-1

There are if loops in my code and i haven't assigned $_GET['err'] to a variable.

I have just logged in to my webpage. I haven't changed the password.without changing any password error messages for change of password are being displayed. I am a beginner so i don't have much idea.

<body>
<div class="header">
<div class="logo">
<img src="images/l.png" alt="aczel logo">
</div>
<div class="nav">
<h1>aczel quality team</h1>
<ul>
<li class="active"><a href="#">Home Page</a></li>
<li onclick="c_p()" ><a href="#">change password</a></li>
</ul>
<!--[if !IE]> -->
<div id="mycp" class="cp">
<span class="cp_close"
onclick="document.getElementById('mycp').style.display='none'">&times;                                                            
</span>
<div>
<form action="user_cp.php " method="post">
<input type="password" name="old_pswd" placeholder="ENTER OLD PASSWORD">
<input type="password" name="new_pswd" placeholder="ENTER NEW PASSWORD">
<input type="password" name="c_pswd" placeholder="CONFIRM NEW PASSWORD">
<input type="submit" name="change_pswd" value="CHANGE PASSWORD">
</form>
</div>
</div>
<script type="text/javascript" src="js/modal.js">
</script>
<!-- <![endif]-->
</div>
</div>
<?php
/*displaying error message for empty password change*/
if($_GET['err'] == 1)
{ 
echo "<div class='msg'><h2>Fields are empty</h2></div>";
}
/*displaying error message for !match passwords*/
if($_GET['err'] == 2)
{ 
echo "<div class='msg'><h2>Old Password Does Not Match</h2></div>";
}
/*displaying error message for new password and confirm pwd dont match */
if($_GET['err'] == 3)
{ 
echo "<div class='msg'><h2>New Pwd != confirm Password</h2></div>";
}
/*displaying success message on password change*/
if($_GET['success'] == 1)
{ 
echo "<div class='msg'><h2>Password changed</h2></div>";
}
?>

These error messages shouldn't show up when we login. instead they should be displayed when we use the password change option in the webpage.

Abhishek Chunamari
  • 1
  • 2
  • Please indent your code properly. When everything has the same indention (none), it's very hard to read and see the layout and flow of the code. – M. Eriksson Jun 26 '19 at 07:56
  • also add ` isset()` in your if condition `if(isset($_GET['err']) && $_GET['err'] == 1){ } ` same for all other conditions – prakash tank Jun 26 '19 at 07:58
  • You can't use `if ($_GET['err'] == ...` without checking if it's set first. If you enter that page without there being any `?err=something` in the URL, you will get those "undefined index: err"-warnings. Before the first if-statement, do: `$err = $_GET['err'] ?? null;`. Then you can use `$err` instead of `$_GET['err']` in your if-statements. – M. Eriksson Jun 26 '19 at 07:58

1 Answers1

0

You are requesting non-existent values in the GET array without testing if they are set - you need to test first before forking the logic - ie:

if( isset( $_GET['err'] ) ){
    if($_GET['err'] == 1){ 
        echo "<div class='msg'><h2>Fields are empty</h2></div>";
    }
    /*displaying error message for !match passwords*/
    if($_GET['err'] == 2){ 
        echo "<div class='msg'><h2>Old Password Does Not Match</h2></div>";
    }
    /*displaying error message for new password and confirm pwd dont match */
    if($_GET['err'] == 3){ 
        echo "<div class='msg'><h2>New Pwd != confirm Password</h2></div>";
    }
    /*displaying success message on password change*/
    if( isset( $_GET['success'] ) && $_GET['success'] == 1){ 
        echo "<div class='msg'><h2>Password changed</h2></div>";
    }
}

Or, a more compact version perhaps

if( isset( $_GET['err'] ) ){
    switch( intval( $_GET['err'] ) ){
        case 1:$msg='Fields are empty';break;
        case 2:$msg='Old Password Does Not Match';break;
        case 3:$msg='New Pwd != confirm Password';break;
    }
}
if( isset( $_GET['success'] ) && $_GET['success']==1 ){
    $msg='Password changed';
}

printf('<div class="msg"><h2>%s</h2></div>',$msg);
Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46