[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2214
  • Last Modified:

Php mysql update user table

Hi,

I have this user profile page where users can change their information such as username, password etc.

And the problem that I'm having is that I have this for checking if password field was filled in in the form:
if($pwd_ != "" || $pwd_ != null)

If there was a password written in the form the update performs all update including the password update and if the password field was empty it updates everything else except for the password.

But it now always update the password.. if it was left empty it sends an empty password to the database.

Any ideas?

-T
<?php
 
include_once("/home/tobias/domains/tobias.huone.net/include/db_connect_profile.php");
 
 
if(isset($_POST['Submit']))
{ // If receive Submit button variable.
// Select all data records in table "name_list" and put them into $result.
$result=mysql_query("select * from users order by users_id asc");
 
// Fetch record rows in $result by while loop and put them into $row.
 
while($row=mysql_fetch_assoc($result))
{
 
// Get the posted value "users_id" from form.php. This variable change its value by while loop.
 
if (isset($_POST["chk_".$row['users_id']]))
{
$username_= $_POST["username_".$row['users_id']];
$pwd_= $_POST['password_'.$row['users_id']];
$password_again= $_POST['password_again_'];
$email_= $_POST["email_".$row['users_id']];
$puhelin_= $_POST["puh_".$row['users_id']];
$homepage_= $_POST["homepage_".$row['users_id']];
$address_= $_POST["address_".$row['users_id']];
$rows_= $_POST["rowspage_".$row['users_id']];
$refresh_= $_POST["rfresh_".$row['users_id']];
$bg_= $_POST["bg_".$row['users_id']];
$skype= $_POST["skype_".$row['users_id']];
$msn= $_POST["msn_".$row['users_id']];
$userid_ = $_SESSION['users_id'];
 
//include("/home/pt4517/include/db_connect.php");
 
$name_check = $db_object1->query("SELECT username FROM users WHERE username = '$username_'");
 
if (MDB2::isError($name_check))
{
	die($name_check->getMessage());
}
 
$name_check_number = $name_check->numRows();
//echo('check ='.$name_check_number);
 
$sqlquery = "select * FROM users WHERE users_id= '$userid_' AND deluser_ = '0'";
$result = mysql_query($sqlquery);
while ($row = mysql_fetch_array($result))
{
 
	$tunnus = $row['username'];
}
 
 $aErrors = array();
 
// Update field "username", matching with "users_id" value by while loop.
 
if ($username_ == "" || $email_ == "" || !validateemail($email_))
{
  $aErrors[] = "EMPTY_FIELDS";
}
 
if(strlen(preg_replace('/\W/', '', $username_)) > 13)
{
	$aErrors[] = "LIIAN_PITKA";
}
 
if ($pwd_ != $password_again) {
        $aErrors[] = "PASSWORD_MISMATCH";
 
}
 
 
if ($name_check_number != 0 && $tunnus != $username_)
{
    $aErrors[] = "USER_EXISTS";
}
 
 
if (count($aErrors) == 0)
{
	$pwd_ = md5($pwd_);
	$password_again = md5($password_again);
 
echo $pwd_;
 
if($pwd_ != "" || $pwd_ != null)
{
mysql_query("UPDATE users SET username='$username_', password='$pwd_', email='$email_', puhelinnumero='$puhelin_', homepage='$homepage_', address='$address_', amount='$rows_', bg='$bg_', regdate=regdate, show_email=show_email, last_login=last_login, userlevel=userlevel, autorefresh='$refresh_', skype='$skype', msn='$msn' WHERE users_id='$userid_'");
}
else
{
mysql_query("UPDATE users SET username='$username_', email='$email_', puhelinnumero='$puhelin_', homepage='$homepage_', address='$address_', amount='$rows_', bg='$bg_', regdate=regdate, show_email=show_email, last_login=last_login, userlevel=userlevel, autorefresh='$refresh_', skype='$skype', msn='$msn' WHERE users_id='$userid_'");
}
$goback = "index.php?id=1&success=1";
echo ('<meta http-equiv="refresh" content="0.1;url= '.$goback.' ">');
}
else
     {
 
              $aErrorMessages = getErrorMessages($aErrors);
              echo ('<div style="font-weight: bold; color: #e80404; display: block; background-color: #ffffff; padding: 3px 3px 3px 3px; width: 295px;">');
              echo ('Virhe:');
              echo ('<br/>');
              foreach($aErrorMessages as $sError) {
                   echo ('<li style="margin-left: 13px;">' . $sError);
              }
              echo ('</div>');
              echo ('<br/>');
 
     }
 
 
} // if (isset($_POST["chk_".$row[users_id]]))
} // while($row=mysql_fetch_assoc($result))
 
 
 
} // if($_POST['Submit'])
 
 
?>

Open in new window

0
Toube
Asked:
Toube
1 Solution
 
Ryan_KemptCommented:
In your code example I believe you're determining the md5 hash of an empty value (which returns d41d8cd98f00b204e9800998ecf8427e) and then seeing if it's empty or not, and, the md5 hash is not empty, so therefor it's saying it's not empty. Compare the password value before md5'ing it to determine if it's empty or not, then hash it if it's not empty and update the field.

On a side note; I have always checked the length of the string (strlen) to determine whether or not it's empty as opposed to comparing it to null values. You can also easily change this to disallow passwords that are less than 4 characters long, etc..
0
 
ToubeAuthor Commented:
Nice one Ryan, that worked good job thanks.

-T

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now