Help with change password script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
anivad
Forum Commoner
Posts: 80
Joined: Thu Apr 09, 2009 11:16 pm

Help with change password script

Post by anivad »

Trying to set up a change password script; not working:

Code: Select all

<?php
 
include 'common.php'; 
 
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
 
    $uname = $_SESSION['uname'];
    $oldpass = $_POST['password1'];
    $newpass = $_POST['password2'];
    $newpass2 = $_POST['password3'];
 
if(get_magic_quotes_gpc()) {
$uname = stripslashes($uname);
$oldpass = stripslashes($oldpass);
$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass);
} else {
$uname = $uname;
$oldpass = $oldpass;
$newpass = $newpass;
$newpass2 = $newpass2;
}
 
if ($oldpass=='' or $newpass=='' or $newpass2=='') { 
       error('One or more required fields were left blank. Please fill them in and try again.'); 
   }
 
elseif ($newpass != $newpass2) {
      error('New passwords do not match.');
}
 
else {
 
 
// connect to database
 
include 'db.php';
 
$pword = md5($oldpass);
$newpass = md5($newpass);
 
$sql = "SELECT * FROM logintest WHERE uname='$uname' AND pword='$pword'";
$result = mysql_query($sql) or die (mysql_error());
$num_rows = mysql_num_rows($result);
 
    if ($result) {
    print $num_rows;
        if ($num_rows > 0) {
                $sql = "UPDATE logintest SET pword='$newpass' WHERE uname = '$uname' AND pword='$pword'";
                $result = mysql_query($sql) or die (mysql_error());
                
                if ($result) {
                error('Password changed.');
                }
                else {
                error('A database error occured during submission');
                }
            }
            else { 
                error ('The old password you entered is incorrect');
                }
                }
        
        else {
    error('A database error occured during submission');
        }
 
            mysql_close($db_handle);
 
    }
        
}
 
 
?>
I tried the query "SELECT * FROM logintest WHERE uname='username' AND pword=md5('oldpass')"

in phpMyAdmin and it worked fine, returning one correct result. But when I execute the code on the php page and ask it to print $num_rows, it gives 0.
tech603
Forum Commoner
Posts: 84
Joined: Thu Mar 19, 2009 12:27 am

Re: Help with change password script

Post by tech603 »

I really can't see anything wrong with what you have for code. Have you tried commenting out the sql code and just echoing your variables to ensure that all the values are being set properly. I would suggest doing that if you haven't that may help you with troubleshooting your issue. The fact that your able to turn up a correct result in phpMyadmin says the query is good, but something is wrong on the data end of things.

Hope that helps.
anivad
Forum Commoner
Posts: 80
Joined: Thu Apr 09, 2009 11:16 pm

Re: Help with change password script

Post by anivad »

Have you tried commenting out the sql code and just echoing your variables to ensure that all the values are being set properly.
How do I do that?

(I'm still new to PHP; just started actively learning two days ago.)
anivad
Forum Commoner
Posts: 80
Joined: Thu Apr 09, 2009 11:16 pm

Re: Help with change password script

Post by anivad »

Okay, I figured out what you meant.

The code echoed out both $oldpass and $newpass correctly, but for some reason $uname isn't showing up at all.

It's currently set to $uname = $_SESSION['uname'], and this appears correctly echoed on the changepass.php page. I set the change password php script as an include in that file; could that be the problem?

EDIT: I put the whole file in and it works now for some reason... the password gets changed, but it still doesn't echo $uname. Then I put it back in the include file and it still works, but still not echoing $uname. Weird. There was probabably some small syntax error that I didn't notice.
Post Reply