Page 1 of 1
**fixed**help with password change**fixed**
Posted: Sat Apr 03, 2010 3:11 am
by Obadiah
hello devnet, as I told you Ive had to make some new changes to my database and I was trying to use a bit of old coding for a new project...this time im attempting to allow the user to change his password...however for some reason my code is returning a false value and im not quite sure why...can anyone assist me on this?
Code: Select all
$conn = doDB();
$sPassword = hash('md5',$_POST['new_password']);
$sql = "Select user_id, user_pass FROM Users WHERE user_id = '{$_SESSION['logname']}' AND user_pass = '$sPassword'";
$result = mysql_query($sql,$conn) or die(mysql_error());
while ($newArray = mysql_fetch_array($result))
{
$user_pass = $newArray['user_pass'];
$user_id = $newArray['user_id'];
}
$user_name = null;
$nPassword = md5($_POST['new_password']);
if (!is_null($user_name)) {
$sql = "UPDATE Users SET user_pass = '$nPassword' WHERE user_pass = '$sPassword' AND user_id= '{$_SESSION['logname']}'" ;
$result = mysql_query($sql,$conn) or die(mysql_error());
header("Location: changed.php");
exit;
}
else
{
echo"incorrect password matchup please try again";
}
ive echoed all the variables to troubleshoot...and i cant figure it out to save my life
Re: help with password change
Posted: Sat Apr 03, 2010 3:16 am
by requinix
Is it just me or are you using the
new password hash in that first SELECT?
Code: Select all
$sPassword = hash('md5',$_POST['new_password']);
Should that be, like, "old_password" instead?
Re: help with password change
Posted: Sat Apr 03, 2010 7:24 am
by Obadiah
aaah if life in php was that simple for me...it still doesnt like it
Code: Select all
<form action="password_update.php" method="post">
<table border="1" bgcolor="blue" bordercolor="ivory">
<tr>
<td align="center" width="162" style="color:white; font-size:12px;"> Enter Current Password</td>
</tr>
<tr>
<td><input type="password" name="old_password" size="12"></td>
</tr>
</tr>
<td align="center" width="162" style="color:white; font-size:12px;"> Enter New Password</td>
</tr>
<tr>
<td><input type="password" name="new_password" size="12"></td>
</tr>
</table>
<input type="submit" value="submit">
Code: Select all
$conn = doDB();
$sPassword = hash('md5',$_POST['old_password']);
$sql = "Select user_id, user_pass FROM Users WHERE user_id = '{$_SESSION['logname']}' AND user_pass = '$sPassword'";
$result = mysql_query($sql,$conn) or die(mysql_error());
while ($newArray = mysql_fetch_array($result))
{
$user_pass = $newArray['user_pass'];
$user_id = $newArray['user_id'];
}
$user_name = null;
echo"$user_name";
$nPassword = md5($_POST['new_password']);
if (!is_null($user_name)) {
$sql = "UPDATE Users SET user_pass = '$nPassword' WHERE user_pass = '$sPassword' AND user_id= '{$_SESSION['logname']}'" ;
$result = mysql_query($sql,$conn) or die(mysql_error());
header("Location: changed.php");
exit;
}
else
{
echo"incorrect password matchup please try again";
}
it still returns a false value!
Re: help with password change
Posted: Sat Apr 03, 2010 1:14 pm
by requinix
Uh...
Code: Select all
$user_name = null;
if (!is_null($user_name)) {
Re: help with password change
Posted: Sat Apr 03, 2010 4:28 pm
by Obadiah
tasairis wrote:Uh...
Code: Select all
$user_name = null;
if (!is_null($user_name)) {
that user name i was meaning to set to $user_id....which still returns a false value

Re: help with password change
Posted: Sat Apr 03, 2010 6:20 pm
by requinix
Rather than guess and check, how about rewriting the code to something much simpler?
Something such as
Code: Select all
$conn = doDB();
$old = md5($_POST["old_password"]);
$new = md5($_POST["new_password"]);
mysql_query("UPDATE `Users` SET `user_pass` = '{$new}' WHERE `user_id` = '{$_SESSION['logname']}' AND `user_pass` = '{$old}'", $conn);
if (mysql_affected_rows($conn)) {
header("Location: changed.php");
exit;
} else {
echo "incorrect password matchup please try again";
}
And are you sure that the user_id in the session is called "logname"? It suggests to me that the former is a number and the latter is a username.
I assume you're also checking that the new password isn't too short or even empty...
Re: help with password change
Posted: Sat Apr 03, 2010 7:43 pm
by Obadiah
tasairis wrote:Rather than guess and check, how about rewriting the code to something much simpler?
Something such as
Code: Select all
$conn = doDB();
$old = md5($_POST["old_password"]);
$new = md5($_POST["new_password"]);
mysql_query("UPDATE `Users` SET `user_pass` = '{$new}' WHERE `user_id` = '{$_SESSION['logname']}' AND `user_pass` = '{$old}'", $conn);
if (mysql_affected_rows($conn)) {
header("Location: changed.php");
exit;
} else {
echo "incorrect password matchup please try again";
}
And are you sure that the user_id in the session is called "logname"? It suggests to me that the former is a number and the latter is a username.
I assume you're also checking that the new password isn't too short or even empty...
it returns true...however the password remains the same as the old password
Re: help with password change
Posted: Sat Apr 03, 2010 11:03 pm
by Obadiah
i have changed my entire code around...and EVERYTHING works until it gets to the UPDATE...its like something is blocking the code from changing the password...i have no clue as to what could be causing it not to allow updating..what am I missing?
my fields are as follows
Code: Select all
user_id varchar(8) latin1_swedish_ci No None
user_pass char(255) latin1_swedish_ci No None
user_mail varchar(55) latin1_swedish_ci No None
fusername text latin1_swedish_ci No None
user_ext int(4) No None
createDate date No None
Code: Select all
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
function doDB()
{
$conn = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("helpdata",$conn) or die(mysql_error());
return $conn;
}
$user = $_SESSION['logname'];
if ($user)
{
//user is logged in
//echo"$user ";
if ($_POST['submit'])
{
//echo"test ";
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//echo "<br>$oldpassword<br>$newpassword<br>$repeatnewpassword";
//check password against db
//connect to db
$conn = doDB();
$queryget = mysql_query("SELECT user_pass FROM users WHERE user_id='$user'") or die("Query is broken");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['user_pass'];
//check passwords
if($oldpassword==$oldpassworddb)
{
//check 2 new passwords
if ($newpassword==$repeatnewpassword)
{
//success
//change password in database
//echo "<br>success";
//this is where its broken? but why
$querychange=mysql_query("UPDATE users SET password='$newpassword' WHERE user_id='$user'");
session_destroy();
die("Your password has been changed.<a href='index.php'>Return</a>to the login");
}
else
die("New passwords do not match...please try again");
}
else
die("old password doesent match");
}
else
{
echo"
<form action='password_update2.php' method='POST'>
Old password:<input type='text' name='oldpassword'><p>
New password:<input type='password' name='newpassword'><br>
Repeat new password:<input type='password' name='repeatnewpassword'><br>
<input type ='submit' name='submit' value='Change Password'>
";
}
}
else
die("you must be logged in to change your password")
?>
Re: help with password change
Posted: Sat Apr 03, 2010 11:21 pm
by Obadiah

once again devnet....im a dum dum...ive got it working...LOL
