Skip to main content
A
Anonymous
July 20, 2008
Question

getName

  • July 20, 2008
  • 2 replies
  • 252 views
I have created a page that when a user logs in they will be able to edit their own profile. I have everything working except for one area and that is the username. When someone registers, DWCS3 has a function in the Server Behavior, User Authentication in the Check New Username only works in the input not an update.

The problem I have is that when I made a page retrieving the user's name they are able to update all their personal information except when the username if they want to change their username and someone else has it, it effects the login. I am not sure how to go around this.

This is what I have in My Update Profile page.

index.php (sample of the update my profile code)
<?php session_start(); ?>
<!-- The bottom code is tied with the getID recordset to edit user info. --->
<?php $_SESSION['userID'] = $row_getName['userID']; ?>

// update code
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE `user` SET dateOfUpdate=%s, first_name=%s, family_name=%s, username=%s, psw=%s, email=%s, address=%s, city=%s, prov=%s, postal=%s, phone=%s, cell=%s WHERE userID=%s",
GetSQLValueString($_POST['dateOfUpdate'], "date"),
GetSQLValueString($_POST['first_name'], "text"),
GetSQLValueString($_POST['family_name'], "text"),
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['psw'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['prov'], "text"),
GetSQLValueString($_POST['postal'], "text"),
GetSQLValueString($_POST['phone'], "int"),
GetSQLValueString($_POST['cell'], "int"),
GetSQLValueString($_POST['userID'], "text"));

mysql_select_db($database_conYeshivah, $conYeshivah);
$Result1 = mysql_query($updateSQL, $conYeshivah) or die(mysql_error());

$updateGoTo = "../main.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}


// getUserID (recordset)
$colname_getName = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_getName = $_SESSION['MM_Username'];
}
mysql_select_db($database_conYeshivah, $conYeshivah);
$query_getName = sprintf("SELECT dateOfReg, dateOfUpdate, first_name, family_name, `user`.username, `user`.psw, `user`.email, `user`.address, `user`.city, `user`.prov, `user`.postal, `user`.phone, `user`.cell, `user`.userID FROM `user` WHERE username = %s", GetSQLValueString($colname_getName, "text"));
$getName = mysql_query($query_getName, $conYeshivah) or die(mysql_error());
$row_getName = mysql_fetch_assoc($getName);
$totalRows_getName = mysql_num_rows($getName);

-------------------------------------------------
In my design I have the form along with the fields and such. Is there a better way of doing this.

When I created my recordset of getName under the filter I made it username = Session Variable, MM_Username in order for the user to retreive his/her own information.

------------------------------------------------
Is there a better way or am I doing this the hard way.
This topic has been closed for replies.

2 replies

N
Newsgroup_User
Inspiring
July 21, 2008
I found it difficult to follow. If you are asking how to let a user
change their username but not to one that is already taken then the
answer is on you have to query database to determine if it exists, if
it does not then you you allow the upddate. If not then you return a
message telling them the username is already taken.

This will require hand coding.

A
Anonymous
July 20, 2008
Any body have a clue?
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices