Update record server behavior removing password from database

Report · Dec 11, 2010

Using the technique in Powers latest Lesson 6, p. 202, for a separate website, when I click on the Edit link on an entry on the update page to edit users (rsUsers), I correctly taken to the update_user.php page with the form and populated fields for that user. However, when submitting changes to that user (any user in the database) the password is removed from the database in the implementation of the update. This is the code for the update_user.php file:

<?php require_once('../Connections/wfrma.php'); ?>
<?php require_once('../Connections/wfrma.php'); ?>
<?php require_once('../Connections/wfrma.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
     
  $logoutGoTo = "../index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
$colname_rsUsers = "-1";
if (isset($_GET['user_id'])) {
  $colname_rsUsers = (get_magic_quotes_gpc()) ? $_GET['user_id'] : addslashes($_GET['user_id']);
}
mysql_select_db($database_wfrma, $wfrma);
$query_rsUsers = sprintf("SELECT user_id, first_name, last_name, username, email FROM users WHERE user_id = %s", GetSQLValueString($colname_rsUsers, "int"));
$rsUsers = mysql_query($query_rsUsers, $wfrma) or die(mysql_error());
$row_rsUsers = mysql_fetch_assoc($rsUsers);
$totalRows_rsUsers = mysql_num_rows($rsUsers);

$colname_rsDirectory = "-1";
if (isset($_GET['directory_id'])) {
  $colname_rsDirectory = (get_magic_quotes_gpc()) ? $_GET['directory_id'] : addslashes($_GET['directory_id']);
}
mysql_select_db($database_wfrma, $wfrma);
$query_rsDirectory = sprintf("SELECT * FROM directory WHERE directory_id = %s", GetSQLValueString($colname_rsDirectory, "int"));
$rsDirectory = mysql_query($query_rsDirectory, $wfrma) or die(mysql_error());
$row_rsDirectory = mysql_fetch_assoc($rsDirectory);
$totalRows_rsDirectory = mysql_num_rows($rsDirectory);

$colname_rsAdmin = "-1";
if (isset($_GET['admin_id'])) {
  $colname_rsAdmin = (get_magic_quotes_gpc()) ? $_GET['admin_id'] : addslashes($_GET['admin_id']);
}
mysql_select_db($database_wfrma, $wfrma);
$query_rsAdmin = sprintf("SELECT * FROM `admin` WHERE admin_id = %s", GetSQLValueString($colname_rsAdmin, "int"));
$rsAdmin = mysql_query($query_rsAdmin, $wfrma) or die(mysql_error());
$row_rsAdmin = mysql_fetch_assoc($rsAdmin);
$totalRows_rsAdmin = mysql_num_rows($rsAdmin);

$colname_rsRegister = "-1";
if (isset($_GET['register_id'])) {
  $colname_rsRegister = (get_magic_quotes_gpc()) ? $_GET['register_id'] : addslashes($_GET['register_id']);
}
mysql_select_db($database_wfrma, $wfrma);
$query_rsRegister = sprintf("SELECT * FROM register WHERE register_id = %s", GetSQLValueString($colname_rsRegister, "int"));
$rsRegister = mysql_query($query_rsRegister, $wfrma) or die(mysql_error());
$row_rsRegister = mysql_fetch_assoc($rsRegister);
$totalRows_rsRegister = mysql_num_rows($rsRegister);

if (isset($_POST['password']) && empty($_POST['password'])) {
$_POST['password'] = $row_getUser['password'];
} else {
$_POST['password'] = sha1($_POST['password']);
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE users SET first_name=%s, last_name=%s, username=%s, password=%s, email=%s WHERE user_id=%s",
                       GetSQLValueString($_POST['first_name'], "text"),
                       GetSQLValueString($_POST['surname'], "text"),
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['user_id'], "int"));

  mysql_select_db($database_wfrma, $wfrma);
  $Result1 = mysql_query($updateSQL, $wfrma) or die(mysql_error());

  $updateGoTo = "update.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE directory SET first_name=%s, last_name=%s, `position`=%s, affiliation=%s, phone=%s, other_phone=%s, street=%s, city=%s, `state`=%s, zip=%s, country=%s, expertise=%s, web_site=%s, email=%s, email2=%s WHERE directory_id=%s",
                       GetSQLValueString($_POST['first_name'], "text"),
                       GetSQLValueString($_POST['last_name'], "text"),
                       GetSQLValueString($_POST['position'], "text"),
                       GetSQLValueString($_POST['affiliation'], "text"),
                       GetSQLValueString($_POST['phone'], "text"),
                       GetSQLValueString($_POST['other_phone'], "text"),
                       GetSQLValueString($_POST['street'], "text"),
                       GetSQLValueString($_POST['city'], "text"),
                       GetSQLValueString($_POST['state'], "text"),
                       GetSQLValueString($_POST['zip'], "text"),
                       GetSQLValueString($_POST['country'], "text"),
                       GetSQLValueString($_POST['expertise'], "text"),
                       GetSQLValueString($_POST['web_site'], "text"),
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['email2'], "text"),
                       GetSQLValueString($_POST['directory_id'], "int"));

  mysql_select_db($database_wfrma, $wfrma);
  $Result1 = mysql_query($updateSQL, $wfrma) or die(mysql_error());

  $updateGoTo = "update.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE ``admin`` SET username=%s, password=%s WHERE admin_id=%s",
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['admin_id'], "int"));

  mysql_select_db($database_wfrma, $wfrma);
  $Result1 = mysql_query($updateSQL, $wfrma) or die(mysql_error());

  $updateGoTo = "update.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE register SET username=%s, password=%s WHERE register_id=%s",
                       GetSQLValueString($_POST['username'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['register_id'], "int"));

  mysql_select_db($database_wfrma, $wfrma);
  $Result1 = mysql_query($updateSQL, $wfrma) or die(mysql_error());

  $updateGoTo = "update.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}
?>
<?php include('../includes/title.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/admin.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<title>Wild Felid Association
<?php if (isset($title)) {echo "&#8212;{$title}";} ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="Wild Felid Research & Management Association is an organization of dedicated scientists, managers, educators, and others concerned with proper management and conservation of native wild cats in the Western Hemisphere">
<meta name="keywords" content="andean mountain cats, animals, animal education, bobcats, canada lynx, canadian lynx, carnivores, cats, conferences, conservation, conservation education, cougars, directory, education, felid, felidae, felids, felinae, florida panthers, forums, geoffrey's cats, information, jaguars, jaguarundis, kodkods, lynx, lynxes, management, margays, mountain lions, news, newsletters, nonprofits, non-profits, non profits, ocelots, oncillas, pampas cats, pumas, research, researchers, scholarships, western hemisphere, wfa, wild, wildcats, wild cats, wild felid association, wild felid education, wild felid management, wild felid research">
<link href="../p7iq/p7iqGlobal_basic.css" rel="stylesheet" type="text/css" />
<link href="../p7iq/p7iq18.css" rel="stylesheet" type="text/css" />
<!--[if lte IE 7]>
<style>
#masthead, #columnwrapper, #tnav, #columns-bottom {zoom:1;}
</style>
<![endif]-->
<script type="text/javascript" src="../p7pmm/p7PMMscripts.js"></script>
<link href="../p7iq/text-regular.css" rel="stylesheet" type="text/css" title="Medium Text" />
<!--<link href="../p7iq/text-large.css" rel="alternate stylesheet" type="text/css" title="Larger Text" />
<link href="../p7iq/text-largest.css" rel="alternate stylesheet" type="text/css" title="Largest Text" />-->
<!--<script type="text/javascript" src="../scripts/styleswitcher.js"></script>-->
<!-- InstanceBeginEditable name="head" -->
<script src="../SpryAssets/SpryTabbedPanels.js" type="text/javascript"></script>
<link href="../p7pmm/p7PMMv09.css" rel="stylesheet" type="text/css" media="all" />
<link href="../SpryAssets/SpryTabbedPanels.css" rel="stylesheet" type="text/css" />
<!-- InstanceEndEditable -->
<link href="../p7pmm/p7PMMh17.css" rel="stylesheet" type="text/css" media="all" />
</head>

<body>
<div id="masthead">
<div id="tabs">
    <ul>
      <li><a href="../membership.php#donate">donate</a></li>
      <li><a href="../membership.php">join</a></li>
      <li><a href="../login.php">sign in</a></li>
    </ul>
  </div>
  <div id="logo"><img src="../p7iq/img/p7iq_logo_s1.jpg" alt="Logo" width="873" height="120" /></div>
</div>
<div id="tnav">
  <div id="tnav-center">
<div id="p7PMM_1" class="p7PMMh17 p7PMMnoscript">
  <ul class="p7PMM">
    <li><a href="../index.php">Home</a></li>
    <li><a href="../about.php">About Us</a>
      <div>
        <ul>
          <li><a href="../about.php">Our Mission</a></li>
          <li><a href="../bylaws.php">WFA Bylaws</a></li>
          <li><a href="../board.php">Board of Directors</a></li>
          <li><a href="../biographies.php">Biographies</a></li>
          <li><a href="../elections.php">Elections</a></li>
        </ul>
      </div>
    </li>
    <li><a href="../membership.php">Membership</a>
      <div>
        <ul>
          <li><a href="../membership.php">Join the WFA</a></li>
          <li><a href="../forum.php">Discussion Forum</a></li>
          <li><a href="../directory.php">Directory (members)</a></li>
        </ul>
      </div>
    </li>
    <li><a href="../news.php">News</a>
      <div>
        <ul>
          <li><a href="../news.php">News Highlights</a></li>
          <li><a href="../monitor.php">Wild Felid Monitor</a>
            <div>
              <ul>
                <li><a href="../monitor.php#aboutWFM">About the WFM</a></li>
                <li><a href="../monitor.php#buy">Buy</a></li>
                <li><a href="../members_only.php">Download (members)</a></li>
              </ul>
            </div>
          </li>
          <li><a href="../conference.php">Conferences & Events</a></li>
        </ul>
      </div>
    </li>
    <li><a href="../legacy.php">WFA Scholarship</a>
    <div>
        <ul>
          <li><a href="../legacy.php#background">Background</a></li>
          <li><a href="../legacy.php#purpose">Purpose</a></li>
          <li><a href="../legacy.php#application">Application</a></li>
        </ul>
      </div>
      </li>
    <li><a href="../links.php">Links</a></li>
    <li><a href="../contactus.php">Contact Us</a></li>
  </ul>
  <div class="p7pmmclearfloat"> </div>
  <!--[if lte IE 6]>
<style>.p7PMMh17 ul ul li {float:left; clear: both; width: 100%;}.p7PMMh17 {text-align: left;}.p7PMMh17, .p7PMMh17 ul ul a {zoom: 1;}</style>
<![endif]-->
  <!--[if IE 5]>
<style>.p7PMMh17, .p7PMMh17 ul ul a {height: 1%; overflow: visible !important;} .p7PMMh17 {width: 100%;}</style>
<![endif]-->
  <!--[if IE 7]>
<style>.p7PMMh17, .p7PMMh17 a{zoom:1;}.p7PMMh17 ul ul li{float:left;clear:both;width:100%;}</style>
<![endif]-->
  <script type="text/javascript">
<!--
P7_PMMop('p7PMM_1',1,3,-10,-10,0,0,0,1,0,3,1,1,0,0,0);
//-->
  </script>
</div>
<div class="clearfloat"> </div>
  </div>
</div>
<!-- InstanceBeginEditable name="pageTitle" -->
<h1 class="topheading">Admin &#8211; EDIT Record</h1>
<!-- InstanceEndEditable -->
<div id="columns-top"> </div>
<div id="columnwrapper">
<div id="c1"><!-- InstanceBeginEditable name="sideContent" -->
  <div class="content">
    <div id="p7PMM_2" class="p7PMMv09 p7PMMnoscript">
      <ul class="p7PMM">
        <li><a href="../Admin/admin.php">Admin Home</a></li>
        <li><a href="../Admin/update.php">Edit/Delete Records</a></li>
        <li><a href="../Admin/add.php">Add Records</a></li>
        <li><a href="<?php echo $logoutAction ?>">Log Out</a></li>
      </ul>
      <!--[if lte IE 7]>
<style>.p7PMMv09, .p7PMMv09 a, .p7PMMv09 ul {height:1%;}.p7PMMv09 li{float:left;clear:both;width:100%;}</style>
<![endif]-->
      <!--[if IE 5.500]>
<style>.p7PMMv09 {position: relative; z-index: 9999999;}</style>
<![endif]-->
      <!--[if IE 5]>
<style>.p7PMMv09 a, .p7PMMv09 ul {height: 1%; overflow: visible !important;}</style>
<![endif]-->
      <script type="text/javascript">
<!--
P7_PMMop('p7PMM_2',0,2,-5,-5,0,0,0,1,0,3,1,1,0,0,0);
//-->
      </script>
    </div>
<p class="moretoppad centered"> </p><div id="google_translate_element"></div><script>
function googleTranslateElementInit() {
  new google.translate.TranslateElement({
    pageLanguage: 'en'
  }, 'google_translate_element');
}
</script><script src="http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script></p>
  <p id="adobe"><img src="../p7iq/img/get_adobe_reader.gif" alt="Image: Click here to get Adobe Reader!" width="112" height="33" /><br /><a href="http://www.adobe.com/products/acrobat/readstep2.html" target="_blank">Adobe Reader (free)</a><br />for viewing <img src="../p7iq/img/pdf.gif" width="26" height="14" alt="PDF icon" /> articles</p>
  </div>
<!-- InstanceEndEditable --></div>
<div id="c2">
<!--<div class="textsize">
     text size
          <a class="normal" href="../p7iq/text-regular.css" onclick="setActiveStyleSheet('Medium Text'); return false;">A</a>
          <a class="big" href="../p7iq/text-large.css" onclick="setActiveStyleSheet('Larger Text'); return false;">A</a>
          <a class="bigger" href="../p7iq/text-largest.css" onclick="setActiveStyleSheet('Largest Text'); return false;">A</a>
</div>-->
<!-- InstanceBeginEditable name="mainContent" -->
  <div class="content">
  <p>As the administrator for the WFA website, you have the ability to edit a registered user's information here, including assigning them a new password. Most times you would NOT need to change user information and you should proceed cautiously doing so because it will affect their ability to continue to successfully log into the site. All changes should be coordinated between you and the user, so they are using the most current login information.</p>
  <p><strong>REMINDER:</strong> Be sure the appropriate tab is open depending on whether you are updating information for registered Users, updating the profile of a member in the online Directory, or modifying the login information sent to members that gives them temporary access to the Registration page on the WFA site.</p>
    <div id="Directory" class="TabbedPanels">
      <ul class="TabbedPanelsTabGroup">
        <li class="TabbedPanelsTab" tabindex="0">Admin</li>
        <li class="TabbedPanelsTab" tabindex="0">Users</li>
        <li class="TabbedPanelsTab" tabindex="0">Directory</li>
        <li class="TabbedPanelsTab" tabindex="0">Register</li>
      </ul>
      <div class="TabbedPanelsContentGroup">
        <div class="TabbedPanelsContent">
          <form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
  <fieldset>
   <p>
      <label for="username">Username:</label>
      <input name="username" type="text" id="username" value="<?php echo $row_rsAdmin['username']; ?>" />
    </p>
    <p>
      <label for="password">Password:</label>
      <input name="password" type="password" id="password" value="<?php echo $row_rsAdmin['password']; ?>" />
      <input name="admin_id" type="hidden" id="admin_id" value="<?php echo $row_rsAdmin['admin_id']; ?>" />
    </p>
    <p>
      <input type="submit" name="update" id="update" value="Update" />
    </p>
    </fieldset>
  <input type="hidden" name="MM_update" value="form1" />
          </form>
        </div>
        
        
        <div class="TabbedPanelsContent">
          <h1>Update Registered User</h1>
          <form action="<?php echo $editFormAction; ?>" id="form1" name="form1" method="POST">
            <fieldset>
             <legend>Leave password blank if no change</legend>
              <p>
                <label for="first_name">First name:</label>
                <input name="first_name" type="text" id="first_name" value="<?php echo $row_rsUsers['first_name']; ?>" size="30" />
              </p>
              <p>
                <label for="surname">Last name:</label>
                <input name="surname" type="text" id="surname" value="<?php echo $row_rsUsers['last_name']; ?>" size="30" />
              </p>
              <p>
                <label for="username">Username:</label>
                <input name="username" type="text" id="username" value="<?php echo $row_rsUsers['username']; ?>" size="30" />
                <input name="user_id" type="hidden" id="user_id" value="<?php echo $row_rsUsers['user_id']; ?>" />
              </p>
              <p>
                <label for="email">Email:</label>
                <input name="email" type="text" id="email" value="<?php echo $row_rsUsers['email']; ?>" size="50" />
              </p>
              <p>
                <label for="password">Password:</label>
                <input name="password" type="password" id="password" size="30" />
              </p>
              <p>
                <label for="conf_password">Confirm password:</label>
                <input name="conf_password" type="password" id="conf_password" size="30" />
              </p>
              <p>
                <input type="submit" name="add_user" id="add_user" value="Update" />
              </p>
            </fieldset>
            <input type="hidden" name="MM_update" value="form1" />
          </form>
        </div>
        
        
        <div class="TabbedPanelsContent">
          <p class="note">Fields marked with an asterisk (<span class="asterisk">*</span>) are required.</p>
          <form id="directory" name="directory" method="POST" action="<?php echo $editFormAction; ?>">
            <fieldset>
              <p>
                <label for="first_name">First name <span class="asterisk">*</span></label>
                <input name="first_name" type="text" id="first_name" value="<?php echo $row_rsDirectory['first_name']; ?>" size="" />
                <input name="directory_id" type="hidden" id="directory_id" value="<?php echo $row_rsDirectory['directory_id']; ?>" />
              </p>
              <p>
                <label for="last_name">Last name <span class="asterisk">*</span></label>
                <input name="last_name" type="text" id="last_name" value="<?php echo $row_rsDirectory['last_name']; ?>" size="" />
              </p>
              <p>
                <label for="position">Position <span class="asterisk">*</span></label>
                <input name="position" type="text" id="position" value="<?php echo $row_rsDirectory['position']; ?>" size="" />
              </p>
              <p>
                <label for="affiliation">Affiliation <span class="asterisk">*</span></label>
                <input name="affiliation" type="text" id="affiliation" value="<?php echo $row_rsDirectory['affiliation']; ?>" size="" />
              </p>
              <p>
                <label for="phone">Phone <span class="asterisk">*</span></label>
                <input name="phone" type="text" id="phone" value="<?php echo $row_rsDirectory['phone']; ?>" />
              </p>
              <p>
                <label for="other_phone">Other phone</label>
                <input name="other_phone" type="text" id="other_phone" value="<?php echo $row_rsDirectory['other_phone']; ?>" />
              </p>
              <p>
                <label for="street">Street <span class="asterisk">*</span></label>
                <input name="street" type="text" id="street" value="<?php echo $row_rsDirectory['street']; ?>" size="" />
              </p>
              <p>
                <label for="city">City <span class="asterisk">*</span></label>
                <input name="city" type="text" id="city" value="<?php echo $row_rsDirectory['city']; ?>" size="" />
              </p>
              <p>
                <label for="state">State/Province <span class="asterisk">*</span></label>
                <input name="state" type="text" id="state" value="<?php echo $row_rsDirectory['state']; ?>" />
              </p>
              <p>
                <label for="zip">Zip code <span class="asterisk">*</span></label>
                <input name="zip" type="text" id="zip" value="<?php echo $row_rsDirectory['zip']; ?>" />
              </p>
              <p>
                <label for="country">Country <span class="asterisk">*</span></label>
                <input name="country" type="text" id="country" value="<?php echo $row_rsDirectory['country']; ?>" />
              </p>
              <p>
                <label for="expertise">Expertise / Interests <span class="asterisk">*</span></label>
                <textarea name="expertise" cols="45" rows="5" id="expertise"><?php echo $row_rsDirectory['expertise']; ?></textarea>
              </p>
              <p>
                <label for="web_site">Web site</label>
                <input name="web_site" type="text" id="web_site" value="<?php echo $row_rsDirectory['web_site']; ?>" size="" />
              </p>
              <p>
                <label for="email">Email <span class="asterisk">*</span></label>
                <input name="email" type="text" id="email" value="<?php echo $row_rsDirectory['email']; ?>" size="" />
              </p>
              <p>
                <label for="email2">Other email</label>
                <input name="email2" type="text" id="email2" value="<?php echo $row_rsDirectory['email2']; ?>" size="" />
              </p>
              <p>
                <input type="submit" name="edit_user" id="edit_user" value="Update profile" />
              </p>
            </fieldset>
            <input type="hidden" name="MM_update" value="form1" />
          </form>
        </div>
        
        
        <div class="TabbedPanelsContent">
<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
  <fieldset>
     <p>
      <label for="username">Username:</label>
      <input name="username" type="text" id="username" value="<?php echo $row_rsRegister['username']; ?>" />
      <input name="register_id" type="hidden" id="register_id" value="<?php echo $row_rsRegister['register_id']; ?>" />
     </p>
    <p>
      <label for="password">Password:</label>
      <input name="password" type="password" id="password" value="<?php echo $row_rsRegister['password']; ?>" />
    </p>
    <p>
      <input type="submit" name="update" id="update" value="Update" />
    </p>
  </fieldset>
  <input type="hidden" name="MM_insert" value="form1" />
</form></div>


      </div>
    </div>
  </div>
  <script type="text/javascript">
var TabbedPanels1 = new Spry.Widget.TabbedPanels("Directory");
  </script>
<!-- InstanceEndEditable --></div>

</div>
<div id="columns-bottom"> </div>
<?php include('../includes/footer.inc.php'); ?>
</body>
<!-- InstanceEnd --></html>
<?php
mysql_free_result($rsUsers);

mysql_free_result($rsDirectory);

mysql_free_result($rsAdmin);

mysql_free_result($rsRegister);
?>

On a separate glitch if OK to also bring up in the interests of (my) time, updates to the register database (rsRegister) via the code above aren't working at all on the page and I can't seem to isolate the problem. Any help is greatly appreciated on one or both items.

Peter

Report · Dec 11, 2010

The script is doing exactly what you are telling it to do. By having the user leave the password blank, it is updating the database with the "blank" passsword.

In the form field containting the password field, put the password in as the default value from the database. You can do that by clicking on the form field and then selecting on dynamic. From there select the field that contains your password. From there make sure to mark the form field as a password so the password is hidden. You may also want to make a verify password form field as well with the same default value. That way when the user changes the password they have to change it on both.

If you have dreamweaver cs3 or cs4 or cs5 you can use the spry form validation and have it compare two form fields to make sure they match. If they dont match it wont let the user complete the form.

If you have an older version of dreamweaver you can download and use the yaromat form validation extension. It is a free extension.

Report · Dec 11, 2010

Great help, thank you!