[b]HI,
I have an application for creating accounts with :
"Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i update name or email only the password gets encrypted a second time.
/b
--------------------------------------------------------------------------
Below is my code for the update page, I want to update the password only when it is changed.
***********************************************************************
<?php require_once('../../Connections/myDB.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue
"", $theNotDefinedValue "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
$updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
GetSQLValueString($_POST['Name'], "text"),
GetSQLValueString($_POST['Email'], "text"),
GetSQLValueString($_POST['Password'], "text"),
GetSQLValueString($_POST['userId'], "int"));
mysql_select_db($database_myDB, $myDB);
$Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());
$updateGoTo = "accounts.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
$colname_rsUp = "1";
if (isset($_GET['id'])) {
$colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp
sprintf("SELECT * FROM userTbl WHERE id %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>
<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">
Name : |
" size ="30" />,
----
Email: |
" size= "30" />,
----
Password: |
" size ="30" />,
----
,
,
" />
</form>
<?php
mysql_free_result($rsUp);
?>
**************************************************************************
Thank you.
Afficher la suite