Skip to content
Advertisement

Edit user in DB change password only if password is changed. What I am missing here?

I am using PHP 8.x and an admin control panel, what I want to achieve is if I want to edit user1 and “Password” and “Confirm Password” fields are empty “password” row in DB should not be changed.

Bellow is the current PHP code that I am using but if “Password” and “Confirm Password” fields are empty row “password” in DB will be changed to “0” EMPTY and user would be able to login with an EMPTY password on login form.

code here:

if (isset($_POST['submit']))
{
    extract($_POST);
    if ($username == '')
    {
        $error[] = 'Please enter the username.';
    }
    if (strlen($password) > 0)
    {
        if ($password == '')
        {
            $error[] = 'Please enter the password.';
        }
        if (strlen($password) < 6)
        {
            $error[] = 'Please use a password that is at least 6 characters long';
        }
        if ($passwordConfirm == '')
        {
            $error[] = 'Please confirm the password.';
        }
        if ($password != $passwordConfirm)
        {
            $error[] = 'Passwords do not match.';
        }
    }
    if ($email == '')
    {
        $error[] = 'Please enter the email address.';
    }
    if ($role == '')
    {
        $error[] = 'Please confirm the roles.';
    }
    if (!isset($error))
    {
        try
        {
            if (isset($password))
            {
                $hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
                //update into database
                if ($role == 'admin' || $role == 'manager') $private = 'yes';
                if ($role == 'user') $private = 'No';
                $stmt = $db->prepare('UPDATE web_users SET username = :username, password = :password, email = :email, role = :role, private = :private WHERE memberID = :memberID');
                $stmt->execute(array(
                    ':username' => $username,
                    ':password' => $hashedpassword,
                    ':email' => $email,
                    ':role' => $role,
                    ':private' => $private,
                    ':memberID' => $memberID
                ));
            }
            else
            {
                //update database
                if ($role == 'admin' || $role == 'manager') $private = 'yes';
                if ($role == 'user') $private = 'No';
                $stmt = $db->prepare('UPDATE web_users SET username = :username, email = :email, role = :role, private = :private WHERE memberID = :memberID');
                $stmt->execute(array(
                    ':username' => $username,
                    ':email' => $email,
                    ':role' => $role,
                    ':private' => $private,
                    ':memberID' => $memberID
                ));
            }
            //redirect to index page
            header('Location: users.php?action=updated');
            exit;
        }
        catch(PDOException $e)
        {
            echo $e->getMessage();
        }
    }
}
?>

Advertisement

Answer

Instead of doing

if(isset($password)){
 
    /// logic 

}

do this:

if(!empty($password)){
     
    /// logic

}
User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement