getName

Report · Jul 20, 2008

I have created a page that when a user logs in they will be able to edit their own profile. I have everything working except for one area and that is the username. When someone registers, DWCS3 has a function in the Server Behavior, User Authentication in the Check New Username only works in the input not an update.

The problem I have is that when I made a page retrieving the user's name they are able to update all their personal information except when the username if they want to change their username and someone else has it, it effects the login. I am not sure how to go around this.

This is what I have in My Update Profile page.

index.php (sample of the update my profile code)
<?php session_start(); ?>

<?php $_SESSION['userID'] = $row_getName['userID']; ?>

// update code
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE `user` SET dateOfUpdate=%s, first_name=%s, family_name=%s, username=%s, psw=%s, email=%s, address=%s, city=%s, prov=%s, postal=%s, phone=%s, cell=%s WHERE userID=%s",
GetSQLValueString($_POST['dateOfUpdate'], "date"),
GetSQLValueString($_POST['first_name'], "text"),
GetSQLValueString($_POST['family_name'], "text"),
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['psw'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['prov'], "text"),
GetSQLValueString($_POST['postal'], "text"),
GetSQLValueString($_POST['phone'], "int"),
GetSQLValueString($_POST['cell'], "int"),
GetSQLValueString($_POST['userID'], "text"));

mysql_select_db($database_conYeshivah, $conYeshivah);
$Result1 = mysql_query($updateSQL, $conYeshivah) or die(mysql_error());

$updateGoTo = "../main.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

// getUserID (recordset)
$colname_getName = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_getName = $_SESSION['MM_Username'];
}
mysql_select_db($database_conYeshivah, $conYeshivah);
$query_getName = sprintf("SELECT dateOfReg, dateOfUpdate, first_name, family_name, `user`.username, `user`.psw, `user`.email, `user`.address, `user`.city, `user`.prov, `user`.postal, `user`.phone, `user`.cell, `user`.userID FROM `user` WHERE username = %s", GetSQLValueString($colname_getName, "text"));
$getName = mysql_query($query_getName, $conYeshivah) or die(mysql_error());
$row_getName = mysql_fetch_assoc($getName);
$totalRows_getName = mysql_num_rows($getName);

-------------------------------------------------
In my design I have the form along with the fields and such. Is there a better way of doing this.

When I created my recordset of getName under the filter I made it username = Session Variable, MM_Username in order for the user to retreive his/her own information.

------------------------------------------------
Is there a better way or am I doing this the hard way.

Report · Jul 20, 2008

Any body have a clue?

Report · Jul 21, 2008

I found it difficult to follow. If you are asking how to let a user
change their username but not to one that is already taken then the
answer is on you have to query database to determine if it exists, if
it does not then you you allow the upddate. If not then you return a
message telling them the username is already taken.

This will require hand coding.