Page 1 of 1

Help with change password script

Posted: Sat Apr 11, 2009 12:17 pm
by anivad
Trying to set up a change password script; not working:

Code: Select all

<?php
 
include 'common.php'; 
 
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
 
    $uname = $_SESSION['uname'];
    $oldpass = $_POST['password1'];
    $newpass = $_POST['password2'];
    $newpass2 = $_POST['password3'];
 
if(get_magic_quotes_gpc()) {
$uname = stripslashes($uname);
$oldpass = stripslashes($oldpass);
$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass);
} else {
$uname = $uname;
$oldpass = $oldpass;
$newpass = $newpass;
$newpass2 = $newpass2;
}
 
if ($oldpass=='' or $newpass=='' or $newpass2=='') { 
       error('One or more required fields were left blank. Please fill them in and try again.'); 
   }
 
elseif ($newpass != $newpass2) {
      error('New passwords do not match.');
}
 
else {
 
 
// connect to database
 
include 'db.php';
 
$pword = md5($oldpass);
$newpass = md5($newpass);
 
$sql = "SELECT * FROM logintest WHERE uname='$uname' AND pword='$pword'";
$result = mysql_query($sql) or die (mysql_error());
$num_rows = mysql_num_rows($result);
 
    if ($result) {
    print $num_rows;
        if ($num_rows > 0) {
                $sql = "UPDATE logintest SET pword='$newpass' WHERE uname = '$uname' AND pword='$pword'";
                $result = mysql_query($sql) or die (mysql_error());
                
                if ($result) {
                error('Password changed.');
                }
                else {
                error('A database error occured during submission');
                }
            }
            else { 
                error ('The old password you entered is incorrect');
                }
                }
        
        else {
    error('A database error occured during submission');
        }
 
            mysql_close($db_handle);
 
    }
        
}
 
 
?>
I tried the query "SELECT * FROM logintest WHERE uname='username' AND pword=md5('oldpass')"

in phpMyAdmin and it worked fine, returning one correct result. But when I execute the code on the php page and ask it to print $num_rows, it gives 0.

Re: Help with change password script

Posted: Sat Apr 11, 2009 6:20 pm
by tech603
I really can't see anything wrong with what you have for code. Have you tried commenting out the sql code and just echoing your variables to ensure that all the values are being set properly. I would suggest doing that if you haven't that may help you with troubleshooting your issue. The fact that your able to turn up a correct result in phpMyadmin says the query is good, but something is wrong on the data end of things.

Hope that helps.

Re: Help with change password script

Posted: Sat Apr 11, 2009 11:33 pm
by anivad
Have you tried commenting out the sql code and just echoing your variables to ensure that all the values are being set properly.
How do I do that?

(I'm still new to PHP; just started actively learning two days ago.)

Re: Help with change password script

Posted: Sun Apr 12, 2009 6:01 am
by anivad
Okay, I figured out what you meant.

The code echoed out both $oldpass and $newpass correctly, but for some reason $uname isn't showing up at all.

It's currently set to $uname = $_SESSION['uname'], and this appears correctly echoed on the changepass.php page. I set the change password php script as an include in that file; could that be the problem?

EDIT: I put the whole file in and it works now for some reason... the password gets changed, but it still doesn't echo $uname. Then I put it back in the include file and it still works, but still not echoing $uname. Weird. There was probabably some small syntax error that I didn't notice.