Page 1 of 1

If... or... and elseif statements - not working

Posted: Mon Apr 13, 2009 6:17 am
by anivad
Trying to create a change password form, but it doesn't seem to be running the correct checks.

I'm trying to give an error message if the first-typed password and the retyped password do not match, but it still gets successfully changed to the first-typed password even if they are different.

The 'One or more required fields were left blank.' message also for some reason only appears when the old-password field is left blank, but not for any of the others.

Lastly, after a successful password change, it redirects to the correct page but doesn't send out the e-mail. I don't think there's anything wrong with the mail code, because it works fine in other pages.

Here's the relevant bit:

Code: Select all

<?
 
session_start();
 
$uname = $_SESSION['uname'];
 
include 'common.php'; 
 
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
 
    $oldpass = $_POST['password1'];
    $newpass = $_POST['password2'];
    $newpass2 = $_POST['password3'];
 
if(get_magic_quotes_gpc()) {
$uname = stripslashes($uname);
$oldpass = stripslashes($oldpass);
$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass);
} else {
$uname = $uname;
$oldpass = $oldpass;
$newpass = $newpass;
$newpass2 = $newpass2;
}
 
if ($oldpass=='' or $newpass=='' or $newpass2=='') { 
       error('One or more required fields were left blank. Please fill them in and try again.'); 
   }
 
elseif ($newpass != $newpass2) {
      error('New passwords do not match.');
}
 
else {
 
 
// connect to database
 
include 'db.php';
 
$pword = md5($oldpass);
$newpass = md5($newpass);
$newpass = mysql_real_escape_string($newpass);
 
$sql = "SELECT * FROM logintest WHERE uname='$uname' AND pword='$pword'";
$result = mysql_query($sql) or die (mysql_error());
$num_rows = mysql_num_rows($result);
 
    if ($result) {
        if ($num_rows > 0) {
                $sql = "UPDATE logintest SET pword='$newpass' WHERE uname = '$uname' AND pword='$pword'";
                $result = mysql_query($sql) or die (mysql_error());
                
                if ($result) {
 
header ("Location: passchanged.htm");
 
$message = "Hi!
 
This e-mail is to confirm that your password has been changed.
 
Your revised login details:
 
Username: $uname
Password: $newpass";
 
mail($email, "Forgotten Password", $message, 'From: admin@mysite.net');
 
}
                else {
                error('A database error occured during submission');
                }
            }
            else { 
                error('The old password you entered is incorrect');
                }
                }
        
        else {
    error('A database error occured during submission');
        }
 
            mysql_close($db_handle);
 
    }
        
}
 
 
?>

Re: If... or... and elseif statements - not working

Posted: Mon Apr 13, 2009 6:33 am
by requinix

Code: Select all

$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass);
Where do you define $email?

Re: If... or... and elseif statements - not working

Posted: Mon Apr 13, 2009 10:53 am
by n00b Saibot
also move your header function (#57) to the end of the code...

Re: If... or... and elseif statements - not working

Posted: Mon Apr 13, 2009 11:34 am
by requinix
n00b Saibot wrote:also move your header function (#57) to the end of the code...
It's fine where it is actually. The browser won't redirect until it reaches the end of the HTML page it's receiving (if any).
That is to say, calling header() won't have any effect until your PHP script ends. The only thing that matters is whether you call it before output begins or after. (The correct choice is "before", of course.)

Re: If... or... and elseif statements - not working

Posted: Tue Apr 14, 2009 1:03 am
by anivad
...Good point. I forgot to define $email. :?

How do I grab the email from the MySQL database if I have the user's username already set as $uname = $_SESSION['uname'] ? The email address is already in the database.

(Still new to PHP; just started learning a couple of days ago or so)

Also, any idea why the error messages aren't working correctly? Thanks!

Re: If... or... and elseif statements - not working

Posted: Tue Apr 14, 2009 10:04 am
by n00b Saibot
@tasairis: was meant to be something of a good programming practises... oh well :roll:

@ anivad: you need to call mysql_fetch_assoc() to get the value of email from the database...