Change email php script is not working

[ethan89]

This is completely different code than my change password script thread.  This is not double posting.

 

Whenever I use this script to change my email, it just changes the email to nothing (blank).  What could be wrong with it?  Help is hugely appreciated.  I know you don't have to use your valuable time to help me.

 

<?php

 

// I removed the connect to db part

 

session_start();

 

$username = $_SESSION['username'];

$email = $_POST['email'];

$newemail = $_POST['newemail'];

$confirmnewemail = $_POST['confirmnewemail'];

 

$result = mysql_query("SELECT email FROM members WHERE username='$username'");

if($email!= mysql_result($result, 0))

{

echo "The email address you entered is incorrect.";

}

if($newemail==$confirmnewemail)

    $sql=mysql_query("UPDATE members SET email='$newemail' where username='$username'");

    if($sql)

    {

    echo "You have successfully changed your email address.";

    }

else

{

echo "The new email and confirm new email fields were different.";

}

?>

[Pikachu2000]

$newemail probably has an empty string as its value. Did you try echoing the variables to see if they contain the expected values?

[ethan89]

newemail is what the person puts into the form.  The form didn't have any empty fields when I tried it.

[Pikachu2000]

Irrespective of the form, how do you know if the variables have valid values? Just because you enter something in a form, doesn't mean there isn't a problem preventing a variable from getting the correct value assigned to it.

[ethan89]

I don't understand anything you said.  I'm a complete newbie at PHP.  I haven't had anything go wrong before when getting something using $_POST.

[Pikachu2000]

Can you post the form also, and I'll look everything over. . .

[ethan89]

Sure, thanks for helping me out.

 

<?php

session_start();

if(!isset($_SESSION['username']) ||

(trim($_SESSION['username'])=='')) {

header("location: members_only_area.php");

exit();

}

?>

 

<form action="change_password22.php">

password<input type="password" name="password">

new password<input type="password" name="newpassword">

confirm new password<input type="password" name="confirmnewpassword">

<input type="submit" value="Change Password">

</form>

[xeronix]

I see no email box in that form, either that or my eyes are tired.

 

Can you make a separate PHP file and have that echo each variable?

[Pikachu2000]

I don't think that's the right form . . .

[ethan89]

Sure, I can do that, but I just realized that I gave you the wrong code.  That's the second time today.  I don't know what is wrong with me.  Here it is:

 

<form action="change_email.php">

Current Email: <input type="text" name="email">

New Email: <input type="text" name="newemail">

Confirm New Email: <input type="text" name="confirmnewemail">

<input type="submit" value="Change Email">

</form>

[Pikachu2000]

When you submit the form, I'm sure you 'll notice the address in the browser suddenly has a string behind the URL something like

/change_password.php?password=something&newpassword=something_else.

That's because if you don't specify a method= in your form tag, the method defaults to GET whereas in the script, you're looking for POST variables coming in. All you should need to do to fix it is change the <form tag to

<form action="change_password22.php" method="post">

[ethan89]

Ohhhhhhhhhhhhhhhhhhh I was really concerned about the password being displayed at the top lol.  Thanks for searching through my garbage code and finding my silly mistake!  I really don't think I could ever spot that on my own  .  Thanks so much for helping me!  I'll post again to tell you if it changes the password or not

[Pikachu2000]

You're welcome. If it works, and the problem is solved, please remember to mark the topic solved using the button in the lower left corner of the page. If it still doesn't work, let me know!

[xeronix]

I do think however you might want to look at hashing your password with a universal hash that you call in.

 

This would help with security and browser sniffing greatly.

[ethan89]

Well, it's a big improvement that it doesn't show the info in the URL anymore, but instead of changing the password or making the password blank, now it just doesn't do anything and the password stays the same..  Maybe I can solve this on my own now that it's not hugely messed up anymore, but it would be cool if someone could tell me what's wrong  .  I will mark this as solved as soon as it's fixed.

[ethan89]

I thought about hashing but it seems complicated, because then I have to add a reset password thing instead of just sending them their password.

[ethan89]

Oh never mind, it works perfectly.  I was doing something wrong when I tested it last time.  Thanks so much guys.  Solved 

[Pikachu2000]

I thought about hashing but it seems complicated, because then I have to add a reset password thing instead of just sending them their password.

 

Correct, but it really is a much better way of doing it.