Hi all,

Ive created a pretty simple user system its all working well users can sign up and so on. Though i wanted to add extra security to this system so when the user wants to modify their password it asks for their old password otherwise they cant sign up for a new password.

Im using two files for this the modify.php file where the user can fill in their password and old password. And the User.php containing the if statement.

I think ive done the IF statement but im not sure because the variable which will show the error message i cant seem to get working so that it displays the message on the other page.

Heres the code which powers the form(sorry for the messy coding its late and i just really want to get this finished!):

function modifyUser()
{
	$userId = (int)$_POST['hidUserId'];	
	$password = md5($_POST['txtPassword']);
	$oldpass = md5($_POST['txtOldPass']);
	$oldpassdata = mysql_query("SELECT user_password FROM tbl_user WHERE user_id = '$userId'");

	if ($oldpass==$oldpassdata)
  		$sql = "UPDATE tbl_user 
	           SET user_password = '$password'
			 	 WHERE user_id = '$userId'";
					dbQuery($sql);
			header('Location: index.php');
	else 
	    $errorpass= "Oldpassword does not match!"; 
	 
	
}

The $errorpass varible is what i want to display on the form page, so that the error is displayed on the form.

I have tried using using the echo function to display the varible but its not picking it up from the otherpage

<td class="content"> <input name="txtOldPass" type="password" class="box" id="txtOldPass" size="20" maxlength="20"><?php echo $errorpass; ?></td></tr>

I hope you can help, thanks for your time.

There are a few ways you can do this, but the simplest is probably to pass the variable via GET. To do this add the following line of code after you set $errorpas:

header("Location: User.php?errorpas=$errorpas");

Then at the top of your User.php script add the following lines:

if(isset($_GET["errorpas"]))
   $errorpas = $_GET["errorpas"];
else
   $errorpas = "";

// may need to perform some validation of what has been passed before you use it

If you google $_GET for php, you will get a better understanding of how to pass variables between php pages.

EDIT: I have assumed that you are trying to display the error message on the page User.php. If you are trying to display on Modify.php, change where I have written User.php to Modify.php.

I'm not sure if I completely understand your problem, but I'm gonna put this out there and hope it helps.

If you want to keep your form method as POST, and "Oldpassword does not match!" is the only possible value that $errorpass can have, you can just add a hidden field to your HTML form:

<input type="hidden" name="errorpass" value="Oldpassword does not match!" />

Ok thanks a lot darkagn i did see this method just got confused if it was only used for forms.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.