PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I tried changing the password and it is not working. It will display that the password got changed successfully but it will not change it in database. Is there any mistake in below code?
<?php
$password=mysql_real_escape_string($_POST['newpassword']);
$password2=mysql_real_escape_string($_POST['confirmnewpassword']);
if ( strlen($password) < 5 or strlen($password) > 12 ){
echo "Password must be more than 5 char legth and maximum 12 char lenght<BR>";
}
if ( $password <> $password2 ){
echo "Both passwords are not matching";
}
if($password == $password2){
if(mysql_query("update users set password='$password' where empid='{$_SESSION['login']}'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password every 2 months for better security</center></font>";
}
else{
echo mysql_error();
}
}
At a glance, the query looks OK. Have you tried echoing the query? If $_SESSION['login'] doesn't contain a value (did you remember session_start()?) then you'll run into problems.
Also, it looks like you're storing passwords in plain text in your database. Don't do this.
You're absolutely right. The session is only outputing a single numeric digit.
Yes, session is started at the start of the page. Below is the code that first starts holding the session. Could you please check if I'm making any error while creating a session? All my user ids are 10 digit numeric code. When I tried echoing the session it only showed one digit and not the ten digit code.
<?php session_start(); ?>
<?php include_once("includes/connections.php"); ?>
<?php include_once("functions/funphp.php"); ?>
<?php
if (isset($_POST['password']) && isset($_POST['login'])) // if the password is set then the form has been submitted on login.php page
{
$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);
$qstr = "SELECT * from users where empid='$login' and password ='$password'";
$result = mysql_query($qstr);
$_SESSION['login']=$login['login'];
$_SESSION['username'] = $username['username'];
if (mysql_num_rows($result)==1)
{
redirect("home.php");
}
else
{
echo "<font color=#000000><b>Invalid User Name or Password. <a href=index.php> Click here</a> to go back to the login screen </a></Center></font>";
}
mysql_close();
}
?>