I wrote a script for changing password but something was wrong i couldnt find any mistakes :-\
Can you say me the mistakes i really need this :s
My pass_change.html(only form part):
<FORM ACTION="test.php" METHOD="POST">
<table width="100%" border="0" cellpadding="2" cellspacing="0" class="style3">
<tr>
<th colspan="2"><div align="center"><span class="pageName">Change Password</span></div></th>
</tr>
<tr>
<td width="50%"><div align="right">ID : </div></td>
<td width="50%"><input type="TEXT" name="ID" /></td>
</tr>
<tr>
<td><div align="right">Secret Question : </div></td>
<td><input type="TEXT" name="hint" /></td>
</tr>
<tr>
<td><div align="right">Answer : </div></td>
<td><input type="PASSWORD" name="hint_answr" /></td>
</tr>
<tr>
<td><div align="right">New Password : </div></td>
<td><input type="PASSWORD" name="new_pass" /></td>
</tr>
<tr>
<td><div align="right">New Password (verify) : </div></td>
<td><input type="PASSWORD" name="new_pass_verify" /></td>
</tr>
<tr>
<td> </td>
<td><input name="SUBMIT" type="SUBMIT" value="Change" />
<input name="RESET" type="RESET" value="Reset" /></td>
</tr>
</table>
</FORM>
and this is the PHP script(test.php):
<?
include("settings.php");
$connect = odbc_connect("$dbname", "$dbuser", "$dbpass");
$query="SELECT * FROM TB_USER where strAccountID = '".$id."'";
$result=odbc_exec($connect,$query);
$row=odbc_fetch_array($result);
$hint = $_POST['hint'];
$answer = $_POST['hint_answr'];
$id = $_POST['ID'];
$hint_question = $row[secret];
$hint_answr = $row[answer];
if(empty($_GET['pg'])){
} elseif($_GET['pg'] == 'change'){
if(($_POST["new_pass"]==$_POST["new_pass_veify"]) && ($hint==$hint_question) && ($answer==$hint_answr)){
$pass_chng_job="SELECT COUNT(strACcountID) FROM TB_USER WHERE strAccountID = '".$id."'";
$pss_chng = odbc_exec($connect, $pass_chng_job);
odbc_fetch_row($pss_chng);
if (odbc_result($pss_chng,1) > 0) {
$psschange = "UPDATE TB_USER SET strPasswd = '".$_POST['new_pass']."' WHERE strAccountID = '".$id."'";
$resultr=odbc_exec($connect,$psschange) or die($lang[27]);
$pass = "<center>
Changing Password Succesfull!
</center>";
} else {
$pass = "<center>
Wrong Password ! <a href='pass_change.html'>Change</a>
</center>";
}
} else {$pass = "<center>
Please Try Again ! <a href='pass_change.html'>...</a>
</center>";}
echo $pass;
}
?>
Thnx for your replies... :'(