What's wrong with Password code?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rocknrisk
Forum Newbie
Posts: 16
Joined: Tue Mar 14, 2006 8:09 pm

What's wrong with Password code?

Post by rocknrisk »

Hi all,

I have a problem... something I'm not seeing...

I have a IF statement that checks a form with 4 textboxes (plus others not applying to this) - 2 showing (but not editable) email address and current password... then 2 as optional input - "New Password" and "Confirm New Password". The data comes from a MySQL database...

So... Get current details:

Code: Select all

// Get Membership Details	
	$query_rstUser = '	SELECT * 
						FROM mtblusers
						WHERE txtUsername = "'.$user.'"';
						
	$rstUser = mysql_query($query_rstUser, $damsel) or die(mysql_error());
	
	while ($arrUser = mysql_fetch_array($rstUser)) {
		$idsUser		= $arrUser ['idsUser'];
		$txtEmailAddress	= $arrUser ['txtEmailAddress'];
		$txtPassword	= $arrUser ['txtPassword'];
	}
	mysql_free_result($rstUser);
... then load variables or set as NULL:

Code: Select all

// *Change of Password* Variables
	$txtACNewPassword	= isset($_REQUEST['txtNewPassword']) ?
					cleanValue($_REQUEST['txtNewPassword']) : NULL;
	$txtACConfirm		= isset($_REQUEST['txtConfirm']) ?
					cleanValue($_REQUEST['txtConfirm']) : NULL;
...and lastly process form:

Code: Select all

// Set up Form Check Variables
	$blnNewPassword 	= (isset($txtACNewPassword)) ? true : false;
	$blnConfirmed	 = ((isset($txtACConfirm)) && (strcmp($txtACNewPassword, $txtACConfirm))) ? true : false;
	
	if ($blnNewPassword && $blnConfirmed) {
	
		$query_resUpdatePassword	= '	UPDATE mtblusers
										SET txtPassword 	= "'	.$txtACNewPassword		.'"
										WHERE txtUsername 	= "'	.$user					.'"';
	// Add NEW Password Details to Database
		$resUpdatePassword = mysql_query($query_resUpdatePassword, $damsel) or die(mysql_error());
		$resUpdateCustomer = mysql_query($query_resUpdateCustomer, $damsel) or die(mysql_error());
	
		$URI = 'members.php';
		header("Location: $URI");                   // Go to members area.
		exit;
	
	} else if (!strcmp($txtACNewPassword, $txtACConfirm)) {
	// New Password Not Confirmed
		$message = 'Please confirm your new password';
		
	} else {
	// Just process rest of form
		$resUpdateCustomer = mysql_query($query_resUpdateCustomer, $damsel) or die(mysql_error());
	
		$URI = 'members.php';
		header("Location: $URI");                   // Go to members area.
		exit;
	}
I get the ELSE IF statement everytime, the 'Please confirm your new password' error message even if the input boxes are blank. I think the flow is logical. I think I've checked everything. What's wrong, please?

It should be - if the input boxes are blank, leave alone and process only rest of form. If the "New Password" box is not NULL then check "Confirm New Password" for 1. is there, and 2. is the same as "New Password". If not then show error message at top of form.

The layout is this form, a table for the user's login details, and a table for the user's other details (which references the login table so user and customer are one. The user cannot change his username or email address as the email address is verified. Just so you have the full picture.

Thank you in advance,
Clinton
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

strcmp() returns zero if they are equal.
Post Reply