[RESOLVED] !empty problem

Ne_OnZ

Hello, I'm back with another problem that I can't seem to understand. I'm pretty sure that !empty means if something is not empty. But it doesn't seem to work with the way I have it coded out:

$email = $_POST['email'];
$oldpass = md5($_POST['oldpass']);
$password = md5($_POST['pass']);
$password2 = md5($_POST['pass2']);

if($_POST['submit'])
    if(!empty($oldpass) && !empty($password) && !empty($password2)) {
         $sql = "SELECT password FROM users WHERE username = '".$_SESSION['username']."'";
         $res = mysql_query($sql) OR die(mysql_sql());

     while($arpass = mysql_fetch_array($res)) {
         $old = $arpass['password'];
      }

 if($oldpass != $old)
echo "<p style='text-align: center'>Invalid Password!</p>";
}

The problem here is that even when the fields are empty it will say "Invalid Password!", though the 2nd if statement says if they are not empty execute the rest. I had echoed $oldpass and I got an md5 text. Which confused me even more as to why an empty field would get encrypted.

I just don't want it to say "Invalid Password!" if you leave it blank. Any help would be greatly appreciated!

Thank You! 🙂

EDIT: I also tried !isset, but that stops the whole if statement for some reason.

laserlight

Check the incoming variables $POST['email'], ..., $POST['pass2'] with empty, and only then do you assign them.

Ne_OnZ

Did you mean something like this:

if($_POST['submit'])
    if(!empty($_POST['oldpass']) && !empty($_POST['pass']) && !empty($_POST['pass2'])) {

     $oldpass = md5($_POST['oldpass']);
     $password = md5($_POST['pass']);
     $password2 = md5($_POST['pass2']);

If so, that worked to some extent. This is also part of the same if statement:

     if($oldpass == $old && $password == $password2 && strlen($_POST['pass']) >= 8 || strlen($_POST['pass2']) >= 8)
	mysql_query("UPDATE users SET password = '$password' WHERE username = '".$_SESSION['username']."'");
	echo "<p style='text-align: center'>Your password has been changed.</p>";

If you fill out all the fields and make any mistakes on any of the fields, it will still say Your password has been changed. I know this is beyond the topic, but it's annoying :queasy: .

Thank You! 🙂

laserlight

Actually, I had this in mind:

if (isset($_POST['submit'], $_POST['oldpass'], $_POST['pass'], $_POST['pass2'])
        && strlen($_POST['oldpass']) > 0 && strlen($_POST['pass']) > 0
        && strlen($_POST['pass2']) > 0) {
    $oldpass = md5($_POST['oldpass']);
    $password = md5($_POST['pass']);
    $password2 = md5($_POST['pass2']);
    $sql = sprintf("SELECT password FROM users WHERE username = '%s'",
                   mysql_real_escape_string($_SESSION['username']));
    $res = mysql_query($sql) OR die(mysql_error());
    if (mysql_num_rows($res) == 0 || mysql_result($res, 0) != $oldpass) {
        echo "<p style='text-align: center'>Invalid Password!</p>";
    }
    // ...
}

HalfaBee

change the || to &&
|| strlen($_POST['pass2']) >= 8

Ne_OnZ

Thank You! Everything works perfect now!

Cheers! 🙂