level; ?>"><?php echo $level; ?></option>
                                                                <?php endif; ?>
                                                                <?php endforeach; ?>
                                                                </select><br>&nbsp;
                                                          </td>
                                                          </tr>
                                                          <tr>
                                                              <td class="list" align="left" colspan="2" align="center"><input type="submit" name="modify" value="Modify"></td>
                                                              </tr>
                                                          </table>
                                                          </form>
                                                  </center>
                                              </div>
                                          </div>
                                   </div>

Re: Change password and other information in php

Posted: Wed Dec 14, 2011 1:58 am
by twinedev
Noticed the following error in the code I gave:

Section with OOPSIES:

Code: Select all

                <?php if (!$aryEmployee): ?>
                    <p>You are not logged in.</p>
                <?php if (isset($_POST['modify']) && count($aryErr)==0): ?>
                    <p>Your changes have been saved.</p>
                <?php else: ?>
CORRECTION:

Code: Select all

                <?php if (!$aryEmployee): ?>
                    <p>You are not logged in.</p>
                <?php elseif (isset($_POST['modify']) && count($aryErr)==0): ?>
                    <p>Your changes have been saved.</p>
                <?php else: ?>
Was on my way to bed and noticed this, can look further in the morning.

-Greg

Re: Change password and other information in php

Posted: Wed Dec 14, 2011 2:19 am
by aquilina
yea but theres a problem with the "you are not logged in".. Actually i already logged in.. wheres the mistake btw?

Re: Change password and other information in php

Posted: Wed Dec 14, 2011 4:50 pm
by twinedev
The mistake was that it needed it be elseif instead of just an if in the block above.

If it is reporting that you are not logged in even thought you know you are, then check the content of $aryEmployee (and then double check the query at the top, which should be loading in the user account from the database. I thought I used the query as you had it.

-Greg

Re: Change password and other information in php

Posted: Thu Dec 15, 2011 11:03 am
by aquilina
my problem is solved