need help with code to change password
Posted: Wed Mar 14, 2012 1:59 pm
For my website I have the option of the user changing their password. They need to enter their username, email, new password and password again. Then I want to change the value for password in the database and replace it with the new password.
Heres the code so far:
I don't know what code to put in to change the password since right now all it does is display your old password
Heres the code so far:
Code: Select all
<?php
//forgot_password2.php
include 'connect.php';
include 'header.php';
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
echo '<form method="post" action="">
Enter your Username: <input type="text" name="userName" /><br />
Enter your E-mail: <input type="email" name="userEmailAddress"><br />
Enter your new password: <input type="password" name="newPassword"><br />
Enter Password again: <input type="password" name="userNewPasswordCheck"><br />
<input type="submit" value="Change password" />
</form>';
}
else
{
$errors = array();
//check username
if(isset($_POST['userName']))
{
$sql = mysql_query("SELECT userID FROM users WHERE userName='".$_POST['userName']."' LIMIT 1");
$result = mysql_num_rows($sql);
if ($result != 1)
{
$errors[] = 'Username doesn′t exist';
}
}
else
{
$errors[] = 'The username field must not be empty.';
}
//check email address
if(isset($_POST['userEmailAddress']))
{
$sql = mysql_query("SELECT userID FROM users WHERE userEmailAddress='".$_POST['userEmailAddress']."' LIMIT 1");
$result = mysql_num_rows($sql);
if ($result != 1)
{
$errors[] = 'Email address doesn′t exist';
}
}
if(!empty($_POST['newPassword']))
{
if($_POST['newPassword'] != ($_POST['userNewPasswordCheck']))
{
$errors[] = 'The two passwords did not match.';
}
if(strlen($_POST['newPassword']) > 45)
{
$errors[] = 'The password cannot be longer than 45 characters.';
}
}
else
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors))
{
//make sure no fields are empty
echo 'You must fill in all fields to change your password.<br /><br />';
echo '<a href="forgot_password2.php">Go back</a>';
echo '<ul>';
foreach($errors as $key => $value)
{
echo '<li>' . $value . '</li>';
}
echo '</ul>';
}
else
{
$sql = "SELECT
userID,
userName,
userEmailAddress,
userPassword
FROM
users
WHERE
userName = '" . mysql_real_escape_string($_POST['userName']) . "'
AND
userEmailAddress = '" . mysql_real_escape_string($_POST['userEmailAddress']) . "'";
$result = mysql_query($sql);
if(!$result)
{
echo 'Something went wrong while changing the password. Please try again later.';
echo mysql_error();
}
else
{
while($row = mysql_fetch_assoc($result))
{
$_SESSION['userID'] = $row['userID'];
$_SESSION['userName'] = $row['userName'];
$_SESSION['userPassword'] = $row['userPassword'];
$_SESSION['userEmailAddress'] = $row['userEmailAddress'];
}
echo 'Your new password is: ' . $_SESSION['userPassword'];
echo '</br> <a href="signin.php">Sign in</a>';
}
}
}
include 'footer.php';
?>