If... or... and elseif statements - not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
anivad
Forum Commoner
Posts: 80
Joined: Thu Apr 09, 2009 11:16 pm

If... or... and elseif statements - not working

Post by anivad »

Trying to create a change password form, but it doesn't seem to be running the correct checks.

I'm trying to give an error message if the first-typed password and the retyped password do not match, but it still gets successfully changed to the first-typed password even if they are different.

The 'One or more required fields were left blank.' message also for some reason only appears when the old-password field is left blank, but not for any of the others.

Lastly, after a successful password change, it redirects to the correct page but doesn't send out the e-mail. I don't think there's anything wrong with the mail code, because it works fine in other pages.

Here's the relevant bit:

Code: Select all

<?
 
session_start();
 
$uname = $_SESSION['uname'];
 
include 'common.php'; 
 
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
 
    $oldpass = $_POST['password1'];
    $newpass = $_POST['password2'];
    $newpass2 = $_POST['password3'];
 
if(get_magic_quotes_gpc()) {
$uname = stripslashes($uname);
$oldpass = stripslashes($oldpass);
$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass);
} else {
$uname = $uname;
$oldpass = $oldpass;
$newpass = $newpass;
$newpass2 = $newpass2;
}
 
if ($oldpass=='' or $newpass=='' or $newpass2=='') { 
       error('One or more required fields were left blank. Please fill them in and try again.'); 
   }
 
elseif ($newpass != $newpass2) {
      error('New passwords do not match.');
}
 
else {
 
 
// connect to database
 
include 'db.php';
 
$pword = md5($oldpass);
$newpass = md5($newpass);
$newpass = mysql_real_escape_string($newpass);
 
$sql = "SELECT * FROM logintest WHERE uname='$uname' AND pword='$pword'";
$result = mysql_query($sql) or die (mysql_error());
$num_rows = mysql_num_rows($result);
 
    if ($result) {
        if ($num_rows > 0) {
                $sql = "UPDATE logintest SET pword='$newpass' WHERE uname = '$uname' AND pword='$pword'";
                $result = mysql_query($sql) or die (mysql_error());
                
                if ($result) {
 
header ("Location: passchanged.htm");
 
$message = "Hi!
 
This e-mail is to confirm that your password has been changed.
 
Your revised login details:
 
Username: $uname
Password: $newpass";
 
mail($email, "Forgotten Password", $message, 'From: admin@mysite.net');
 
}
                else {
                error('A database error occured during submission');
                }
            }
            else { 
                error('The old password you entered is incorrect');
                }
                }
        
        else {
    error('A database error occured during submission');
        }
 
            mysql_close($db_handle);
 
    }
        
}
 
 
?>
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: If... or... and elseif statements - not working

Post by requinix »

Code: Select all

$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass);
Where do you define $email?
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Re: If... or... and elseif statements - not working

Post by n00b Saibot »

also move your header function (#57) to the end of the code...
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: If... or... and elseif statements - not working

Post by requinix »

n00b Saibot wrote:also move your header function (#57) to the end of the code...
It's fine where it is actually. The browser won't redirect until it reaches the end of the HTML page it's receiving (if any).
That is to say, calling header() won't have any effect until your PHP script ends. The only thing that matters is whether you call it before output begins or after. (The correct choice is "before", of course.)
anivad
Forum Commoner
Posts: 80
Joined: Thu Apr 09, 2009 11:16 pm

Re: If... or... and elseif statements - not working

Post by anivad »

...Good point. I forgot to define $email. :?

How do I grab the email from the MySQL database if I have the user's username already set as $uname = $_SESSION['uname'] ? The email address is already in the database.

(Still new to PHP; just started learning a couple of days ago or so)

Also, any idea why the error messages aren't working correctly? Thanks!
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Re: If... or... and elseif statements - not working

Post by n00b Saibot »

@tasairis: was meant to be something of a good programming practises... oh well :roll:

@ anivad: you need to call mysql_fetch_assoc() to get the value of email from the database...
Post Reply