dianefoster Posted January 5, 2018 Share Posted January 5, 2018 <?php $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); $errors = array(); if (empty($_POST['login'])) { $errors[] = 'You forgot to enter your login'; } else { $lgn = mysqli_real_escape_string($dbc, trim($_POST['login'])); } if (empty($_POST['pwd'])) { $errors[] = 'You forgot to enter your password'; } else { $p = mysqli_real_escape_string($dbc, trim($_POST['pwd'])); } if (!empty($_POST['pwd1'])) { if($_POST['pwd1'] != $_POST['pwd2']) { $errors[] = 'Your new password did not match the confirmed password'; } else { $np = mysqli_real_escape_string($dbc, trim($_POST['pwd1'])); } } else { $errors[] = 'You forgot to enter your password'; } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE( login = '$lgn' AND pwd = SHA1('$p') )"; $r = @mysqli_query($dbc, $q); $num = @mysqli_num_rows($r); if($num == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); $q = "UPDATE Patient SET pwd=SHA1('$np') WHERE patientID=$row[1]"; $r = @mysqli_query($dbc, $q); if(mysqli_affected_rows($dbc) == 1) { echo '<h1>Thank You!</h1> <p>Your password has been updated</p>'; } else { echo '<h1>System Error</h1> <p class = "error">Your password could not be changed due a system error.We apologize for any inconvenience</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } mysqli_close($dbc); include('includes/footer.html'); exit(); } else { echo '<h1>Error</h1> <p class = "error">The login and password do not match those on file</p>'; } } else { echo '<h1>Error!</h1> <p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p><p><br/></p>'; } mysqli_close($dbc); } ?> <h1>Change Your Password</h1> <form action="update.php" method="post"> <p>Login: <input type="text" name = "login" size = "2" maxlength = "12" value ="<?php if(isset($_POST['login'])) echo $_POST['login']; ?>" /></p> <p>Current Password: <input type="password" name="pwd" size="5" maxlength="20" value="<?php if (isset($_POST['pwd'])) echo $_POST['pwd']; ?>" /></p> <p>New Password: <input type="password" name="pwd1" size="5" maxlength="20" value="<?php if (isset($_POST['pwd1'])) echo $_POST['pwd1']; ?>" /></p> <p>Confirm New Password: <input type="password" name="pwd2" size="5" maxlength="20" value="<?php if (isset($_POST['pwd2'])) echo $_POST['pwd2']; ?>" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> </form> <?php include ('includes/footer.html'); ?> <?php $thisPage = 'update'; include('includes/header.html'); include('includes/nav1.php'); if($_SERVER['REQUEST_METHOD'] == 'POST') { require('../mysqli_connect.php'); $errors = array(); if (empty($_POST['login'])) { $errors[] = 'You forgot to enter your login'; } else { $lgn = mysqli_real_escape_string($dbc, trim($_POST['login'])); } if (empty($_POST['pwd'])) { $errors[] = 'You forgot to enter your password'; } else { $p = mysqli_real_escape_string($dbc, trim($_POST['pwd'])); } if (!empty($_POST['pwd1'])) { if($_POST['pwd1'] != $_POST['pwd2']) { $errors[] = 'Your new password did not match the confirmed password'; } else { $np = mysqli_real_escape_string($dbc, trim($_POST['pwd1'])); } } else { $errors[] = 'You forgot to enter your password'; } if(empty($errors)) { $q = "SELECT patientID FROM Patient WHERE( login = '$lgn' AND pwd = SHA1('$p') )"; $r = @mysqli_query($dbc, $q); $num = @mysqli_num_rows($r); if($num == 1) { $row = mysqli_fetch_array($r,MYSQLI_NUM); $q = "UPDATE Patient SET pwd=SHA1('$np') WHERE patientID=$row[1]"; $r = @mysqli_query($dbc, $q); if(mysqli_affected_rows($dbc) == 1) { echo '<h1>Thank You!</h1> <p>Your password has been updated</p>'; } else { echo '<h1>System Error</h1> <p class = "error">Your password could not be changed due a system error.We apologize for any inconvenience</p>'; echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>'; } mysqli_close($dbc); include('includes/footer.html'); exit(); } else { echo '<h1>Error</h1> <p class = "error">The login and password do not match those on file</p>'; } } else { echo '<h1>Error!</h1> <p class = "error">The following error(s) have occurred<br/>'; foreach($errors as $msg) { echo " -$msg<br/>\n"; } echo '</p><p>Please try again</p><p><br/></p>'; } mysqli_close($dbc); } ?> <h1>Change Your Password</h1> <form action="update.php" method="post"> <p>Login: <input type="text" name = "login" size = "2" maxlength = "12" value ="<?php if(isset($_POST['login'])) echo $_POST['login']; ?>" /></p> <p>Current Password: <input type="password" name="pwd" size="5" maxlength="20" value="<?php if (isset($_POST['pwd'])) echo $_POST['pwd']; ?>" /></p> <p>New Password: <input type="password" name="pwd1" size="5" maxlength="20" value="<?php if (isset($_POST['pwd1'])) echo $_POST['pwd1']; ?>" /></p> <p>Confirm New Password: <input type="password" name="pwd2" size="5" maxlength="20" value="<?php if (isset($_POST['pwd2'])) echo $_POST['pwd2']; ?>" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> </form> <?php include ('includes/footer.html'); ?> The Table being used in the update query is the Patient table keep CREATE TABLE Patient ( patientID INT AUTO_INCREMENT, title VARCHAR(15) DEFAULT 'Mr', firstN VARCHAR(40) NOT NULL, lastN VARCHAR(20) NOT NULL, street VARCHAR(25), suburb VARCHAR(30), state CHAR(3) DEFAULT 'NSW', pc CHAR(4) DEFAULT '2250', phone CHAR(12), email VARCHAR(50), imageName VARCHAR(50), login VARCHAR(12), pwd VARCHAR(40), PRIMARY KEY (patientID) ); Link to comment Share on other sites More sharing options...
Larry Posted January 6, 2018 Share Posted January 6, 2018 There's nothing obvious that's causing this error, although I suspect this would be a problem: $q = "UPDATE Patient SET pwd=SHA1('$np') WHERE patientID=$row[1]"; That should probably be $row[0]. To debug this, I'd start by seeing if the login or the password is the problem. Do this by turning directly to MySQL running queries against what's already stored. Link to comment Share on other sites More sharing options...
Recommended Posts