Page 1 of 2
updating database with password
Posted: Tue Oct 17, 2006 1:28 pm
by franknu
I want the user to update his data which is in a row on table business_info. Once he type in his password and user name which is already store in the database the user should be able to change all the data in his row. The problem is that i have an user and password in the database, it should work, i dont see why it is not working please help.
this is the message i am getting
Incorrect Password or User Name Try again
this is my code
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : "");
$Slogan = (isset($_POST['Slogan']));
$Business_Address = (isset($_POST['Business_Address']));
$Tel = (isset($_POST['Tel']));
$Website = (isset($_POST['Website']));
$Email = (isset($_POST['Email']));
$Member_Status = (isset($_POST['Member_Status']));
$Fax =(isset($_POST['Fax']));
$type = (isset($_POST['type']));
$make = (isset($_POST['make']));
$Categories = (isset($_POST['Categories']));
$Keyword = (isset($_POST['Keyword']));
$Picture1 = (isset($_POST['Picture1']));
$Headline = (isset($_POST['Headline']));
$Slogan2 = (isset($_POST['Slogan2']));
$Description1 = (isset($_POST['Description1']));
$Description2 = (isset($_POST['Description2']));
$Description3= (isset($_POST['Description3']));
$Contact2 = (isset($_POST['Contact2']));
$Picture2 = (isset($_POST['Picture2']));
$Picture3 = (isset($_POST['Picture3']));
$Picture4 = (isset($_POST['Picture4']));
$User_Name = (isset($_POST['User_Name']));
$Password = (isset($_POST['Password']));
$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password2)
{
$query = "UPDATE Business_Info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
Posted: Tue Oct 17, 2006 1:36 pm
by RobertGonzalez
First remark of mine is 'Why are you storing passwords in plain text?'. Next thing, this conditional:
Is evaluating to false. I would maybe check their values to make sure they are matching up. This is why you are getting the notice you are getting.
Posted: Tue Oct 17, 2006 1:42 pm
by franknu
what i am storing is simple data so i dont need any security.
I try using
If (Password=== Password)
i was still getting the same message i have done everything, i could..
i was also noticing do i need to create another HTML form for updates or would this automaticly go to the database itself and update from there
Posted: Tue Oct 17, 2006 1:47 pm
by RobertGonzalez
This:
Code: Select all
$Password = (isset($_POST['Password']));
... is setting $Password to either true or false, as are all the other vars that are being assigned a value of isset($_POST['fieldname']). What you need to do with this is:
Code: Select all
$Password = isset($_POST['Password']) ? $_POST['Pasword'] : '';
Posted: Tue Oct 17, 2006 2:00 pm
by Obadiah
this is the way i did it
Code: Select all
session_start();
include("functions_main.inc");
$table_name = "Customer";
$next_program = "../Log_In/yea/that_place.php";
switch (@$_POST['Button'])
{
case "Login":
$cxn = Connect_to_db("trove.inc");
$sql = "SELECT user_name FROM $table_name
WHERE user_name='$_POST[fusername]'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query 1");
$num = mysqli_num_rows($result);
if($num == 1)
{
$sql = "SELECT user_name FROM $table_name
WHERE user_name='".mysqli_real_escape_string($cxn,$_POST['fusername'])."'
AND password=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$row = mysqli_fetch_assoc($result2);
if($row)
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = mysqli_real_escape_string($cxn,$_POST['fusername']);
header("Location: $next_program?user='.$user_name");
}
else
{
$message_1="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
extract($_POST);
}
}
elseif ($num == 0) // login name not found
{
$message_1 = "The User Name you entered does not
exist! Please try again.<br>";
}
break;
in the head you can create a function that will open up a connection to the databace like so
Code: Select all
function doDB()
{
$conn = mysql_connect("localhost","Obi","thepassword") or die(mysql_error());
mysql_select_db("customerdirectory",$conn) or die(mysql_error());
return $conn;
}
i just chose to do it as a seperate file....either should work fine though
Posted: Tue Oct 17, 2006 2:14 pm
by franknu
i made changes
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : "");
$Slogan = (isset($_POST['Slogan']));
$Business_Address = (isset($_POST['Business_Address']));
$Tel = (isset($_POST['Tel']));
$Website = (isset($_POST['Website']));
$Email = (isset($_POST['Email']));
$Member_Status = (isset($_POST['Member_Status']));
$Fax =(isset($_POST['Fax']));
$type = (isset($_POST['type']));
$make = (isset($_POST['make']));
$Categories = (isset($_POST['Categories']));
$Keyword = (isset($_POST['Keyword']));
$Picture1 = (isset($_POST['Picture1']));
$Headline = (isset($_POST['Headline']));
$Slogan2 = (isset($_POST['Slogan2']));
$Description1 = (isset($_POST['Description1']));
$Description2 = (isset($_POST['Description2']));
$Description3= (isset($_POST['Description3']));
$Contact2 = (isset($_POST['Contact2']));
$Picture2 = (isset($_POST['Picture2']));
$Picture3 = (isset($_POST['Picture3']));
$Picture4 = (isset($_POST['Picture4']));
$User_Name = (isset($_POST['User_Name']));
$Password = isset($_POST['Password']) ? $_POST['Password'] : '';
$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password)
{
$query = "UPDATE Business_Info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
when i type in the password it seems to go through and then a blank page appears
anything i need to do
Posted: Tue Oct 17, 2006 2:18 pm
by RobertGonzalez
Everah wrote:This:
Code: Select all
$Password = (isset($_POST['Password']));
... is setting $Password to either true or false,
as are all the other vars that are being assigned a value of isset($_POST['fieldname']). What you need to do with this is:
Code: Select all
$Password = isset($_POST['Password']) ? $_POST['Pasword'] : '';
You need to change every variable assignment in that group of vars. Right now almost everything is being set to true or false. Even $User_Name.
Posted: Tue Oct 17, 2006 2:40 pm
by franknu
that is what i did as you can see in the new code i sent you....
Posted: Tue Oct 17, 2006 2:47 pm
by feyd
You didn't do every single one.
Posted: Tue Oct 17, 2006 3:29 pm
by RobertGonzalez
This is a snip of your code, with comments...
Code: Select all
<?php
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ""); // Sets to either empty or $_POST['BusinessName']
$Slogan = (isset($_POST['Slogan'])); // sets to true or false - probably true
$Business_Address = (isset($_POST['Business_Address'])); // sets to true or false - probably true
$Tel = (isset($_POST['Tel'])); // sets to true or false - probably true
$Website = (isset($_POST['Website'])); // sets to true or false - probably true
$Email = (isset($_POST['Email'])); // sets to true or false - probably true
$Member_Status = (isset($_POST['Member_Status'])); // sets to true or false - probably true
$Fax =(isset($_POST['Fax'])); // sets to true or false - probably true
$type = (isset($_POST['type'])); // sets to true or false - probably true
$make = (isset($_POST['make'])); // sets to true or false - probably true
$Categories = (isset($_POST['Categories'])); // sets to true or false - probably true
$Keyword = (isset($_POST['Keyword'])); // sets to true or false - probably true
$Picture1 = (isset($_POST['Picture1'])); // sets to true or false - probably true
$Headline = (isset($_POST['Headline'])); // sets to true or false - probably true
$Slogan2 = (isset($_POST['Slogan2'])); // sets to true or false - probably true
$Description1 = (isset($_POST['Description1'])); // sets to true or false - probably true
$Description2 = (isset($_POST['Description2'])); // sets to true or false - probably true
$Description3= (isset($_POST['Description3'])); // sets to true or false - probably true
$Contact2 = (isset($_POST['Contact2'])); // sets to true or false - probably true
$Picture2 = (isset($_POST['Picture2'])); // sets to true or false - probably true
$Picture3 = (isset($_POST['Picture3'])); // sets to true or false - probably true
$Picture4 = (isset($_POST['Picture4'])); // sets to true or false - probably true
$User_Name = (isset($_POST['User_Name'])); // sets to true or false - probably true
$Password = isset($_POST['Password']) ? $_POST['Password'] : ''; // sets to either empty or $_POST['Password']
?>
Posted: Tue Oct 17, 2006 6:18 pm
by franknu
new changes made
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:"");
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 = (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline = (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2'] :'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 = (isset($_POST['Picture2']) ? $_POST['Picture3']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 = (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name'])? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password'] : '');
$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password)
{
$query = "UPDATE Business_Info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
when i type in password and user
just a blank page came up please help
Posted: Tue Oct 17, 2006 6:55 pm
by feyd
is pretty much always true.
Posted: Tue Oct 17, 2006 7:23 pm
by RobertGonzalez
A blank page is a syntax error. Check for unclosed parens, brackets, braces or missing semicolons.
Posted: Tue Oct 17, 2006 8:38 pm
by franknu
i made all the necessary changes
here is the code:
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 = (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline = (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 = (isset($_POST['Picture2']) ? $_POST['Picture3']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 = (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');
$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password1)
{
$query = "UPDATE business_info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
my display is
Incorrect Password or User Name Try again
why
Posted: Tue Oct 17, 2006 8:41 pm
by John Cartwright
try changing that to
Also, at minimum when dealing with user input into queries, you should pass the variable through mysql_real_escape_string()
Code: Select all
$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '". mysql_real_escape_string($User_Name)."'");