Reputation: 120
Hello and thank you for your time.
Regardless of the amount of research I do, I cannot find an already-discussed solution to this problem.
The problem is that the submit button automatically redirects, seemingly without posting the form. It worked until I converted from MySQL functions to MySQLi. Everything else is working but this part of the website.
HTML form (myaccount.inc.php):
<div id="change-password">
<form class="clearfix" action="" method="post">
<div><span class="he1">Change Password</span></div>
<div>
<?php include_once 'controllers/accountController.php'; ?>
</div>
<div><label class="fieldlabel" for="password">Current Password:</label></div>
<input type="password" name="password" id="password" size="23" /><br />
<div><label class="fieldlabel" for="passwordnew1">New Password:</label></div>
<input type="password" name="passwordnew1" id="passwordnew1" size="23" /><br />
<div><label class="fieldlabel" for="passwordnew2">Confirm New Password:</label></div>
<input type="password" name="passwordnew2" id="passwordnew2" size="23" /><br />
<input type="submit" name="submit" value="Change Password" class="bt_changepass" />
</form>
</div>
This form is then, for lack of a better term, controlled by some PHP.
PHP (accountController.php):
// Checking whether the Password Change form has been submitted.
if(isset($_POST['submit'])=='Change Password')
{
echo "<br />";
// Get the data from the database.
$sql = $mysqli->query("SELECT * FROM ss_members WHERE usr = '".$_SESSION['usr']."' AND pass = '".md5($_POST['password'])."'");
$row = $sql->fetch_assoc();
// Will hold our errors
$err = array();
if($_POST['password'] == "" || $_POST['passwordnew1'] == "" || $_POST['passwordnew2'] == "")
{
$err[] = 'All the fields must be filled in!';
}
if(!$row['pass'] == md5($_POST['password']) && $_POST['passwordnew1'] != "" && $_POST['passwordnew2'] != "")
{
$err[] = 'Current password is not correct!';
}
if($_POST['passwordnew1'] <> $_POST['passwordnew2'])
{
$err[] = 'New passwords do not match!';
}
if(!count($err))
{
if($row['usr'])
{
// If everything is OK change password.
$stmt = $mysqli->prepare("UPDATE ss_members SET pass = md5(?) WHERE usr = {$_SESSION['usr']}");
$stmt->bind_param('s', $_POST['passwordnew1']);
$stmt->execute();
$stmt->close();
echo "Password has been sucessfully updated!<br />";
}
else
{
$err[]='Something broke!';
}
}
if($err)
{
// Save the error messages in the session.
foreach($err as $error)
{
echo $error . "<br />";
}
}
echo "<br />";
}
Upvotes: 0
Views: 231
Reputation: 328
mysqli is a class, and the it's function query is not static so there, you must declare an instance of the mysqli class before you can use $mysqli->query
.
You should put
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'my_db');
before
$sql = $mysqli->query("SELECT * FROM ss_members WHERE usr = '".$_SESSION['usr']."' AND pass = '".md5($_POST['password'])."'");
Upvotes: 1
Reputation: 30488
change your action
to this,because accountController.php
is present inside controllers
folder.
<form class="clearfix" action="controllers/accountController.php" method="post">
Upvotes: 1
Reputation:
The problem is you are including the
<?php include_once 'controllers/accountController.php'; ?>
after the headers have been sent.
You can either move the
<?php include_once 'controllers/accountController.php'; ?>
to the top of the page, inside the handler part, or you can submit the form to
controllers/accountController.php
using
<form class="clearfix" action="controllers/accountController.php" method="post">
Upvotes: 1
Reputation: 32820
Try this :
Give form action to accountController.php
<form class="clearfix" action="accountController.php" method="post">
Upvotes: 1
Reputation: 167250
There is no action
set in your <form>
tag and it is sending the data to the same file. i.e., myaccount.inc.php
.
Change it to:
<form class="clearfix" action="accountController.php" method="post">
Upvotes: 4