Trying to allow PHP if empty

Question

I'm just trying to allow a user to be able to change their email without having to enter anything above. At the moment it works but it also says 'Current Password is Incorrect/wrong'. Am I able to ignore 'Current Password is Incorrect/wrong' if I just want the email to be changed?

Thanks!

Image: http://puu.sh/cmcKM/aef56cdaf4.png

I've tried using this but had no success still gave me the same message

if (!empty($_POST['repeatnewpassword']) && !empty($_POST['newpassword'])) {
            if ($newpassword==$repeatnewpassword)
            {
                $querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
                echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
            }
            else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}

        }

My code:

<title>Honda</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
<link href="../css/style.css" rel="stylesheet" type="text/css" media="all" />



<?php
session_start();



$username = $_SESSION['sess_user'];

    echo '<div class="search1"><h2>'.$username.'</h2><div class="search12"><h2><a href="index2.php">Home</a></h2></p></div></div>';


    if (isset($_SESSION['sess_user']))
    {
        //user is logged in

        if (isset($_POST['submit']))
        {
            //start changing password
            //check fields

            $oldpassword = md5($_POST['oldpassword']);
            $newpassword = md5($_POST['newpassword']);
            $email = $_POST['email'];


            $repeatnewpassword = md5($_POST['repeatnewpassword']);


            //check password against db
            include('../includes/config.php');

            $queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
            $row = mysql_fetch_assoc($queryget);
            $oldpassworddb = $row['password'];

            //check passwords
            if ($oldpassword==$oldpassworddb && !empty($_POST['oldpassword']))
            {

                if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
                    if ($newpassword==$repeatnewpassword)
                    {
                        $querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
                        echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
                    }
                    else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}

                }


            }
            else {echo "<div class='results'>current password doesnt match</div><div class='successmate'><h2><p><a href='changepassword.php'><br><br>Try again?</a></p></h2></div>";}


            if (isset($_POST['email']) AND $_POST['email'] != '') {
                $querychange = mysql_query("UPDATE login SET email='$email' WHERE   username='$username'");
                echo "<div class='successmate'><br><br><br><br><hr>Your email has been changed</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
            }}


        else
        {

            echo"
        <form class='search1' action='changepassword.php' method='POST'>
        <label>Current Password:*</label> <input type='password' id='password' name='oldpassword'><p>
        <label>New Password:*</label> <input type='password' id='password' name='newpassword'><p>
        <label>Repeat New Password:*</label> <input type='password'  name='repeatnewpassword'><p>
        <label>Email:</label> <input type='email'  name='email'><p>
        <input type='submit' name='submit' class='submit' value='submit'><br><br><br>
        <h2><p><a href='index2.php'>Back</a></p></h2>
        </form>
        ";


        }}
    else
        die ("You must be logged in to change your password");


    ?>

<img src="../images/main.jpg">

EDIT - FRED:

<?php
session_start();



$username = $_SESSION['sess_user'];

    echo '<div class="search1"><h2>'.$username.'</h2><div class="search12"><h2><a href="index2.php">Home</a></h2></p></div></div>';


    if (isset($_SESSION['sess_user']))
    {
        //user is logged in

       if (isset($_POST['submit']))
    {
        //start changing password
        //check fields

        $oldpassword = md5($_POST['oldpassword']);
        $newpassword = md5($_POST['newpassword']);
        $email = $_POST['email'];


        $repeatnewpassword = md5($_POST['repeatnewpassword']);


        //check password against db
        include('../includes/config.php');

        $queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
        $row = mysql_fetch_assoc($queryget);
        $oldpassworddb = $row['password'];

        //check passwords
        if($_POST['newpassword']){
            if ($oldpassword==$oldpassworddb)
            {

                if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
                    if ($newpassword==$repeatnewpassword)
                    {
                        $querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
                        echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
                    }
                    else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}

                }


            } else {echo "<div class='results'>current password doesnt match</div><div class='successmate'><h2><p><a href='changepassword.php'><br><br>Try again?</a></p></h2></div>";}
        }

        if (isset($_POST['email']) AND $_POST['email'] != '') {
            $querychange = mysql_query("UPDATE login SET email='$email' WHERE   username='$username'");
            echo "<div class='successmate'><br><br><br><br><hr>Your email has been changed</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
        }
  }


            }
            else {echo "<div class='results'>current password doesnt match</div><div class='successmate'><h2><p><a href='changepassword.php'><br><br>Try again?</a></p></h2></div>";}


            if (isset($_POST['email']) AND $_POST['email'] != '') {
                $querychange = mysql_query("UPDATE login SET email='$email' WHERE   username='$username'");
                echo "<div class='successmate'><br><br><br><br><hr>Your email has been changed</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
            }


        else
        {

            echo"
        <form class='search1' action='changepassword.php' method='POST'>
        <label>Current Password:*</label> <input type='password' id='password' name='oldpassword' ><p>
        <label>New Password:*</label> <input type='password' id='password' name='newpassword'><p>
        <label>Repeat New Password:*</label> <input type='password'  name='repeatnewpassword'><p>
        <label>Email:</label> <input type='email'  name='email'><p>
        <input type='submit' name='submit' class='submit' value='submit'><br><br><br>
        <h2><p><a href='index2.php'>Back</a></p></h2>
        </form>
        ";


        }
    else
        die ("You must be logged in to change your password");


    ?>

What's different about this question then the other ones http://stackoverflow.com/q/26512447/ and http://stackoverflow.com/q/26484797/ and http://stackoverflow.com/q/26481182/ ? etc. Tell me before I close your question. — Funk Forty Niner, Oct 24 '14 at 12:23
Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide. Morning @Fred-ii- — Jay Blanchard, Oct 24 '14 at 12:24

Daniel Gelling · Answer 1 · 2014-10-24T12:33:57.020

1

Make sure you check if someone even has typed a password, if so you change the password and otherwise you only change the email

Like this:

 if (isset($_POST['submit']))
    {
        //start changing password
        //check fields

        $oldpassword = md5($_POST['oldpassword']);
        $newpassword = md5($_POST['newpassword']);
        $email = $_POST['email'];


        $repeatnewpassword = md5($_POST['repeatnewpassword']);


        //check password against db
        include('../includes/config.php');

        $queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
        $row = mysql_fetch_assoc($queryget);
        $oldpassworddb = $row['password'];

        //check passwords
        if($_POST['newpassword']){
            if ($oldpassword==$oldpassworddb)
            {

                if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
                    if ($newpassword==$repeatnewpassword)
                    {
                        $querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
                        echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
                    }
                    else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}

                }


            } else {echo "<div class='results'>current password doesnt match</div><div class='successmate'><h2><p><a href='changepassword.php'><br><br>Try again?</a></p></h2></div>";}
        }

        if (isset($_POST['email']) AND $_POST['email'] != '') {
            $querychange = mysql_query("UPDATE login SET email='$email' WHERE   username='$username'");
            echo "<div class='successmate'><br><br><br><br><hr>Your email has been changed</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
        }
  }

edited Oct 24 '14 at 12:33

answered Oct 24 '14 at 12:28

Daniel Gelling

892
1
9
22

I'm really hoping your answer will solve the OP's problem, once and for all. ;) – Funk Forty Niner Oct 24 '14 at 12:30
@Daniel Parse error: syntax error, unexpected ')' in D:\xampp\htdocs\wd6\pages\changepassword.php on line 45 :( – Ariana Oct 24 '14 at 12:31
@Fred-ii- I know I've posted this, but I really am stuck. It's been a few days I do apologize – Ariana Oct 24 '14 at 12:32
1

This line `if ($oldpassword==$oldpassworddb))` one bracket too many. – Funk Forty Niner Oct 24 '14 at 12:32
@Ariana Edited it, so you can now go ahead and copy-paste it again :P – Daniel Gelling Oct 24 '14 at 12:34
@DanielGelling Thanks for the help, but there was a few '}' errors I fixed them up but it's giving this.. Parse error: syntax error, unexpected 'else' (T_ELSE) in D:\xampp\htdocs\wd6\pages\changepassword.php on line 95 – Ariana Oct 24 '14 at 12:37
^ try closing the if with a } ? – Eujinks Oct 24 '14 at 12:38
`T_ELSE` is caused by a missing matching `if`. @Ariana Line 95? Post full code. Daniel's trying to help but you're not helping. – Funk Forty Niner Oct 24 '14 at 12:40
@Fred-ii- Updated my code in my post above – Ariana Oct 24 '14 at 12:42
@Ariana Your edit contains 91 lines. What is line 95? – Funk Forty Niner Oct 24 '14 at 12:43
@Fred-ii- On line 95 its just 'else' – Ariana Oct 24 '14 at 12:44
@Ariana Your conditional statements are way off including bracing, that's why you're getting the errors. I wouldn't waste anymore time with this, while using deprecated MySQL functions and MD5. Sorry, but you're not only wasting your time, but everyone else's. I suggest you look at **http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL** which is a much more secure method and everything's setup for you. – Funk Forty Niner Oct 24 '14 at 12:48
@Fred-ii- Thanks for your input.. But this is 'Daniel's' code that I've copied and pasted and that were his '}' minor errors. Again thanks for your help[ – Ariana Oct 24 '14 at 12:50
@Ariana You're welcome. If you corrected the bracing, then if Daniel's answer still hasn't fixed the problem, then move on and use the link I've given you above. If this is for learning purposes, this isn't the place to do that. If it's for a LIVE website, then **STOP** right there and use the method I've given you. You **will get hacked**, I will guarantee it. I'm trying to save you before you make a big mistake. Good luck. – Funk Forty Niner Oct 24 '14 at 12:54
1

@DanielGelling +1 for your effort. – Funk Forty Niner Oct 24 '14 at 12:55

BAAC · Answer 2 · 2014-10-24T13:26:40.480

Ariana your code is a little confusing, I think you got a little lost in your code with your else conditions. I rewrote it, try it if it works.

** Updated ***

You really should not use this as it's not safe - try to use mysqli_ instead of mysql_ and learn about mysql_real_escape_string. Anyway, i've updated the code with my comments and it should work.

<?php
session_start();

$username = $_SESSION['sess_user'];
    echo '<div class="search1"><h2>'.$username.'</h2><div class="search12"><h2><a href="index2.php">Home</a></h2></p></div></div>';


    if (isset($username)){
        //user is logged in

        if (isset($_POST['submit'])){

            #1 Check if fields are not empty
            if( !isset($_POST['oldpassword']) || !isset($_POST['newpassword']) ){
                echo "Fields empty";    
                exit();
            }

            $oldpassword = md5($_POST['oldpassword']);
            $newpassword = md5($_POST['newpassword']);
            $repeatnewpassword = md5($_POST['repeatnewpassword']);
            $email = $_POST['email'];

            //check password against db
            include('../includes/config.php');


            $queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
            $row = mysql_fetch_assoc($queryget);
            $oldpassworddb = $row['password'];

            #2 Check the old password

            if($oldpassword==$oldpassworddb){
            # they match  - check if nwe and repeat pass match

                if($newpassword == $repeatnewpassword){
                    mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username' ");

                echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";

                # check if email isn't empty so you can update

                if( !empty($_POST['email']) ){

                    mysql_query("UPDATE login SET email='$email' WHERE   username='$username'");

                     echo "<div class='successmate'><br><br><br><br><hr>Your email has been changed</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
                }



                }else{
                    echo "<div class='results'>Passwords don't match !</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";
                }


            }else{
            # they don't match

                echo "<div class='results'>Old password wrong !</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";

            }


            } // end if form submitted
            echo "
            <form class='search1' action='changepassword.php' method='POST'>
            <label>Current Password:*</label> <input type='password' id='password' name='oldpassword'><p>
            <label>New Password:*</label> <input type='password' id='password' name='newpassword'><p>
            <label>Repeat New Password:*</label> <input type='password'  name='repeatnewpassword'><p>
            <label>Email:</label> <input type='email'  name='email'><p>
            <input type='submit' name='submit' class='submit' value='submit'><br><br><br>
            <h2><p><a href='index2.php'>Back</a></p></h2>
            </form>
            ";

    }else{
        die ("You must be logged in to change your password");
    }


    ?>

<img src="../images/main.jpg">

Thanks for the help, but instead of 'Current password is incorrect' I get 'new password(s) dont match' — Ariana, Oct 24 '14 at 12:41
Maybe it's this : change $oldpassworddb = $row['password']; to $oldpassworddb = md5($row['password']); if your passwords are not saved using md5 they will not match with the new — BAAC, Oct 24 '14 at 12:47
and you should change isset($_POST['email']) to !empty($_POST['email']) — BAAC, Oct 24 '14 at 12:48
@Ariana Let me know if this worked... don't forget to check your database if the saved password were md5 — BAAC, Oct 24 '14 at 12:49
@Ariana is the password saved in the database already with md5 or not ? because i tried your script and it worked. Also, your script is missing to check if $newpassword and $repeatnewpassword are the same. Jay Blanchard is right you should not use mysql_ functions... — BAAC, Oct 24 '14 at 13:04
The password in the DB is MD5, I don't know why it's not working. If it's not an issue can you edit your code above and fix what you think might be causing it? I am stuck :( Thanks! — Ariana, Oct 24 '14 at 13:11
Sight, thanks for your help but now I'm getting 'Old password wrong !' — Ariana, Oct 24 '14 at 13:28
could it be that the old password is really wrong ? that what you typed and what is stored in the database really don't correspond ? — BAAC, Oct 24 '14 at 13:30
I'd just like to say thanks for helping me but, I'm not even entering a password or any password field. I'm just trying to change the email without having to enter those. — Ariana, Oct 24 '14 at 13:32

Trying to allow PHP if empty

2 Answers2