I have problem with update my password from MD5 I don't get any errors but they didn't update !
here's my code .. I saw the questions about MD5 in Stackoverflow. and adding more row but unfortunately I can't update my passwords. there's a lot problems I know but I can't find them
<?php
$_SESSION["sess_user"] = "24";
include "config.php";
mysql_select_db("user_registration",$con);
if(isset($_POST['submit']))
{
$cur_password=$_POST['currentPassword'];
if(count($_POST)>0) {
$result = mysql_query("SELECT * FROM users WHERE id ='" . $_SESSION["sess_user"] . "' AND passwords = '".MD5($cur_password)."'");
$row=mysql_fetch_array($result);
if($row['passwords'] == MD5($cur_password)) {
mysql_query("UPDATE users SET passwords ='" . md5($_POST["newPassword"]) . "' WHERE id ='" . $_SESSION["sess_user"] . "'");
$message = "Password Changed";
} else $message = "Current Password is not correct";
}
}
?>
<html>
<head>
<title>Change Password</title>
<link rel="stylesheet" type="text/css" href="styles.css" />
<script>
function validatePassword() {
var currentPassword,newPassword,confirmPassword,output = true;
currentPassword = document.frmChange.currentPassword;
newPassword = document.frmChange.newPassword;
confirmPassword = document.frmChange.confirmPassword;
if(!currentPassword.value) {
currentPassword.focus();
document.getElementById("currentPassword").innerHTML = "required";
output = false;
}
else if(!newPassword.value) {
newPassword.focus();
document.getElementById("newPassword").innerHTML = "required";
output = false;
}
else if(!confirmPassword.value) {
confirmPassword.focus();
document.getElementById("confirmPassword").innerHTML = "required";
output = false;
}
if(newPassword.value != confirmPassword.value) {
newPassword.value="";
confirmPassword.value="";
newPassword.focus();
document.getElementById("confirmPassword").innerHTML = "not same";
output = false;
}
return output;
}
</script>
</head>
<body>
<form name="frmChange" method="post" action="" onSubmit="return validatePassword()">
<div style="width:500px;">
<div class="message"><?php if(isset($message)) { echo $message; } ?></div>
<table border="0" cellpadding="10" cellspacing="0" width="500" align="center" class="tblSaveForm">
<tr class="tableheader">
<td colspan="2">Change Password</td>
</tr>
<tr>
<td width="40%"><label>Current Password</label></td>
<td width="60%"><input type="password" name="currentPassword" class="txtField"/><span id="currentPassword" class="required"></span></td>
</tr>
<tr>
<td><label>New Password</label></td>
<td><input type="password" name="newPassword" class="txtField"/><span id="newPassword" class="required"></span></td>
</tr>
<td><label>Confirm Password</label></td>
<td><input type="password" name="confirmPassword" class="txtField"/><span id="confirmPassword" class="required"></span></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
</tr>
</table>
</div>
</form>
</body></html>
Related
i have this code
first file is a form that gets data and perform some basic email validation
second file gets all data and performs php validation and returns error messages that are stored in an array if the user inputs something wrong.
my question is that how can i display the contents of the form if there is no errors and the error array is empty.
<?php
$error = $_GET['message'];
?>
<html>
<head>
<title>Form Validation</title>
<script type="text/javascript">
function validateEmail()
{
var email = document.getElementById('email').value;
var reEmail = document.getElementById('reEmail').value;
atpos = email.indexOf("#");
dotpos = email.lastIndexOf(".");
if (atpos < 1 || ( dotpos - atpos < 2 ))
{
alert("Please enter correct email")
document.getElementById('email').focus() ;
return false;
}
if (email === reEmail){
return true;
}
alert("emails don't match!");
return false;
}
</script>
</head>
<body>
<div>
<?php
if ($error == ""){
}
else{
foreach ($error as $key => $value) {
echo "<h1>". $value . "</h1>";
}
}
?>
</div>
<form action="registerExec.php" method="post" name="myForm" onsubmit="return(validateEmail());">
<table cellspacing="2" cellpadding="2" border="1">
<tr>
<td align="right">Name</td>
<td><input type="text" name="name" /></td>
</tr>
<tr>
<td align="right">Email</td>
<td><input type="text" name="email" id="email" /></td>
</tr>
<tr>
<td align="right">Retype Email</td>
<td><input type="text" name="reEmail" id="reEmail" /></td>
</tr>
<tr>
<td align="right">Zip Code</td>
<td><input type="text" name="zip" /></td>
</tr>
<tr>
<td align="right">Country</td>
<td>
<select name="country">
<option value="-1" selected>[choose yours]</option>
<option value="1">USA</option>
<option value="2">UK</option>
<option value="3">INDIA</option>
</select>
</td>
</tr>
<tr>
<td align="right"></td>
<td><input type="submit" value="Submit" /></td>
</tr>
</table>
</form>
</body>
</html>
second file:
<?php
$email = $_POST['email'];
$zip = $_POST['zip'];
$name = $_POST['name'];
$message = array(" ");
$goodjob = 'goodjob';
if ($email == "" || $zip == "" || $name ==""){
array_push($message, "Email, Zip, Name should not be empty!");
// chedk if any of these fields is empty
}
if ($name != ""){
if (is_numeric($name)) {
array_push($message, "don't include numberss in name");
}
}
if (is_numeric ($zip) ){
} else {
array_push($message, "zip is not a number!");
}
if (strlen($zip) != 5){
array_push($message, "Wrong Zip!");
}
$finalmessage = http_build_query(array('message' => $message));
header("Location: http://localhost/register/classexercise.php?".$finalmessage);
?>
Here, try this, let me know if you are expecting something else.
<?php
$error = $_GET['message'];
?>
<html>
<head>
<title>Form Validation</title>
<script type="text/javascript">
function validateEmail(){
var email = document.getElementById('email').value;
var reEmail = document.getElementById('reEmail').value;
atpos = email.indexOf("#");
dotpos = email.lastIndexOf(".");
if (atpos < 1 || ( dotpos - atpos < 2 ))
{
alert("Please enter correct email")
document.getElementById('email').focus() ;
return false;
}
if (email === reEmail){
return true;
}
alert("emails don't match!");
return false;
}
</script>
</head>
<body>
<div>
<?php
if ($error == ""){
}
else{
foreach ($error as $key => $value) {
echo "<h1>". $value . "</h1>";
}
}
?>
</div>
<form action="registerExec.php" method="post" name="myForm" onsubmit="return(validateEmail());">
<table cellspacing="2" cellpadding="2" border="1">
<tr>
<td align="right">Name</td>
<td><input type="text" name="name" /></td>
</tr>
<tr>
<td align="right">Email</td>
<td><input type="text" name="email" id="email" /></td>
</tr>
<tr>
<td align="right">Retype Email</td>
<td><input type="text" name="reEmail" id="reEmail" /></td>
</tr>
<tr>
<td align="right">Zip Code</td>
<td><input type="text" name="zip" /></td>
</tr>
<tr>
<td align="right">Country</td>
<td>
<select name="country">
<option value="-1" selected>[choose yours]</option>
<option value="1">USA</option>
<option value="2">UK</option>
<option value="3">INDIA</option>
</select>
</td>
</tr>
<tr>
<td align="right"></td>
<td><input type="submit" value="Submit" /></td>
</tr>
</table>
</form>
</body>
</html>
Your PHP to display the form content -
<?php
$email = $_POST['email'];
$zip = $_POST['zip'];
$name = $_POST['name'];
$country = $_REQUEST['country'];
$message = array();
$goodjob = 'goodjob';
if ($email == "" || $zip == "" || $name ==""){
array_push($message, "Email, Zip, Name should not be empty!");
// chedk if any of these fields is empty
}
if ($name != ""){
if (is_numeric($name)) {
array_push($message, "don't include numberss in name");
}
}
if (!is_numeric ($zip)){
array_push($message, "zip is not a number!");
}
if (strlen($zip) != 5){
array_push($message, "Wrong Zip!");
}
if (empty($message)){
array_push($message, $name);
array_push($message, $email);
array_push($message, $zip);
$finalmessage = http_build_query(array('message' => $message));
header("Location: index.php?".$finalmessage);
} else {
$finalmessage = http_build_query(array('message' => $message));
header("Location: index.php?".$finalmessage);
}
?>
I'm trying to display an error message next to the username input when there is a duplicate username. It will search through the database when user start to key in a string. If there isn't any duplicate username, it will show a tick beside the username input.
Now the problem is it didnt show the image but show this message beside the input 'Champ 'test' inconnu dans where clause'
How can i fix this? Here's my code.
register.php
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Video Game Rental - Sign up</title>
<link href="css/main.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="jquery-1.2.6.min.js"></script>
<SCRIPT type="text/javascript">
pic1 = new Image(16, 16);
pic1.src = "pic/loader.gif";
$(document).ready(function(){
$("#username").change(function() {
var usr = $("#username").val();
if(usr.length >= 1)
{
$("#status").html('<img src="pic/loader.gif" align="absmiddle">');
$.ajax({
type: "POST",
url: "check.php",
data: "username="+ usr,
success: function(msg){
$("#status").ajaxComplete(function(event, request, settings){
if(msg == 'OK')
{
$("#username").removeClass('object_error'); // if necessary
$("#username").addClass("object_ok");
$(this).html(' <img src="pic/tick.gif" align="absmiddle">');
}
else
{
$("#username").removeClass('object_ok'); // if necessary
$("#username").addClass("object_error");
$(this).html(msg);
}
});
}
});
}
});
});
//-->
</SCRIPT>
</head>
<body>
<div id="whitebox">
<form action="record.php" method="post" enctype="multipart/form-data" onSubmit="return myFunction(this);">
<table>
<tr>
<th colspan="3">CREATE AN ACCOUNT</th>
</tr>
<tr>
<td width="200"><div align="right"> </div></td>
<td width="100"><input name="username" type="text" id="username" placeholder="Username" size="20"></td>
<td width="400" align="left"><div id="status"></div></td>
</tr>
<tr>
<td width="200"><div align="right"> </div></td>
<td width="100"><input name="password" type="text" id="password" placeholder="Password" size="20"></td>
<td width="400" align="left"><div id="status"></div></td>
</tr>
<tr>
<td width="200"><div align="right"> </div></td>
<td width="100"><input name="cpassword" type="text" id="cpassword" placeholder="Confirm Password" size="20"></td>
<td width="400" align="left"><div id="status"></div></td>
</tr>
<tr>
<td colspan="3"><br> Profile picture:<br>
<input type="file" name="fileToUpload" id="fileToUpload"> </td>
</tr>
</table>
<script>
function myFunction() {
var pass1 = document.getElementById("password").value;
var pass2 = document.getElementById("cpassword").value;
var ok = true;
if(pass1 != pass2)
{
document.getElementById("password").style.borderColor = "#E34234";
document.getElementById("cpassword").style.borderColor = "#E34234";
ok = false;
}
return ok;
}
function isNumberKey(evt){
var charCode = (evt.which) ? evt.which : event.keyCode
if (charCode > 31 && (charCode < 48 || charCode > 57))
return false;
return true;
}
</script>
<input name="register" type="submit" class="register" id="register" value="Register">
</form>
<form action="index.php">
<input name="back" type="submit" class="register" id="back" value="Back">
</form>
</div>
</body>
</html>
check.php
<?php
if(isSet($_POST['username']))
{
$username = $_POST['username'];
$conn = mysqli_connect("localhost", "root", "", "videorental");
$query ="SELECT * FROM userinfo WHERE username = $username";
$sql_check = mysqli_query($conn, $query) or die(mysqli_error($conn));
if(mysqli_num_rows($conn, $sql_check))
{
echo '<br><font color="red">The nickname <STRONG>'.$username.'</STRONG> is already in use.</font>';
}
else
{
echo 'OK';
}
}
?>
For me also it looks like you have a syntax error in your query:
$query ="SELECT * FROM userinfo WHERE username = $username";
I guess you are using a string type like CHAR or VARCHAR for your username column in your userinfo table. You need to qoute your strings in SQL queries:
$query ="SELECT * FROM userinfo WHERE username = '$username'";
And as Rasclatt mentioned you should bind your variables in sql because of the risk of sql injection its explained here:
http://php.net/manual/en/security.database.sql-injection.php
i suggest you to use mysqli prepared statements:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
I want go to another page if the condition allowed. But when i submit the button it just like refresh the page. it doesn't direct to another page.
I have already read another question remain same but did not change.
Here is my code :
<?php
session_start();
if(isset($_POST['login']))
{
$nik = $_POST['nik'];
$pswd = $_POST['pswd'];
if ((empty($nik)) or (empty($pswd)))
echo "Data masih ada yang kosong<br/><br/>";
else
{
include("sss_connection.php");
$connection = mysql_connect($server,$user,$pass);
$db = mysql_select_db("skripsi");
if(!$connection)
{
echo "Database belum terkoneksi<br/><br/>";}
elseif(!$db)
{
echo "Database Tidak Ada<br/><br/>";}
else
{
$sql1 = "select count(*) as cek,kd_jabatan from datakaryawan where nik='".$nik."' and password='".$pswd."'";
//$exec = mysql_query($sql1);
$ambil_data = mysql_query($sql1);
if ($data = mysql_fetch_array($ambil_data))
{
$cek = $data["cek"];
$jabatan = $data["kd_jabatan"];
}
if(($jabatan) == 0)
{
echo "Anda gagal Login, NIK / Password salah<br/><br/>";
}
else
{
header("Location: sss_header.php");
}
}
}
}?>
And here is my html code :
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post">
<div style="float:left;margin-left:35%;margin-top:5%;">
<center><strong><font size="6">Login</font></strong></center>
</br></br>
<table style="float:left;margin-left:5%;">
<tr>
<td width=84>NIK</td>
<td width=10>:</td>
<td width=30><input type="text" name="nik" size=30 onkeypress="return isNumber(event)" style="width: 217px" autofocus></td>
</tr>
<tr>
<td width=70>Password</td>
<td width=10>:</td>
<td width=30><input type="password" name="pswd" size=30 style="width: 217px"></td>
</tr>
</table><blockquote><blockquote><br/><br/>
<input type="submit" value="Login" name="login" style="float:left; margin-left:45px; margin-top:12px;">
<input type="submit" value="Daftar" name="daftar" style="float:left; margin-left:26px; margin-top:12px;">
<input type="reset" value="Clear" style="float:left; margin-left:26px; margin-top:12px;">
</form>
</div>
<div style="float:left;margin-left:35%;margin-top:5%;">
</div>
</body>
</html>
you have to specified the action attribute on your form tag, should be like this:
<form method="post" action="anotherplace.php">
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<title>Guestbook</title>
<meta charset="ISO-8859-1">
</head>
<?php
function check($user, $email, $note, $userErr, $emailErr, $noteErr){
$userErr = $emailErr = $noteErr = "";
$user = $email = $note = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["user"]))
$userErr = "Please fill out a name.";
else
$user = $_POST["user"];
if (empty($_POST["email"]))
$emailErr = "Please fill out an email.";
else
$email = $_POST["email"];
if (empty($_POST["note"]))
$noteErr = "Please give us your comments.";
else
$note= $_POST["note"];
}
if ($userErr=="" or $emailErr=="" or $noteErr=="")
display($user, $email, $note, $userErr, $emailErr, $noteErr);
else
displayResult($user, $email, $note);
}
function display($user, $email, $note, $userErr, $emailErr, $noteErr){
print<<<TABLE_BLOCK
<h2>Please Sign Our Guestbook</h2>
<form method="post" action="mock.php">
<table>
<tr>
<td>Name:</td><td><input type="text" size="34" name="user" value="" /><span class="error"><br> $userErr</span></td>
</tr>
<tr>
<td>Email: </td><td><input type="text" size="34" name="email" value="" /><span class="error"><br> $emailErr</span></td>
</tr>
<tr>
<td valign="top">Comments: </td><td><textarea rows="5" cols="25" name="note"></textarea><span class="error"><br> $noteErr</span></td>
</tr>
<tr>
<td></td><td></td>
</tr>
<tr>
<td></td><td align="right"><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
TABLE_BLOCK;
}
function displayResult($user, $email, $note){
print<<<TABLE_BLOCK
<h2>Your Input:</h2>
<table>
<tr>
<td>Name:</td><td>$user</td>
</tr>
<tr>
<td>Email: </td><td>$email</td>
</tr>
<tr>
<td valgin="top">Comments: </td><td>$note</td>
</tr>
</table>
TABLE_BLOCK;
}
if(isset($_REQUEST['submit']))
check($user, $email, $note, $userErr, $emailErr, $noteErr);
else
display($user, $email, $note, $userErr, $emailErr, $noteErr);
?>
</body>
</html>
I already know the error resides in my functions and or the logic I have to execute them. But I'm really unsure where exactly to go from here. Everything worked very well before I implemented the functions. Granted, I am a novice to this. When the submit button is pressed no data is sent to the displayResult() page and my error messages don't pop up whenever the form is submitted completely blank. Here's my current page: http://awsymposium.com/mock.php and the end product should look and operate similar to this: http://professorgustin.com/dpr206/guestbook/guestbookonescript.php
I have updated a little bit your code. I also strongly recomand that you also use a javascript validation for your fields.
Here is the code:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<title>Guestbook</title>
<meta charset="ISO-8859-1">
</head>
<?php
function check($user, $email, $note){
$userErr = $emailErr = $noteErr = "";
if ($user=="")
$userErr = "Please fill out a name.";
else if ($email=="")
$emailErr = "Please fill out an email.";
else if ($note=="")
$noteErr = "Please give us your comments.";
if (($userErr !="") || ($emailErr !="") || ($noteErr !=""))
display($user, $email, $note, $userErr, $emailErr, $noteErr);
if(($userErr =="") && ($emailErr =="") && ($noteErr ==""))
displayResult($user, $email, $note);
}
function display($user=null, $email=null, $note=null, $userErr=null, $emailErr=null, $noteErr=null){
print<<<TABLE_BLOCK
<h2>Please Sign Our Guestbook</h2>
<form method="POST" action="test321.php">
<table>
<tr>
<td>Name:</td><td><input type="text" size="34" name="user" value="$user" /><span class="error"><br> $userErr</span></td>
</tr>
<tr>
<td>Email: </td><td><input type="text" size="34" name="email" value="$email" /><span class="error"><br> $emailErr</span></td>
</tr>
<tr>
<td valign="top">Comments: </td><td><textarea rows="5" cols="25" name="note">$note</textarea><span class="error"><br> $noteErr</span></td>
</tr>
<tr>
<td></td><td></td>
</tr>
<tr>
<td></td><td align="right"><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
TABLE_BLOCK;
}
function displayResult($user, $email, $note){
print<<<TABLE_BLOCK
<h2>Your Input:</h2>
<table>
<tr>
<td>Name:</td><td>$user</td>
</tr>
<tr>
<td>Email: </td><td>$email</td>
</tr>
<tr>
<td valgin="top">Comments: </td><td>$note</td>
</tr>
</table>
TABLE_BLOCK;
}
if(isset($_REQUEST['submit']))
check($_POST['user'], $_POST['email'], $_POST['note']);
else
display();
?>
</body>
</html>
The following code worked perfectly before I put them into functions but I cannot figure out how to get this form to work correctly using the functions I created. I know I need to pass variables and create some proper main logic but I really don't know where to go from here. The end product should look something like this form: guestbookonescript
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<title>Guestbook</title>
<meta charset="ISO-8859-1">
</head>
<?php
function check(){
$userErr = $emailErr = $noteErr = "";
$user = $email = $note = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["user"]))
$userErr = "Please fill out a name.";
else
$user = $_POST["user"];
if (empty($_POST["email"]))
$emailErr = "Please fill out an email.";
else
$email = $_POST["email"];
if (empty($_POST["note"]))
$noteErr = "Please give us your comments.";
else
$note= $_POST["note"];
}
}
function display(){
print<<<TABLE_BLOCK
<h2>Please Sign Our Guestbook</h2>
<form method="post" action="mock.php">
<table>
<tr>
<td>Name:</td><td><input type="text" size="34" name="user" value="" /><span class="error"><br> $userErr</span></td>
</tr>
<tr>
<td>Email: </td><td><input type="text" size="34" name="email" value="" /><span class="error"><br> $emailErr</span></td>
</tr>
<tr>
<td valign="top">Comments: </td><td><textarea rows="5" cols="25" name="note"> </textarea><span class="error"><br> $noteErr</span></td>
</tr>
<tr>
<td></td><td></td>
</tr>
<tr>
<td></td><td align="right"><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
TABLE_BLOCK;
}
function result(){
print<<<TABLE_BLOCK
<h2>Your Input:</h2>
<table>
<tr>
<td>Name:</td><td>$user</td>
</tr>
<tr>
<td>Email: </td><td>$email</td>
</tr>
<tr>
<td valgin="top">Comments: </td><td>$note</td>
</tr>
</table>
TABLE_BLOCK;
}
if(isset($_REQUEST['submit']))
check();
else
display();
result();
?>
</body>
What Alon is trying to say is that all of your variables are caught in the local scope, to avoid this, you need tell the offending variables that they belong in the global scope. Technically, you don't need to initialize them first, but it's good practice.
Note, you need to ensure that your variables are in the global scope in each function you're using them in.
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<title>Guestbook</title>
<meta charset="ISO-8859-1">
</head>
<?php
$userErr = $emailErr = $noteErr = "";
$user = $email = $note = "";
function check(){
global $user, $email, $note;
global $userErr, $emailErr, $noteErr;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["user"]))
$userErr = "Please fill out a name.";
else
$user = $_POST["user"];
if (empty($_POST["email"]))
$emailErr = "Please fill out an email.";
else
$email = $_POST["email"];
if (empty($_POST["note"]))
$noteErr = "Please give us your comments.";
else
$note = $_POST["note"];
}
}
function display(){
global $userErr, $emailErr, $noteErr;
print<<<TABLE_BLOCK
<h2>Please Sign Our Guestbook</h2>
<form method="post" action="/">
<table>
<tr>
<td>Name:</td><td><input type="text" size="34" name="user" value="" /><span class="error"><br> $userErr</span></td>
</tr>
<tr>
<td>Email: </td><td><input type="text" size="34" name="email" value="" /><span class="error"><br> $emailErr</span></td>
</tr>
<tr>
<td valign="top">Comments: </td><td><textarea rows="5" cols="25" name="note"> </textarea><span class="error"><br> $noteErr</span></td>
</tr>
<tr>
<td></td><td></td>
</tr>
<tr>
<td></td><td align="right"><input type="submit" name="submit" value="submit" /></td>
</tr>
</table>
</form>
TABLE_BLOCK;
}
function result(){
global $user, $email, $note;
print<<<TABLE_BLOCK
<h2>Your Input:</h2>
<table>
<tr>
<td>Name:</td><td>$user</td>
</tr>
<tr>
<td>Email: </td><td>$email</td>
</tr>
<tr>
<td valgin="top">Comments: </td><td>$note</td>
</tr>
</table>
TABLE_BLOCK;
}
if(isset($_REQUEST['submit']))
check();
display();
result();
?>
</body>
You need to define variables that was declared outside the function as global. Put this line at start of your function, after function result(){
global $user,$email,$note;
note that variables declared inside the function scope will be deleted after the function execution. you need to declare $user,$email,$note ouside check() (and just declare them as global inside check())