Page 1 of 1

Password Changing Problem

Posted: Wed Nov 25, 2009 12:59 pm
by rbhoumik
Can anyone please rectify the password change script for me?
There are 3 columns in the table 'admin'...'id','user_name' and 'password'



My login page script is as follows:-

Code: Select all

 
ob_start();
session_start();
include_once('includes/config.php');
include_once('includes/functions.php');
$sports=isset($_POST['sports'])?$_POST['sports']:"";
if(isset($_SESSION['member_id']) && $_SESSION['member_id']!='')
{
    header('Location: home.php');
    exit();
}
if(isset($_POST['in_login_uid']))
{
    $sql="select * from   admin where user_name='".$_POST['in_login_uid']."'"; 
    $record=mysql_query($sql) or die(mysql_error());
    if(mysql_num_rows($record)==0)
    {
        $_SESSION['msg']=message("Access denied. Incorrect login or password!",2);
    }
    else
    {
        
        $row=mysql_fetch_object($record);
        if($row->password==$_POST['in_login_password'])
        {
        
            
            $_SESSION['username']=$row->admin_id;
            $_SESSION['logged_in']="ABCD";          
            $_SESSION['msg']="";
            
            header('Location: home.php');
            exit();
        }
        else
        {
        $_SESSION['msg']=message("Access denied. Incorrect login or password!",2);
        header('Location: login.php');
        exit();
        }
        
    }
    header('Location: login.php');
    exit();
}
 
 




And my password change script is as follows

Code: Select all

 
ob_start();
include('includes/session.php');
require_once 'includes/config.php';
if(isset($_REQUEST['submit'])){
$in_login_uid=$_SESSION['in_login_uid'];
$password=$_REQUEST['in_login_password'];
$password1=$_REQUEST['password1'];
$password2=$_REQUEST['password2'];
$sql_query="SELECT * from admin WHERE 
        user_name='$in_login_uid' AND password='password'";
$result=mysql_query($sql_query);
$row=mysql_fetch_array($result);
if($row['in_login_uid']!=''){
$sql="UPDATE admin SET
        password='$password2' WHERE user_name='$in_login_uid'";
$result=mysql_query($sql);
header("location:chngpass.php?msg=Your password has been successfully changed");
}
else{
header("location:chngpass.php?msg=Wrong old password");
 }
}
 




Please help as I am in deep waters

Re: Password Changing Problem

Posted: Wed Nov 25, 2009 2:49 pm
by superdezign
Too hard to read. Use

Code: Select all

tags to make your code easier to read.

Re: Password Changing Problem

Posted: Fri Nov 27, 2009 10:30 pm
by rbhoumik
I have also tried this but it doesn't work

Code: Select all

 
 
include("includes/session.php");
if(isset($_REQUEST['submit'])){
$select="SELECT * FROM `admin` WHERE `user_name`='$_SESSION[username]' AND `password`='$_SESSION[password]'";
$query=mysql_query($select);
$num=mysql_num_rows($query);
$row=mysql_fetch_array($query);
if($num)
{
    if($row[password]==$_POST[password])
    {
        $update="UPDATE `admin` SET `password`='$_POST[password1]' WHERE `user_name`='$_SESSION[username]'AND `password`='$_SESSION[password]'";
        mysql_query($update);
        header("location:chngpass.php?msg=Sucessful");
    }
    else
    {
        header("location:chngpass.php?msg=Not Possible...Wrong Old Password");
    }
}
}
 

Re: Password Changing Problem

Posted: Mon Nov 30, 2009 10:08 am
by superdezign
What does the form look like? What should the values of $_POST['password'] and $_POST['password1'] be? Also, I think you should have a space before the AND in your second query.

Re: Password Changing Problem

Posted: Mon Nov 30, 2009 10:12 am
by jackpf
Echo the queries to see if they are what you expect.

And I don't think the space matters, since it's separated by a quote :)