Member Avatar for Pavlos1316

Hi.. Note that Iam quite new at this :)

What I try to do is to give the option to members to update/change their password or email.

How do I tell when nothing is entered in password field lets say not to POST anything.

The code below checks if username and password are filled but it always POST the new password even if you don't enter anything
plus I don't get POST email.

$E_Mail=$_POST['E_Mail'];
$Username=$_POST['Username'];
$Password=md5($_POST['Password']);
$New_Password=md5($_POST['New_Password']);

if (!($Username && $Password)) {include 'update account_members.php';
echo "<center><font color=#FF0000><font size=4><font weight=bold>Username & Password are REQUIRED!</font></font></font></center>";
exit();
}

$result = mysql_query("SELECT Password FROM Register WHERE Username='$Username'");

 if(!$result){
include 'update account_members.php';
echo "<center>Invalid Username</center>";
  }
  else

  if($Password!= mysql_result($result, 0)){
include 'update account_members.php';
echo "<center>Invalid Password</center>";
  }

if ($New_Password>0)
      $sql=mysql_query("UPDATE Register SET Password='$New_Password' WHERE Username='$Username'");
	if(sql)
exit();

if ($E_Mail>0)
  $sql=mysql_query("UPDATE Register SET E_Mail='$E_Mail' WHERE Username='$Username'");
	if(sql)
    {
      echo "<p>&nbsp;</p><p>&nbsp;</p><center><p>Update Successful!</p></center>";
}

Thank you.

  • 2 Contributors
  • 5 Replies
  • 132 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by petr.pavel
Member Avatar for petr.pavel

Hi there,
the main thing is that you start with applying md5() to the password so even when the password was empty you get something (this: d41d8cd98f00b204e9800998ecf8427e). The solution is to test not $Password (that contains the md5 sum) but $_POST.

I'm not sure about what you mean by "plus I don't get POST email" but, if password change is successful you run exit(). So that could be the thing.

Member Avatar for Pavlos1316

ok

changing md5 I don't get POST when the password field is empty.

What I mean with POSTemail is that my script stops after posting password

plus now instead of update succesful I get invalid passworsd even if is right

....

Member Avatar for petr.pavel

What I mean with POSTemail is that my script stops after posting password

Yes, that's because of the exit() statement. Just remove it and the script will continue.

plus now instead of update succesful I get invalid passworsd even if is right

Maybe you removed the md5() function completely, I don't know. Can you post the whole script as an attachment?

Member Avatar for Pavlos1316

I post all my code.

I didn't put my connection string plus my authentication script cause they are tested and working just ok.

Member Avatar for petr.pavel

Either you forgot to attach the source code or you got the tenses wrong. Please re-read your posts in a preview before posting. They contain a lot of typing errors that further confuse the matter.

Did you mean you had already "postED" the source code? I wanted to see the code after you made the changes. I thought you said that it started to report invalid password after you made the change. So that's why I need to know how the code looks now.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.