updating database with password

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

updating database with password

Post by franknu »

I want the user to update his data which is in a row on table business_info. Once he type in his password and user name which is already store in the database the user should be able to change all the data in his row. The problem is that i have an user and password in the database, it should work, i dont see why it is not working please help.

this is the message i am getting

Incorrect Password or User Name Try again


this is my code

Code: Select all

<?
         
 $host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";




 
$db = mysql_connect($host, $username, $password); 
mysql_select_db($database); 
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ""); 

 $Slogan = (isset($_POST['Slogan']));
 $Business_Address = (isset($_POST['Business_Address']));
 $Tel = (isset($_POST['Tel']));
 $Website = (isset($_POST['Website']));
 $Email = (isset($_POST['Email']));
 $Member_Status = (isset($_POST['Member_Status']));
 $Fax =(isset($_POST['Fax']));
 $type = (isset($_POST['type']));
 $make = (isset($_POST['make']));
 $Categories = (isset($_POST['Categories']));
 $Keyword = (isset($_POST['Keyword']));
 $Picture1 =  (isset($_POST['Picture1']));
 $Headline =  (isset($_POST['Headline']));
 $Slogan2 = (isset($_POST['Slogan2']));
 $Description1 = (isset($_POST['Description1']));
 $Description2 = (isset($_POST['Description2']));
 $Description3= (isset($_POST['Description3']));
 $Contact2 = (isset($_POST['Contact2']));
 $Picture2 =  (isset($_POST['Picture2']));
 $Picture3 = (isset($_POST['Picture3']));
 $Picture4 =  (isset($_POST['Picture4']));
 $User_Name = (isset($_POST['User_Name']));
 $Password = (isset($_POST['Password']));
 





$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'"); 
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];




if($Password === $Password2) 

{

$query = "UPDATE  Business_Info SET 
`BusinessName`= '$BusinessName',
 `Slogan`='$Slogan', 
 `Business_Address`='$Business_Address', 
 `Tel`='$Tel',
 `Website`='$Website', 
 `Email`='$Email',
 `Member_Status`='$Member_Status', 
`Fax`='$Fax', 
`type`='$type', 
`make`='$make', 
`Categories`='$Categories', 
`Keyword`='$Keyword', 
`Picture1`='$Picture1',
 `Headline`='$Headline', 
 `Slogan2`='$Slogan2', 
 `Description1`='$Description1', 
`Description2`='$Description2', 
`Description3`= '$Description3',
 `Contact2`='$Contact2', 
 `Picture2`='$Picture2',
 `Picture3`='$Picture3',
  `User_Name` ='User_Name',
 `Password`='$Password' WHERE `User_Name`='$User_Name'";

 $result = mysql_query($query) or die (mysql_error());


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 




?>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

First remark of mine is 'Why are you storing passwords in plain text?'. Next thing, this conditional:

Code: Select all

if ($Password === $Password2)
Is evaluating to false. I would maybe check their values to make sure they are matching up. This is why you are getting the notice you are getting.
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

Post by franknu »

what i am storing is simple data so i dont need any security.

I try using

If (Password=== Password)

i was still getting the same message i have done everything, i could..

i was also noticing do i need to create another HTML form for updates or would this automaticly go to the database itself and update from there
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

This:

Code: Select all

$Password = (isset($_POST['Password']));
... is setting $Password to either true or false, as are all the other vars that are being assigned a value of isset($_POST['fieldname']). What you need to do with this is:

Code: Select all

$Password = isset($_POST['Password']) ? $_POST['Pasword'] : '';
User avatar
Obadiah
Forum Regular
Posts: 580
Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:

Post by Obadiah »

this is the way i did it

Code: Select all

session_start();
  include("functions_main.inc");
  $table_name = "Customer";
  $next_program = "../Log_In/yea/that_place.php";
  
  switch (@$_POST['Button'])
  {
    case "Login":
      $cxn = Connect_to_db("trove.inc");
      $sql = "SELECT user_name FROM $table_name 
              WHERE user_name='$_POST[fusername]'";
      $result = mysqli_query($cxn,$sql)
                  or die("Couldn't execute query 1");
      $num = mysqli_num_rows($result);
      if($num == 1)
      {
         $sql = "SELECT user_name FROM $table_name 
              WHERE user_name='".mysqli_real_escape_string($cxn,$_POST['fusername'])."'
              AND password=md5('$_POST[fpassword]')";
         $result2 = mysqli_query($cxn,$sql)
                   or die("Couldn't execute query 2.");  
         $row = mysqli_fetch_assoc($result2);
         if($row)
         {
           $_SESSION['auth']="yes";
           $_SESSION['logname'] = mysqli_real_escape_string($cxn,$_POST['fusername']);
           header("Location: $next_program?user='.$user_name");
         }
         else
         {
           $message_1="The Login Name, '$_POST[fusername]' 
                   exists, but you have not entered the 
                   correct password! Please try again.<br>";
           extract($_POST);
           
         }
      }
      elseif ($num == 0)  // login name not found
      {
         $message_1 = "The User Name you entered does not 
                       exist! Please try again.<br>";
         
      }
    break;
in the head you can create a function that will open up a connection to the databace like so

Code: Select all

function doDB()
{
	$conn = mysql_connect("localhost","Obi","thepassword") or die(mysql_error());
	mysql_select_db("customerdirectory",$conn) or die(mysql_error());
	return $conn;
}
i just chose to do it as a seperate file....either should work fine though
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

Post by franknu »

i made changes

Code: Select all

<?
         
 $host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";




 
$db = mysql_connect($host, $username, $password); 
mysql_select_db($database); 
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ""); 

 $Slogan = (isset($_POST['Slogan']));
 $Business_Address = (isset($_POST['Business_Address']));
 $Tel = (isset($_POST['Tel']));
 $Website = (isset($_POST['Website']));
 $Email = (isset($_POST['Email']));
 $Member_Status = (isset($_POST['Member_Status']));
 $Fax =(isset($_POST['Fax']));
 $type = (isset($_POST['type']));
 $make = (isset($_POST['make']));
 $Categories = (isset($_POST['Categories']));
 $Keyword = (isset($_POST['Keyword']));
 $Picture1 =  (isset($_POST['Picture1']));
 $Headline =  (isset($_POST['Headline']));
 $Slogan2 = (isset($_POST['Slogan2']));
 $Description1 = (isset($_POST['Description1']));
 $Description2 = (isset($_POST['Description2']));
 $Description3= (isset($_POST['Description3']));
 $Contact2 = (isset($_POST['Contact2']));
 $Picture2 =  (isset($_POST['Picture2']));
 $Picture3 = (isset($_POST['Picture3']));
 $Picture4 =  (isset($_POST['Picture4']));
 $User_Name = (isset($_POST['User_Name']));

 $Password = isset($_POST['Password']) ? $_POST['Password'] : '';





$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'"); 
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];




if($Password === $Password) 

{

$query = "UPDATE  Business_Info SET 
`BusinessName`= '$BusinessName',
 `Slogan`='$Slogan', 
 `Business_Address`='$Business_Address', 
 `Tel`='$Tel',
 `Website`='$Website', 
 `Email`='$Email',
 `Member_Status`='$Member_Status', 
`Fax`='$Fax', 
`type`='$type', 
`make`='$make', 
`Categories`='$Categories', 
`Keyword`='$Keyword', 
`Picture1`='$Picture1',
 `Headline`='$Headline', 
 `Slogan2`='$Slogan2', 
 `Description1`='$Description1', 
`Description2`='$Description2', 
`Description3`= '$Description3',
 `Contact2`='$Contact2', 
 `Picture2`='$Picture2',
 `Picture3`='$Picture3',
  `User_Name` ='User_Name',
 `Password`='$Password' WHERE `User_Name`='$User_Name'";

 $result = mysql_query($query) or die (mysql_error());


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 




?>

when i type in the password it seems to go through and then a blank page appears

anything i need to do
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Everah wrote:This:

Code: Select all

$Password = (isset($_POST['Password']));
... is setting $Password to either true or false, as are all the other vars that are being assigned a value of isset($_POST['fieldname']). What you need to do with this is:

Code: Select all

$Password = isset($_POST['Password']) ? $_POST['Pasword'] : '';
You need to change every variable assignment in that group of vars. Right now almost everything is being set to true or false. Even $User_Name.
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

Post by franknu »

that is what i did as you can see in the new code i sent you....
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You didn't do every single one.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

This is a snip of your code, with comments...

Code: Select all

<?php
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ""); // Sets to either empty or $_POST['BusinessName']
$Slogan = (isset($_POST['Slogan'])); // sets to true or false - probably true
$Business_Address = (isset($_POST['Business_Address'])); // sets to true or false - probably true
$Tel = (isset($_POST['Tel'])); // sets to true or false - probably true
$Website = (isset($_POST['Website'])); // sets to true or false - probably true
$Email = (isset($_POST['Email'])); // sets to true or false - probably true
$Member_Status = (isset($_POST['Member_Status'])); // sets to true or false - probably true
$Fax =(isset($_POST['Fax'])); // sets to true or false - probably true
$type = (isset($_POST['type'])); // sets to true or false - probably true
$make = (isset($_POST['make'])); // sets to true or false - probably true
$Categories = (isset($_POST['Categories'])); // sets to true or false - probably true
$Keyword = (isset($_POST['Keyword'])); // sets to true or false - probably true
$Picture1 =  (isset($_POST['Picture1'])); // sets to true or false - probably true
$Headline =  (isset($_POST['Headline'])); // sets to true or false - probably true
$Slogan2 = (isset($_POST['Slogan2'])); // sets to true or false - probably true
$Description1 = (isset($_POST['Description1'])); // sets to true or false - probably true
$Description2 = (isset($_POST['Description2'])); // sets to true or false - probably true
$Description3= (isset($_POST['Description3'])); // sets to true or false - probably true
$Contact2 = (isset($_POST['Contact2'])); // sets to true or false - probably true
$Picture2 =  (isset($_POST['Picture2'])); // sets to true or false - probably true
$Picture3 = (isset($_POST['Picture3'])); // sets to true or false - probably true
$Picture4 =  (isset($_POST['Picture4'])); // sets to true or false - probably true
$User_Name = (isset($_POST['User_Name'])); // sets to true or false - probably true
$Password = isset($_POST['Password']) ? $_POST['Password'] : ''; // sets to either empty or $_POST['Password']
?>
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

Post by franknu »

new changes made

Code: Select all

<?
         
 $host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";




 
$db = mysql_connect($host, $username, $password); 
mysql_select_db($database); 
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ''); 
 $Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
 $Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
 $Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
 $Website = (isset($_POST['Website']) ? $_POST['Website']:"");
 $Email = (isset($_POST['Email']) ? $_POST['Email']:'');
 $Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
 $Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
 $type = (isset($_POST['type']) ? $_POST['type']:'');
 $make = (isset($_POST['make']) ? $_POST['make']:'');
 $Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
 $Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
 $Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
 $Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
 $Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
 $Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
 $Description2 = (isset($_POST['Description2']) ? $_POST['Description2'] :'');
 $Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
 $Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
 $Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture3']:'');
 $Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
 $Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
 $User_Name = (isset($_POST['User_Name'])? $_POST['User_Name']:'');
 $Password = (isset($_POST['Password']) ? $_POST['Password'] : '');





$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'"); 
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];




if($Password === $Password) 

{

$query = "UPDATE  Business_Info SET 
`BusinessName`= '$BusinessName',
 `Slogan`='$Slogan', 
 `Business_Address`='$Business_Address', 
 `Tel`='$Tel',
 `Website`='$Website', 
 `Email`='$Email',
 `Member_Status`='$Member_Status', 
`Fax`='$Fax', 
`type`='$type', 
`make`='$make', 
`Categories`='$Categories', 
`Keyword`='$Keyword', 
`Picture1`='$Picture1',
 `Headline`='$Headline', 
 `Slogan2`='$Slogan2', 
 `Description1`='$Description1', 
`Description2`='$Description2', 
`Description3`= '$Description3',
 `Contact2`='$Contact2', 
 `Picture2`='$Picture2',
 `Picture3`='$Picture3',
  `User_Name` ='User_Name',
 `Password`='$Password' WHERE `User_Name`='$User_Name'";

 $result = mysql_query($query) or die (mysql_error());


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 




?>
when i type in password and user

just a blank page came up please help
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Code: Select all

if($Password === $Password)
is pretty much always true.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

A blank page is a syntax error. Check for unclosed parens, brackets, braces or missing semicolons.
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

Post by franknu »

i made all the necessary changes

here is the code:

Code: Select all

<?
         
 $host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";




 
$db = mysql_connect($host, $username, $password); 
mysql_select_db($database); 
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ''); 
 $Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
 $Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
 $Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
 $Website = (isset($_POST['Website']) ? $_POST['Website']:'');
 $Email = (isset($_POST['Email']) ? $_POST['Email']:'');
 $Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
 $Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
 $type = (isset($_POST['type']) ? $_POST['type']:'');
 $make = (isset($_POST['make']) ? $_POST['make']:'');
 $Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
 $Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
 $Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
 $Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
 $Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
 $Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
 $Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
 $Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
 $Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
 $Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture3']:'');
 $Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
 $Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
 $User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
 $Password = (isset($_POST['Password']) ? $_POST['Password']: '');





$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '$User_Name'"); 
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];




if($Password === $Password1) 

{

$query = "UPDATE  business_info SET 
`BusinessName`= '$BusinessName',
 `Slogan`='$Slogan', 
 `Business_Address`='$Business_Address', 
 `Tel`='$Tel',
 `Website`='$Website', 
 `Email`='$Email',
 `Member_Status`='$Member_Status', 
`Fax`='$Fax', 
`type`='$type', 
`make`='$make', 
`Categories`='$Categories', 
`Keyword`='$Keyword', 
`Picture1`='$Picture1',
 `Headline`='$Headline', 
 `Slogan2`='$Slogan2', 
 `Description1`='$Description1', 
`Description2`='$Description2', 
`Description3`= '$Description3',
 `Contact2`='$Contact2', 
 `Picture2`='$Picture2',
 `Picture3`='$Picture3',
  `User_Name` ='User_Name',
 `Password`='$Password' WHERE `User_Name`='$User_Name'";

 $result = mysql_query($query) or die (mysql_error());


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 




?>
my display is

Incorrect Password or User Name Try again

why
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Code: Select all

if($Password === $Password1) 
try changing that to

Code: Select all

if($Password === $Password2) 
Also, at minimum when dealing with user input into queries, you should pass the variable through mysql_real_escape_string()

Code: Select all

$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '". mysql_real_escape_string($User_Name)."'"); 
Post Reply