www.wysiwygwebbuilder.com

Hello,

I have used it in the past but trying to use it again, it fails.

I have a Login form, and depending on the user visiting the first time, I am trying to redirect them to the Edit profile page to force them to change the password.

Here is partial code of the login form, followed by the partial code of editprofile.php, in RED is the section the causes it to fail, why?

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['form_name']) && $_POST['form_name'] == 'loginform')
{
$success_page = './PreviousNewsletters.php';
$error_page = './editprofile.php';
$database = './memberslogin.php';
$crypt_pass = md5($_POST['password']);
$found = false;
$fullname = '';
$session_timeout = 600;
if(filesize($database) > 0)
{
$items = file($database, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach($items as $line)
{
list($username, $password, $email, $name, $active) = explode('|', trim($line));
if ($username == $_POST['username'] && $active != "0" && $password == $crypt_pass)
{
$found = true;
$fullname = $name;
}
}
}

And here below is the editprofile.php - it fails on this : if (!isset($_SESSION['username'])) - as if it doesn't know about the variable username.
I tried even adding at the top of the page : <?php echo $username; ?>, that didn't help me either...

<?php
if (session_id() == "")
{
session_start();
}
if (!isset($_SESSION['username']))
{
$accessdenied_page = './denied.html';
header('Location: '.$accessdenied_page);
exit;
}

Note that $_SESSION['username'] is only valid when the user has successfully logged in.

OK, I want to force the user to change the password
So - if I direct hem to a Failed page, if I try to call in that page through a button click the Edit Profile form
When I try editing the details of that user - it tells me that a username is already in the database, so how can I edit that user?

There is no standard solution for this functionality, you will need to modify the script yourself.
Unfortunately I cannot help you with programming because for me it may also take several hours to implement this.

Hello again,

I followed your hint and redirected the user in the first visit after successfully logging in with initial password.
I redirected him to the Edit profile page and that works fine now, but when clicking the "Save" the form shows an error - username already exists, but it saves the changes I made successfully - it seems a contradiction here?

Maybe you have edited the code of 'Edit Profile' and made a mistake?
When implementing advanced functionality like this it is important to fully understand how the code works. Even the smallest modification can have a major effect on the behavior of the script.

Hello,

I have two forms, login.php and editprofile.php.
When I use them out of the box, all works just fine, but - I want to force the user on their first visit to change the initial password I have assigned to them.

So, on onClick of the button in login form, I call a JS function (see listing below). It follows the function and brings up a pop-up message telling the user to change his details, but instead of redirecting him to the editprofile.php page it brings up the failed screen

Why? you can see it at : http://www.semac.org.au/login.php - use 61178 for both input fields

<script type="text/javascript">
function checkPassword()
{
if (loginform.username.value != loginform.password.value)
{
window.location.href='http://www.semac.org.au/PreviousNewsletters.php';
}
else
{
if (loginform.username.value == loginform.password.value)
{
alert('The Password you used is just for first time visitors\rPlease change it and fill in the other details.\r Once you Submit changes - Log in again');
window.location.href='http://www.semac.org.au/editprofile.php';
}
}
}
</script>

use 61178 for both input fields

do not work we have a wrong password message on a denied page.

Hello,

Sorted it out - the following is how I changed the PHP code and it works fine

Thanks for trying to help me

if (md5($_POST['username']) == $crypt_pass)
{
header('Location: '.$editpage);
exit;
}
else
{
header('Location: '.$success_page);
exit;
}