This morning I tried:
if ('290662176e3fece19eba2b3c1a032ee3' != '290662176e3fece19eba2b3c1a032ee3')
And this worked as expected. I did wonder if the problem was due to the single quotes, however removing them with the above example generates a blank page with an error, unlike when using the variables and then my own error is displayed as it should, NOT equal, when they are.
Below is the page in question:
if (isset($_POST['new_pass_submit']))
{
// if any blank then send alert redirect
if ($_POST['current_password'] == '' || $_POST['new_passw'] == '' || $_POST['new_passw2'] == '')
{
if ($_POST['current_password'] = ''){$Temp->set_data('error_current_pass', 'isrequired');}
if ($_POST['new_passw'] == ''){$Temp->set_data('error_new_passw', 'isrequired');}
if ($_POST['new_passw2'] == ''){$Temp->set_data('error_new_passw2', 'isrequired');}
$Temp->set_alert('Please fill in all required fields', 'app_error');
// set data so any fields filled in are displayed, clean first!
$Temp->set_data('log_current_pass', $_POST['current_password'], TRUE);
$Temp->set_data('log_new_passw', $_POST['new_passw'], TRUE);
$Temp->set_data('log_new_passw2', $_POST['new_passw2'], TRUE);
// load view and exit
$Temp->load('app/views/v_change_pass.php', 'Change Password');
exit();
}
if ($_POST['current_password'] != '' || $_POST['new_passw'] != '' || $_POST['new_passw2'] != '')
// check all fields are between 8 and 20 chars, if not set alert
{
/*// set data so any fields filled in are displayed, clean first!
$Temp->set_data('log_current_pass', $_POST['current_password'], TRUE);
$Temp->set_data('log_new_passw', $_POST['new_passw'], TRUE);
$Temp->set_data('log_new_passw2', $_POST['new_passw2'], TRUE);*/
if (strlen($_POST['current_password']) < 8 || strlen($_POST['current_password']) > 20)
{
$Temp->set_data('error_current_pass', 'isrequired');
// set alert load view and exit
$Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error');
$Temp->load('app/views/v_change_pass.php', 'Change Password');
exit();
}
if (strlen($_POST['new_passw']) < 8 || strlen($_POST['new_passw']) > 20)
{
$Temp->set_data('error_new_passw', 'isrequired');
// set alert load view and exit
$Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error');
$Temp->load('app/views/v_change_pass.php', 'Change Password');
exit();
}
if (strlen($_POST['new_passw2']) < 8 || strlen($_POST['new_passw2']) > 20)
{
$Temp->set_data('error_new_passw2', 'isrequired');
// set alert load view and exit
$Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error');
$Temp->load('app/views/v_change_pass.php', 'Change Password');
exit();
}
}
// if passwords dont match - (new and confirmed new)
if ($_POST['new_passw'] !== $_POST['new_passw2'])
{
// set errors and alert
$Temp->set_data('error_new_passw', 'isrequired');
$Temp->set_data('error_new_passw2', 'isrequired');
$Temp->set_alert('New Password fields do not match!', 'app_error');
// redirect back
$Temp->load('app/views/v_change_pass.php', 'Change Password');
exit();
}
else
{
// else everything ok so first check pass in db matches with current pass
// so only user can change pass
// i did start with a method in the if()which was passed the md5 of post current pass and the user id ,
/* function check_current_passw($id, $cp)
{
$dbp = $this->get_current_passw($id);
if ($dbp != $cp)
{
do stuff;
}
}
*/
// this method used $Acc->get_current_pass() to get pass from database using the id
// this is when problem started, I originally thought that method held the problem so I removed it and added whats below
$cp = md5($_POST['current_password'].'1may2013'); //salt added directly - change later
$db_cp = $Acc->get_current_passw($_SESSION['the_id']);
if ($cp != $db_cp)
{
// error , passes dont match
// set alert, error class, and redirect
$Temp->set_data('error_current_pass', 'isrequired');
$Temp->set_alert('Current password is incorrect!<br/>'.$cp.'<br/>'.$db_cp.'', 'app_error');
$Temp->load('app/views/v_change_pass.php', 'Change Password');
}
else
// passwords match, change password
{
$Temp->set_data('clean_new_pass', md5($_POST['new_passw'].'1may2013'), TRUE);
if($Acc->enter_new_pw($Temp->get_data('clean_new_pass',FALSE), $_SESSION['the_id']))
{
//if value changed successfully alert redirect
$Temp->set_alert('Password has been changed!');
// clear values
//$Temp->set_data('clean_new_pass') = '';
$Temp->load('app/views/v_temp_success.php', 'Change Password');
}
else
{
$Temp->set_data('error_current_pass', 'isrequired');
$Temp->set_alert('Could not update password! Please try later');
$Temp->load('app/views/v_change_pass.php', 'Change Password');
}
}
}
}
else
{
// form not submitted load form view
$Temp->load('app/views/v_change_pass.php', 'Change Password');
}
This could probably be done a lot better, however I am still learning and this is for a college assignment so please excuse me.