Home      Products & Services      Contact Us      Links

WebHatchers will design & develop your site for you.

Website Menu Heaven: menus, buttons, etc.

Send us your questions.

site search by freefind

SEO, Google, Privacy
   and Anonymity
Browser Insanity
Popups and Tooltips
Free Website Search
HTML Form Creator
Buttons and Menus
Image Uploading
Website Poll
IM and Texting
   or Not MySQL
Personal Status Boards
Content Management
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs

Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement

Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Edit Profile in Form Creator Form CMS

This script is called edit-profile_.php

The Edit Profile in Form Creator Form CMS script is one of a group of PHP scripts that handle both the administrative and end-user aspects of a general purpose HTML Form Creator that allows not just input boxes but multiple selection enabled select/option lists as well. In addition to the expectable editing scripts for both administrative and end-user functions, there's also a Search and Match script so that users can use the scripts to find other users with various individual or group commonalities, including proximity searches, i.e., find all the users within various distances. There are even private messaging scripts.

The purpose of this script is to provide a way in which the user can edit his user profile.

First, we start up a session (in the checkid_.php script) and include the config.php script to ensure that our connection to our database is made correctly. This file has the codes below in it:

$theemailaddress = "yoursite@yoursite.com"; //EDIT ME
$roothostname = "localhost";
$theusername = "yourusername"; //EDIT ME
$thepassword = "yourpassword"; //EDIT ME
$thedatabasename = "yourdb"; //EDIT ME
mysql_connect("".$roothostname."","".$theusername."","".$thepassword."") or die(mysql_error());
mysql_select_db("".$thedatabasename."") or die(mysql_error());

We also use the checkid_.php script to ensure that the session id variable is set, and send the user to register-with-captcha_.php if it is not. Then we put the session variable 'username' into $U—we will be checking that it is set in a second. Then we define a named constant '_NODIRECTACCESS'. We include the config.php file (in the includes folder) which uses the PHP defined() function to check on this constant. If it is not set, we are thrown out of the config.php file like yesterday's trash.

Next we check if the session variables 'groupname', 'username', and 'userid' are set. If not, we are sent to the login script. We make sure $U is still equal to the session variable 'username', that it is not an empty string, and that it's at least 6 characters long or . . . you guessed it . . . the login script. We make sure the session id is set and send them away if not.

In the JavaScript section, the defaultValue properties of the input boxes named groupname and username are the ones in the form when it is first encountered. So the first 2 code blocks look to see if the value has been changed, and if so, the hidden fields groupchange and/or userchange will get changed from 0 to 1. These will be used when the script tries to determine if the groupname and/or username fields in the db already exist or not. Recall that this is an editing script. So the username and/or groupname may get edited. We want the username and/or groupname to already exist in the MySQL database table when we first arrive, but we also want to know what to do with new username and/or groupname input in these input boxes. New input should be allowed—as long as the usernames and/or groupnames entered are not already in use. So if the $gc or $uc variables are 1—since the hidden field values get POSTed when the form is submitted—then if the new usernames and/or groupnames are found in the db table then the user will see "This User Name already exists. Please try again." or "This Group Name already exists. Please try again."

Then the JavaScript search() method is used in a lot of input validation functions which use regular expression searches that limit both the size of the input string and the characters it contains. Note that is input is bad, after the alert message to warn the user, the focus() method is used before the return false so the cursor goes to the element with the goof. Returning false halts the submitting.

We use both JavaScript and PHP validation to filter input from the user since the cardinal rule for user input is: NEVER TRUST IT. If you want to trust it, simply ensure that it will be safe for putting into your MySQL tables as well as displaying on your web pages. By far the best method here is to use the JavaScript for the users' benefit and the PHP for security. If JavaScript is turned off (in which case our scripts won't even work), the PHP validation scripts are your last line of defense to keep things safe. On the other hand, the JavaScript allows the user to get a user-friendly response to unacceptable or wrong input in fields. Rather than making the user restart the form when he goofs, good JavaScript validation scripts use the focus() method to put the cursor back on the field where the goof occured as well as alerting the user to his error. PHP-only validation forces form restart, which is maddening to users.

We use /^[A-Za-z0-9!@#$%^&*()_]{6,20}$/ types of regular expressions to force the data to conform to the needs of the data fields, with the first part showing the acceptable characters and the second part forcing the length—in this case—to be 6 to 20 characters. The email validator we wrote to allow even some of the weirder valid email configurations.

IN the PHP section, the field values from the form are POSTed into PHP variables, including the answer to a captcha which the user supplies. In the first code, the captcha answer is in $A and the answer the captcha script figured out is in the session variable $_SESSION['a__________a']. The captcha-with-sessions.php script is an image creation script and captcha figurer outer all in one. The image is in the page's HTML form. The $_SESSION['a__________a'] variable is a session variable the captcha-with-sessions.php script loads with the correct answer. If the captcha doesn't show up on the page, the user needs to turn off the ad blocker he's got running—then the captcha will show up. Feel free to add these instructions to the form, under the captcha.

So if the user gets the answer wrong, he will be forced to restart the form after seeing "Wrong captcha answer. Please try again.", and it means he cannot do simple arithmetic like substracting a 1-digit number from a 2-digit number. Can anyone say "Duh"? If the username cannot be found, the user gets a message and restarts, UNLESS he is entering a new one, since this is an editing script. The variables and flags involved deal with the complexities of these conditionals, both in the case of the username and the groupname.

The PHP substr function is used to keep the inputted data from going over its alloted size in string length. The strlen function is used to keep the length to an alloted minimum as well.

Here is something to get you to sit up and take notice: the very standard preg_match-using PHP email validator takes standard data but not unusual data, but the regular expression filtration done later allows any character that is technically allowed according to standards we looked up. Of course, this email regular expression filtration will have no effect since the earlier email validator stops unusual characters in their tracks—a regular expression pattern with only \w\- in it allows alphanumerics and "_" and "-" and nothing else. So if they used unusual characters they have to start over—they will never even reach the email regular expression filtration script.

We added this to allow you, dear reader, to decide if you want to include more legal characters or not. The other filtration scripts use preg_replace and dump unacceptable characters, using our strict standards. Note the 6 different regular expression patterns. Which one gets used will depend on which data input is being sanitized.

We also filtered out tags someone may try to sneak in by use of the strip_tags() function. And, of course, since the data will be going into a MySQL database table, we sanitized it even further with the mysql_real_escape_string() function, which escapes all iffy data—also known as special characters—like quotes, etc.

Next we create the random-alphanumeric-character-laden salt. Then we use the salt and the entered password to create the hash. Both salt and hash go into the db. The password does not, so if anyone asks for theirs like in Forgot Password, we simply create a random string, stick it in their membership record password field, and email it to them and say "here's your new password." Few companies allow storing of passwords—it's dumb. As the db is updated, we update their session variables for groupname and username since either or both may have changed.

The }}}}}}}}}}}}}} is because of all the }else{ conditionals used earlier in the script. If the $Entry variable is not 1 but still 0, they haven't submitted the form yet, so we show them the form for entry and submission. On the other hand, if they have submitted it, we send them off to HTML Form Creator—Profile and Account Management, which you will find at the end of the script after the final else conditional. We even send their username in a form, but we needn't have bothered since usernames are grabbed from session variables, not POSTs or GETs. Admittedly, there's a tad bit of overkill here and there in our scripts—just trying to cover all the bases.

The form itself is pretty standard stuff. It has maxlength attributes to keep lengths limited and it uses an onsubmit event to run the JavaScript validator. But the form also uses a captcha. We used the official captcha method in our Personal Status Board (PSB™) scripts, but designed a less cumbersome method for our HTML Form Creator editing scripts.

Take a gander at the captcha code: <IMG SRC="captcha-with-sessions.php" alt='captcha'>. A pretty strange type of image, to be sure! Browsers do NOT mind PHP scripts sitting in for PNG, BMP, GIF, or JPG images, believe it or not. Ad blockers with strong settings may knock the captcha out of the form. But Pop-up Blockers do not molest our captcha since it is NOT a pop-up. So your users were informed about the ad blocker nastiness when they registered—we doubt they will forget. The captcha is a random PNG image created using functions from the GD library, which is in all recent PHP versions. (To use the recommended bundled version of the GD library, which was first bundled in PHP 4.3.0, get your server hosts to use the configure option "--with-gd". Most already do this.)

The captcha image uses the font Holisb__.ttf, which is the Holiday Springs BTN True Type Font (get at MyFonts.com), but you may use other types if you wish. If you find arial.ttf in your C:\WINDOWS\Fonts\ directory on your computer, make sure it is in your folder with your PHP scripts on your server. Holisb__.ttf does a much cooler job, and will be harder for any automatic spambot script to read (and get the right answer for the arithmetic problem). For the captcha script, go to: HTML Form Creator—Captcha Script for Registration and Login.

The script below is called: edit-profile_.php

if (!isset($_SESSION['groupname']) || !isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login_.php";</script>';}

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Edit Profile</TITLE>
<meta name="description" content="Edit Profile">
<meta name="keywords" content="Edit Profile,edit profile,profile,edit,php,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
.k {text-align:right}
.j {position:absolute;top:50px;left:200px;width:600px}
#myform {position:absolute;top:100px;left:50%;margin-left:-225px;width:450px;border:2px solid black;background-color:#8aa;}
#links {position:absolute;top:210px;left:82%;width:222px}
#t {width:410px;padding:9px;margin-top:-25px}
<script language="javascript">

function validatepassword(){

var groupname = document.getElementById("groupname");
if (groupname.value != groupname.defaultValue) {

var username = document.getElementById("username");
if (username.value != username.defaultValue) {

var ck_password = /^[A-Za-z0-9!@#$%^&*()_]{6,20}$/;
if (document.formpw.password.value.search(ck_password)==-1)
{alert("Please enter 6 to 20 letters, numbers and these for password: !@#$%^&*()_");document.formpw.password.focus();return false;}

var ck_username = /^[A-Za-z0-9_]{6,20}$/;
if (document.formpw.username.value.search(ck_username)==-1)
{alert("Please only enter 6 to 20 letters, numbers and underline for user name.");document.formpw.username.focus();return false}

var ck_city = /^[A-Za-z \-]{2,33}$/;
if (document.formpw.city.value.search(ck_city)==-1)
{alert("Please only enter 2 to 33 letters, space, or hyphen for city name.");document.formpw.city.focus();return false}

var ck_state = /^[A-Za-z]{2,2}$/;
if (document.formpw.state.value.search(ck_state)==-1)
{alert("Please select a State.");document.formpw.state.focus();return false}

var ck_zip = /^[0-9]{5,5}$/;
if (document.formpw.zip.value.search(ck_zip)==-1)
{alert("Please only enter 5 number zip code.");document.formpw.zip.focus();return false}

var ck_groupname = /^[A-Za-z0-9_]{6,20}$/;
if (document.formpw.groupname.value.search(ck_groupname)==-1)
{alert("Please only enter 6 to 20 letters, numbers and underline for group name.");document.formpw.groupname.focus();return false}

var ck_email = /^[A-Za-z0-9-_]+(\.[A-Za-z0-9-_]+)*@([A-Za-z0-9-_]+\.)?([A-Za-z0-9-_]+(\.[A-Za-z]{2,6})(\.[A-Za-z]{2})?)$/;
if (document.formpw.email.value.search(ck_email)==-1)
{alert("That email address is not valid.");document.formpw.email.focus();return false}

return true;}





if($Entry==1 && $A<>$_SESSION['a__________a']){$N=1;unset($U);echo '<script language="javascript">alert("Wrong captcha answer. Please try again.");window.location="edit-profile_.php";</script>';

if($Entry==1 && $A==$_SESSION['a__________a']){
$check_user_data = mysql_query("SELECT * FROM my_members WHERE username = '$Uold' LIMIT 1") or die(mysql_error());
if(mysql_num_rows($check_user_data) == 0)
{$N=1;unset($U);echo '<script language="javascript">alert("This User Name does not exist. Please login again.");window.location="login_.php";</script>';

if($Entry==1 && $A==$_SESSION['a__________a']){
$check_user_data = mysql_query("SELECT * FROM my_members WHERE username = '$U' LIMIT 1") or die(mysql_error());
if(mysql_num_rows($check_user_data) > 0 && $uc=='1')
{$N=1;unset($U);echo '<script language="javascript">alert("This User Name already exists. Please try again.");window.location="edit-profile_.php";</script>';

if($Entry==1 && $A==$_SESSION['a__________a']){
$check_user_data = mysql_query("SELECT * FROM my_members WHERE groupname = '$G' LIMIT 1") or die(mysql_error());
if(mysql_num_rows($check_user_data) > 0 && $gc=='1')
{$N=1;unset($U);echo '<script language="javascript">alert("This Group Name already exists. Please try again.");window.location="edit-profile_.php";</script>';


if (strlen($U)<6) {echo '<script language="javascript">alert("Please enter 6 to 20 characters for user name."); window.location = "edit-profile_.php";</script>';
if (strlen($G)<6) {echo '<script language="javascript">alert("Please enter 6 to 20 characters for group name."); window.location = "edit-profile_.php";</script>';
if (strlen($P)<6) {echo '<script language="javascript">alert("Please enter 6 to 20 characters for password."); window.location = "edit-profile_.php";</script>';
if (strlen($C)<2) {echo '<script language="javascript">alert("Please enter 2 to 33 characters for city."); window.location = "edit-profile_.php";</script>';
if (strlen($S)<2 || strlen($S)>2) {echo '<script language="javascript">alert("Please use dropdown list for state."); window.location = "edit-profile_.php";</script>';
if (strlen($Z)<5) {echo '<script language="javascript">alert("Please enter 5 characters for zip code."); window.location = "edit-profile_.php";</script>';
if (strlen($E)<6) {echo '<script language="javascript">alert("Please enter 6 to 65 characters for email address."); window.location = "edit-profile_.php";</script>';
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$E)) {
echo '<script language="javascript">alert("That email address is not valid."); window.location = "edit-profile_.php";</script>';
$pattern1 = '/[^a-zA-Z\\-\\s]/i';
$pattern2 = '/[^a-zA-Z0-9\\.\\,\\!\\;\\-\\_\\*\\@\\=\\+\\$\\/\\&\\[\\]\\#\\?\\047\\:\\(\\)]/i';
$pattern3 = '/[^a-zA-Z0-9\\_]/i';
$pattern4 = '/[^A-Za-z0-9\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\_]/i';
$pattern5 = '/[^0-9]/';
$pattern6 = '/[^A-Z]/';
$replacement = '';
$C=preg_replace($pattern1, $replacement, $C);
$U=preg_replace($pattern3, $replacement, $U);
$E=preg_replace($pattern2, $replacement, $E);
$Z=preg_replace($pattern5, $replacement, $Z);
$P=preg_replace($pattern4, $replacement, $P);
$G=preg_replace($pattern3, $replacement, $G);
$S=preg_replace($pattern6, $replacement, $S);

$D = date("d-m-Y");
$sql="UPDATE my_members SET username='$U', password='$h', groupname='$G', city='$C', state='$S', zip='$Z', email='$E', ip='$I', signup_date='$D', salt='$o' WHERE username='$Uold'";

if($result){$_SESSION['username'] = $U;$_SESSION['groupname'] = $G;
echo '<script language="javascript">alert("Entries were made successfully.");</script>';

echo '<script language="javascript">alert("Entries were NOT made—something went wrong."); window.location="edit-profile_.php";</script>';}


$res = mysql_query("SELECT * FROM my_members WHERE username='$Uold'") or die(mysql_error());
for ($i=0;$i<51;$i++) {if($op[$i]==$s){$si=$i;}}


<center><h1>Edit Profile</h1></center>

<div id='myform'><BR><center><h3>Edit Profile</h3></center><table id='t' border='0' cellspacing=0 cellpadding=2>
<form id='formpw' name="formpw" method="post" action="edit-profile_.php" onsubmit="return validatepassword()">
<tr><td class='k'><label for="User Name"><b>User Name: </b></td><td><input type="text" id="username" name="username" size="20" maxlength="20" value="<?php echo htmlentities(stripslashes($rows['username']), ENT_QUOTES); ?>"></label></td></tr>
<tr><td class='k'><label for="Password"><b>Password: </b></td><td><input type="password" name="password" size="20" maxlength="20" value=""></label>(type new or old)</td></tr>
<tr><td class='k'><label for="Group Name"><b>Group Name: </b></td><td><input type="text" id="groupname" name="groupname" size="20" maxlength="20" value="<?php echo htmlentities(stripslashes($rows['groupname']), ENT_QUOTES); ?>"></label></td></tr>
<tr><td class='k'><label for="City"><b>City: </b></td><td><input type="text" name="city" size="20" maxlength="33" value="<?php echo htmlentities(stripslashes($rows['city']), ENT_QUOTES); ?>"></label></td></tr>
<tr><td class='k'><label for="State"><b>State: </b></td><td>
<select name="state" size='4'>
<option value="AL">Alabama</option>
<option value="AK">Alaska</option>
<option value="AZ">Arizona</option>
<option value="AR">Arkansas</option>
<option value="CA">California</option>
<option value="CO">Colorado</option>
<option value="CT">Connecticut</option>
<option value="DE">Delaware</option>
<option value="DC">District of Columbia</option>
<option value="FL">Florida</option>
<option value="GA">Georgia</option>
<option value="HI">Hawaii</option>
<option value="ID">Idaho</option>
<option value="IL">Illinois</option>
<option value="IN">Indiana</option>
<option value="IA">Iowa</option>
<option value="KS">Kansas</option>
<option value="KY">Kentucky</option>
<option value="LA">Louisiana</option>
<option value="ME">Maine</option>
<option value="MD">Maryland</option>
<option value="MA">Massachusetts</option>
<option value="MI">Michigan</option>
<option value="MN">Minnesota</option>
<option value="MS">Mississippi</option>
<option value="MO">Missouri</option>
<option value="MT">Montana</option>
<option value="NE">Nebraska</option>
<option value="NV">Nevada</option>
<option value="NH">New Hampshire</option>
<option value="NJ">New Jersey</option>
<option value="NM">New Mexico</option>
<option value="NY">New York</option>
<option value="NC">North Carolina</option>
<option value="ND">North Dakota</option>
<option value="OH">Ohio</option>
<option value="OK">Oklahoma</option>
<option value="OR">Oregon</option>
<option value="PA">Pennsylvania</option>
<option value="RI">Rhode Island</option>
<option value="SC">South Carolina</option>
<option value="SD">South Dakota</option>
<option value="TN">Tennessee</option>
<option value="TX">Texas</option>
<option value="UT">Utah</option>
<option value="VT">Vermont</option>
<option value="VA">Virginia</option>
<option value="WA">Washington</option>
<option value="WV">West Virginia</option>
<option value="WI">Wisconsin</option>
<option value="WY">Wyoming</option>
<tr><td class='k'><label for="Zip"><b>Zip: </b></td><td><input type="text" name="zip" size="5" maxlength="5" value="<?php echo htmlentities(stripslashes($rows['zip']), ENT_QUOTES); ?>"></label></td></tr>
<tr><td class='k'><label for="Email"><b>Email: </b></td><td><input type="text" name="email" size="20" maxlength="65" value="<?php echo htmlentities(stripslashes($rows['email']), ENT_QUOTES); ?>"></label></td></tr>
<tr><td class='k'><input type="hidden" name="entry" value="1"><input type="hidden" name="userchange" value="0"><input type="hidden" name="groupchange" value="0">
&nbsp;</td><td><IMG SRC="captcha-with-sessions.php" alt='captcha'>
<tr><td class='k'><label for="Captcha answer"><b>Captcha answer: </b></td><td><input type="text" name="answer" size="20" maxlength="20" value=""></label></td></tr>
<tr><td class='k'>&nbsp;</td><td><BR><input type="submit" value="Submit">
<input type="reset" value="Reset"></td></tr></form></table><BR>
<script language="javascript">
var si = <?php echo json_encode($si); ?>;
document.formpw.state.selectedIndex = si;

<div id='links'><BR>
<a HREF="profile-and-account-management.php">Account Management</a><BR>
<a HREF="login_.php">Login (I've registered)</a><BR>
<a HREF="register-with-captcha_.php">Register</a><BR>
<a HREF="http://www.css-resources.com/">Home</a><BR>
<a href="http://www.css-resources.com/contact.html">Contact us</a><BR>
<a href='forgot-password_.php'>I forgot my password</a><BR>
<a HREF='forgot-user-name_.php'>I forgot my user name</a><BR>



<form name="MyForm" method="POST" action="profile-and-account-management.php">
<input type="hidden" name="username" value=" ">


<script language="javascript">
var u = <?php echo json_encode($U); ?>;