And here is what i need
I creat my own member script (reg/login/member area)
and now only one thing left: I need to creat php script which could allow users change their password. How? Could anyone wrute script ?
Moderator: General Moderators
Code: Select all
$result = mysql_query('UPDATE `users` SET `password` = \''.md5($_POST['password']).'\' WHERE `userid` = \''. $_SESSION['userid'].'\' LIMIT 1');Code: Select all
<form method="post" action="handleoptions.php" name="password_change">
<table width="100%" align="center" border="0">
<tr>
<td width="100%" align="center" colspan="2">
<b>Change Password</b>
</td>
</tr>
<tr>
<td width="20%" align="left">
Old Password:
</td>
<td width="80%" align="left">
<input type="password" name="password_old" size="15px" maxlength="12"><br>
</td>
</tr>
<tr>
<td width="20%" align="left">
New Password:
</td>
<td width="80%" align="left">
<input type="password" name="password_new" size="15px" maxlength="12"><br>
</td>
</tr>
<tr>
<td width="20%" align="left">
Confirm Password:
</td>
<td width="80%" align="left">
<input type="password" name="password_new_confirm" size="15px" maxlength="12"><br>
</td>
</tr>
<tr>
<td width="100%" align="left" colspan="2">
<input type="submit" value="Update Password!" name="password_change_submit">
</td>
</tr>
</table></form>Code: Select all
<?php
session_start();
include '../private_html/includes/configuration.php';
dbconnect();
checklogin();
is_dead();
is_banned();
if(isset($_POST['password_change_submit'])) {
$login_session = $_SESSION['username_value'];
$login_cookie = $_COOKIE['username'];
$check_username = mysql_query("SELECT * FROM accounts WHERE login_session='$login_session' AND login_cookie='$login_cookie'");
$check_username_assoc = mysql_fetch_assoc($check_username);
$username = $check_username_assoc['username'];
$password_old = $_POST['password_old'];
$password_new = $_POST['password_new'];
$password_new_confirm = $_POST['password_new_confirm'];
$password_old_md5 = md5($password_old);
$password_new_md5 = md5($password_new);
$password_new_confirm_md5 = md5($password_new_confirm);
$select_username_assoc = mysql_query("SELECT * FROM accounts WHERE username='$username'");
$username_assoc = mysql_fetch_assoc($select_username_assoc);
if($username_assoc['password'] == $password_old_md5) {
if($password_new_md5 == $password_new_confirm_md5) {
mysql_query("UPDATE accounts SET password='$password_new_md5' WHERE username='$username'");
mysql_query("UPDATE accounts SET login_session='' WHERE login_session='$login_session'");
mysql_query("UPDATE accounts SET login_cookie='' WHERE login_cookie='$login_cookie'");
session_destroy();
$cookie_username = $_COOKIE['username'];
setcookie("username", $cookie_username, time()-3600, "/", ".xxxxx.com");
header("location:http://www.xxxxx.com/index.php?login=4");
} elseif($password_new_md5 != $password_new_confirm_md5) {
header("location:http://www.xxxxx.com/options.php?error=2");
die();
}
} elseif($username_assoc['password'] != $password_old_md5) {
header("location:http://www.xxxxx.com/options.php?error=1");
die();
}
} elseif(!isset($_POST['password_change_submit'])) {
header("location:http://www.xxxxx.com/options.php");
die();
}
?>scrotaye wrote:i was just too lazy to erase it, which is kind of ironic considering how I had the energy to type this big long run-on sentence.)