Help with change password script
Posted: Sat Apr 11, 2009 12:17 pm
Trying to set up a change password script; not working:
I tried the query "SELECT * FROM logintest WHERE uname='username' AND pword=md5('oldpass')"
in phpMyAdmin and it worked fine, returning one correct result. But when I execute the code on the php page and ask it to print $num_rows, it gives 0.
Code: Select all
<?php
include 'common.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$uname = $_SESSION['uname'];
$oldpass = $_POST['password1'];
$newpass = $_POST['password2'];
$newpass2 = $_POST['password3'];
if(get_magic_quotes_gpc()) {
$uname = stripslashes($uname);
$oldpass = stripslashes($oldpass);
$newpass = stripslashes($newpass);
$newpass2 = stripslashes($newpass);
} else {
$uname = $uname;
$oldpass = $oldpass;
$newpass = $newpass;
$newpass2 = $newpass2;
}
if ($oldpass=='' or $newpass=='' or $newpass2=='') {
error('One or more required fields were left blank. Please fill them in and try again.');
}
elseif ($newpass != $newpass2) {
error('New passwords do not match.');
}
else {
// connect to database
include 'db.php';
$pword = md5($oldpass);
$newpass = md5($newpass);
$sql = "SELECT * FROM logintest WHERE uname='$uname' AND pword='$pword'";
$result = mysql_query($sql) or die (mysql_error());
$num_rows = mysql_num_rows($result);
if ($result) {
print $num_rows;
if ($num_rows > 0) {
$sql = "UPDATE logintest SET pword='$newpass' WHERE uname = '$uname' AND pword='$pword'";
$result = mysql_query($sql) or die (mysql_error());
if ($result) {
error('Password changed.');
}
else {
error('A database error occured during submission');
}
}
else {
error ('The old password you entered is incorrect');
}
}
else {
error('A database error occured during submission');
}
mysql_close($db_handle);
}
}
?>in phpMyAdmin and it worked fine, returning one correct result. But when I execute the code on the php page and ask it to print $num_rows, it gives 0.