lundi 25 mai 2015

If statement always validating as true? [on hold]

I've got a problem with the following code. For some reason, an if statement seems to validate as true even though it is not true. I've added a note in the code as to where the problem is.

Not sure why this is happening.

EDIT: So to respond to some comments. UserID is being assigned in the Global Variables include file and the note is shown as a comment in the code.

<?php

session_start(); 

 if (!isset($_SESSION['userID'])) {   
  header('Location: /teamcentre2/');
  exit;
 }

//##################INITIALISE DATABASE#################
    include('../../includes/database.inc');

//##################GLOBAL VARIABLES################# 
    include('../../includes/global.inc');

//########### CHECK IF CURRENT USER IS SUBMITTING THE FORM #########

if($_POST["userID"] != $userID){
  header('Location: /teamcentre2/');
  exit;
}

//################## GET CURRENT USER #########
$query = $db->prepare('SELECT * FROM users WHERE users_ID = :id');

$query->bindParam(':id', $_SESSION['userID']);
$query->execute();
$result = $query->fetch(PDO::FETCH_ASSOC); 


//########### INITIALISE SCRIPT VARIABLES #########
$currentPWDB = $result['users_Password'];
$currentPW = md5($_POST["currentPassword"]);
$newPW = md5($_POST["newPassword"]);
$newPWCheck = md5($_POST["newPasswordVerify"]);

//########### FORM CHECKS #########

if($currentPW = "" and $newPW = "" and $newPWCheck = "") {
  header('Location: /teamcentre2/change-password?err=noneentered');
  exit;
}
elseif($currentPW = "" and $newPW = "") {
  header('Location: /teamcentre2/change-password?err=emptycurrentpwnewpw');
  exit;
}
elseif($currentPW = "" and $newPWCheck = "") {
  header('Location: /teamcentre2/change-password?err=emptycurrentpwnewpwcheck');
  exit;
}
elseif($newPW = "" and $newPWCheck = "") {
  header('Location: /teamcentre2/change-password?err=emptynewpwnewpwcheck');
  exit;
}
elseif($currentPW = "") {
  header('Location: /teamcentre2/change-password?err=emptycpwd');
  exit;
}
elseif($newPW = "") {
  header('Location: /teamcentre2/change-password?err=emptynewpwd');
  exit;
}
elseif($newPWCheck = "") {
  header('Location: /teamcentre2/change-password?err=emptynewpwdcheck');
  exit;
}
// THE NEXT LINE VALIDATES AS TRUE EVEN THOUGH IT ISNT (CURRENTPW = CURRENTPWDB)
elseif($currentPW <> $currentPWDB) {
  header('Location: /teamcentre2/change-password?err=cpwd');
  exit;
}
elseif($newPW <> $newPWCheck){
  header('Location: /teamcentre2/change-password?err=npwd');
  exit;
}

//########### CHANGE USER PASSWORD #########

  $query = $db->prepare('UPDATE users SET users_Password = :newpassDB WHERE users_ID = :id ');
  $query->execute(array(':id' => $_SESSION['userID'], ':newpassDB' => $newPW));

echo "Done";

?>
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)