Dragotic
commented
10 years ago Hello el3302,
could you please copy & paste your code here so we can check your issue?
Closed el3302 closed 10 years ago
Dragotic
commented
10 years ago Hello el3302,
could you please copy & paste your code here so we can check your issue?
el3302
commented
10 years ago Here is the users.php
<h1>User Manager</h1>
<div class="row">
<div class="col-md-3">
<div class="list-group">
<a class="list-group-item" href="?page=users">
<i class="fa fa-plus"></i> New User
</a>
<?php
$q = "SELECT * FROM users ORDER BY last ASC";
$r = mysqli_query($dbc, $q);
while($list = mysqli_fetch_assoc($r)) {
$list = data_user($dbc, $list['id']);
//$blurb = substr(strip_tags($page_list['body']), 0, 160);
?>
<a class="list-group-item <?php selected($list['id'], $opened['id'], 'active'); ?>" href="index.php?page=users&id=<?php echo $list['id']; ?>">
<h4 class="list-group-item-heading"><?php echo $list['fullname_reverse']; ?></h4>
<!--<p class="list-group-item-text"><?php //echo $blurb; ?></p>-->
</a>
<?php } ?>
</div>
</div>
<div class="col-md-9">
<?php if(isset($message)) { echo $message; } ?>
<form action="index.php?page=users&id=<?php echo $opened['id']; ?>" method="post" role="form">
<div class="form-group">
<label for="first">First Name:</label>
<input class="form-control" type="text" name="first" id="first" value="<?php echo $opened['first']; ?>" placeholder="First Name" autocomplete="off">
</div>
<div class="form-group">
<label for="last">Last Name:</label>
<input class="form-control" type="text" name="last" id="last" value="<?php echo $opened['last']; ?>" placeholder="Last Name" autocomplete="off">
</div>
<div class="form-group">
<label for="email">Email Address:</label>
<input class="form-control" type="text" name="email" id="email" value="<?php echo $opened['email']; ?>" placeholder="Email Address" autocomplete="off">
</div>
<div class="form-group">
<label for="status">Status:</label>
<select class="form-control" name="status" id="status">
<option value="0" <?php if(isset($_GET['id'])){ selected('0', $opened['status'], 'selected'); } ?>>Inactive</option>
<option value="1" <?php if(isset($_GET['id'])){ selected('1', $opened['status'], 'selected'); } ?>>Active</option>
</select>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input class="form-control" type="password" name="password" id="password" value="" placeholder="Password" autocomplete="off">
</div>
<div class="form-group">
<label for="passwordv">Verify Password:</label>
<input class="form-control" type="password" name="passwordv" id="passwordv" value="" placeholder="Type Password Again" autocomplete="off">
</div>
<button type="submit" class="btn btn-default">Save</button>
<input type="hidden" name="submitted" value="1">
<?php if(isset($opened['id'])) { ?>
<input type="hidden" name="id" value="<?php echo $opened['id']; ?>">
<?php } ?>
</form>
</div>
</div>and here is the queries.php case user:
case 'users':
if(isset($_POST['submitted']) == 1) {
$first = mysqli_real_escape_string($dbc, $_POST['first']);
$last = mysqli_real_escape_string($dbc, $_POST['last']);
if($_POST['password'] != '') {
if($_POST['password'] == $_POST['passwordv']) {
$password = " password = SHA1('$_POST[password]'),";
$verify = true;
} else {
$verify = false;
}
} else {
$verify = false;
}
if(isset($_POST['id']) != '') {
$action = 'updated';
$q = "UPDATE users SET first = '$first', last = '$last', email = '$_POST[email]', $password status = $_POST[status] WHERE id = $_GET[id]";
$r = mysqli_query($dbc, $q);
} else {
$action = 'added';
$q = "INSERT INTO users (first, last, email, password, status) VALUES ('$first', '$last', '$_POST[email]', SHA1('$_POST[password]'), '$_POST[status]')";
if($verify == true) {
$r = mysqli_query($dbc, $q);
}
}
if($r){
$message = '<p class="alert alert-success">User was '.$action.'!</p>';
} else {
$message = '<p class="alert alert-danger">User could not be '.$action.' because: '.mysqli_error($dbc);
if($verify == false) {
$message .= '<p class="alert alert-danger">Password fields empty and/or do not match.</p>';
}
$message .= '<p class="alert alert-warning">Query: '.$q.'</p>';
}
}
if(isset($_GET['id'])) { $opened = data_user($dbc, $_GET['id']); }
Thanks Dragotic
I may have misunderstood how the update query works.
As I see it now, the update will run EVEN if the passwords do not match, it just DOES NOT run the password clause in the update and DOES NOT throw up an error message as it does on the Insert query.
My problem was I was expecting to see an error for the update that the passwords did not match.
Is that correct?
Dragotic
commented
10 years ago Well your code is pretty clean I believe. Can't seem to find any wrong lines.
And the verify code works this way. Before any insert or update on the database it just checks if the password and password verification fields are empty or different. The update and insert queries are being checked through the $_POST['id'] which one will run.
And finally combined, the UPDATE query it wants them to be either empty or the same. On the INSERT query it want the two fields to be ONLY the same.
I know it may not really give you any answer. The point is im a student myself and in my point of view the code seems clean and the only error i may think of is your code naming...for example you may use $page_list instead of $list in some files and this concludes an error in your code.
Is it just me or does the password not validate when editing a User and purposefully entering 2 different passwords. The update script still runs and updates the password. I thought it was my code but this happens even when using the code from the git repository. (I copied the users.php and the queries.php and ran the test again.). Keep getting the User was updated message.