Page 1 of 1

Does anyone know how to do this?

Posted: Sun Jul 21, 2002 12:25 am
by Apix
My Script. My boss wants me to try and fix something on there site for them he wants the username that the person chose on signup to be changed to RHC*** the * meaning there user_id number. An auto_increment number generated by the database automatically when there information was entered. Since there are already a few members he doesnt want to have to pay someone to do it manually he wants the user to be go to a page where they enter there current username and password and their username is changed to the generic RHC***. So far i have maganed to make a script so the username is changed to the generic username (RHC***) but i cant get the script to display the new username.
the code im using to present is.
unfortunately i cant figure out how to make the script identify them once the username is changed.
Any help is appreciated.

Code: Select all

<LINK REL="stylesheet" type="text/css" href="main.css" />

<?php
if (!isset($lookup))
&#123;
?>
<table align="center" width="60%" border="0">
<tr>
<td valign="middle">
<form action="<?=$_SERVER&#1111;'PHP_SELF']?>" method="post">
<tr>
	<td valign="top">Temporary ID</td>
	<td><input size="30" maxlength="250" type="text" name="posted_temp_id"></td>
</tr
<tr>
	<td valign="top">Database Password</td>
	<td><input size="30" maxlength="250" type="password" name="password"></td>
</tr>
<td align="center" width="60%">
<input type="submit" size="15" value="Look Up" name="lookup">
</form>
</td>
</td>
</table>
<?php
&#125; else &#123;
        // Connecting, selecting database 
        $dbconn = mysql_connect("localhost", "user", "pass") or die("Could not connect"); 
        mysql_select_db("db") or die("Could not select database"); 

        $query = "SELECT user_id FROM members WHERE temp_id ='$posted_temp_id'";
        $result_user = mysql_query($query) or die("Query failed at userid retrieval stage.");

        $num_rows = mysql_num_rows($result_user); 
        $row = mysql_fetch_array($result_user); 
        $user_id = $row&#1111;0]; 
        if ($user_id == "") &#123; 
            print "<HTML>"; 
            print "<HEAD>"; 
            print "<TITLE>"; 
            print "Incorrect Temporary ID"; 
            print "</TITLE>"; 
            print "<BODY>"; 
            print "<CENTER>"; 
            print "<B><CENTER>We're sorry but the Temporary id that you "; 
            print "entered doesn't seem to exist in our database.<BR>"; 
            print "Perhaps you entered it incorrectly. Press the back button "; 
            print "to try again."; 
        &#125; 
        else &#123; 
           $query = "SELECT password FROM members WHERE temp_id='$posted_temp_id'"; 
           $result = mysql_query($query) or die("Query failed at password retrieval stage."); 
           
           $encryptedpassword = md5($password); 

           $row = mysql_fetch_array($result); 

           $passwordfromdb = $row&#1111;0]; 

           if ($encryptedpassword == $passwordfromdb) &#123;

           $id_lookup = "SELECT user_id FROM members WHERE temp_id='$posted_temp_id'";
           $return = mysql_query($id_lookup) or die("Query Failed At True Id stage");

           $row = mysql_fetch_object($return);

	       $query = "UPDATE members SET temp_id='RHC$row->user_id' WHERE user_id='$user_id'";
           $result = mysql_query($query) or die("Query Failed at Username Retreival Stage");

           $user_row = mysql_fetch_object($result_user);

           echo "RHC $user_row->user_id";


           mysql_close($dbconn); 

            &#125; else &#123;
echo "Password Inncorect Please check your password and try again."; 
        &#125; 
      &#125;
    &#125; 
?>

Posted: Sun Jul 21, 2002 7:02 pm
by josa
I guess you mean that the row echo "RHC $user_row->user_id"; isn't working as expected. You are trying to fetch the same row twice which isn't going to work. The result from the last SELECT statement sould contain the correct id. Try changing the row to this:

Code: Select all

echo "RHC $row->user_id";
I don't know your server configuration but if magic_quotes_gpc i off you should escape the post data before inserting it in the queries. Never trust post/get data!
/josa