PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?
include 'db.php';
$username=$_POST['username'];
$old_password=$_POST['old_password'];
$new_password=$_POST['new_password'];
$check_password=$_POST['check_password'];
$username=stripslashes($username);
$old_password=stripslashes($old_password);
$new_password=stripslashes($new_password);
$check_password=stripslashes($check_password);
if ((!$username) ||(!$old_password) || (!$new_password) || (!$check_password))
{
if (!$username){ echo "Nu ati introdus Username-ul <br>";
}
if (!$old_password){echo "Nu ati introdus Vechea Parola<br>";
}
if(!($new_password==$check_password))
{
echo "Parolele introduse nu corespund<br>";
unset($new_password);
unset($old_password);
}
include 'chpass.php';
exit();
}
$sql_username = mysql_query("SELECT username FROM users WHERE username='$username'");
$sql_password = mysql_query("SELECT password FROM users WHERE username='md5($old_password)'");
if(($sql_username>0) & ($sql_username>0)){
mysql_query("UPDATE users SET password=sql_password
WHERE username=$sql_username");
}
else{
if ($username==0) {
echo " Username-ul introdus nu se afla in baza de date,br>";
unset($username);
}
if($sql_password == 0) {
echo" Vechea parola introdusa nu este corecta. Reincercati<br>";
unset($old_password);
}
}
?>
$sql_username = mysql_query("SELECT username FROM users WHERE username='$username'");
$sql_password = mysql_query("SELECT password FROM users WHERE username='md5($old_password)'");
if(($sql_username>0) & ($sql_username>0)){
$sql_password = mysql_query("SELECT password FROM users WHERE username='md5($old_password)'");
And with that comparison I'm checking if the username and the password are in the DB. At least that's what I tried to do.
Can you give me an idea about how to update the new password? Even if you erase that "if".
<?php
include 'db.php';
$username = mysql_real_escape_string($_POST['username']);
// We're hashing these anyway
$old_password = $_POST['old_password'];
$new_password = $_POST['new_password'];
$check_password = $_POST['check_password'];
if ((!$username) || (!$old_password) || (!$new_password) || (!$check_password))
{
if (!$username)
{
echo "Nu ati introdus Username-ul <br>";
}
if (!$old_password)
{
echo "Nu ati introdus Vechea Parola<br>";
}
if (!($new_password == $check_password))
{
echo "Parolele introduse nu corespund<br>";
unset($new_password);
unset($old_password);
}
include 'chpass.php';
exit();
}
/*
$sql_username = mysql_query("SELECT username FROM users WHERE username='$username'");
$sql_password = mysql_query("SELECT password FROM users WHERE username='md5($old_password)'");
*
*/
// Let's do this in one step.
$query = "SELECT COUNT(username) FROM users WHERE username = '{$username}' AND password = 'MD5({$password})'";
list($count) = mysql_fetch_row(mysql_query($query));
// We've found a match, so let's update the password
if ($count)
{
$query = "UPDATE users SET password = 'MD5({$new_password})' WHERE username = '{$username}'";
mysql_query($query);
}
else
{
// Error condition. Don't tell them specifically if username or password weren't found.
}
?>