[SOLVED] Change Password Script

[intodesi]

Ok, I have nearly finished my login system for my site, one last detail (Hopefully the last) is a change password script.

 

Right now a user registers and their password is generated and sent to them, and then its md5'd and stored in the db.

function makeRandomPassword() {
  $salt = "abchefghjkmnpqrstuvwxyz0123456789";
  srand((double)microtime()*1000000); 
      $i = 0;
      while ($i <= 7) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $pass = $pass . $tmp;
            $i++;
      }
      return $pass;
}

 

Now that works great, and helps with security, but I am not sure on how to go about creating the code to let the user change their password once the they are activated, and signed in.

 

the form would look like so

 

old password here --> id="old_password"

new password here -->id="new_password"

new password again -->id="new_check"

 

and then when submitted, it would go to the script

 

I know how to get the submited infor into the script with &_POST

 

My questions are

 

what do I do to check new_password against new_check to make sure they are the same and if they are not, have them go back and try again.

 

then how do I md5 it? The way ive always done is is go to one of those sites that do it for me

 

I think I could figure out how to update the db, I wont have to check the old password against the database, since its an authenticated session. Let me see what else.

 

Think thats it, any would would be greatly appreciated again.

[DeanWhitehouse]

<?php
if($new_password == $new_passwordcheck)

?>

 

that is how to check

[intodesi]

One part Down,, Thanks Blade

[intodesi]

does this look sound?

 

 

<?
session_start();
if ($_SESSION['is_valid'] != true)
{                                                          
echo "You Do not have the required permisions to view this Page!<br />";
echo "please go back to the client area <a href='http://zinto-design.com/index.php?c=clientarea'>Client Area</a>";
exit;
}
?>
<?
$uid = $_SESSION['uid'];
$old_pw = $_POST[old_pw];
$new_pw = $_POST[new_pw];
$new_check = $_POST[new_check];
if($new_pw == $new_check) {
echo "Please make sure you correctly inputed your new password twice<br />";
echo "Back to New Password form <a href='index.php?c=change>New Password Form</a>";
}
include 'conf_session.php';
$sql_check = mysql_query("SELECT * FROM clients WHERE u_pass='$old_pw'");
$sql_check_num = mysql_num_rows($sql_check);
if($sql_check_num == 0){
        echo "You must enter the correct old password<br />";
        echo "<a href='index.php?c=change'>Go Back</a>";
        exit();
    }
$new_pass = md5($new_pass)
$sql = mysql_query("UPDATE clients SET u_pass='$new_pass'
                WHERE uid='$uid'"); 
echo "Your password has been updated! <br />";

?> 

[DarkWater]

It's late, so I may have missed something, but it looks good.

[intodesi]

except i get a

 

Parse error: syntax error, unexpected T_VARIABLE in /home/techurch/public_html/zinto/clients/includes/change_pw.php on line 28

 

which would be

 

$sql = mysql_query("UPDATE clients SET u_pass='$new_pass' WHERE uid='$uid'"); 

[DarkWater]

except i get a

 

Parse error: syntax error, unexpected T_VARIABLE in /home/techurch/public_html/zinto/clients/includes/change_pw.php on line 28

 

which would be

 

$sql = mysql_query("UPDATE clients SET u_pass='$new_pass' WHERE uid='$uid'"); 

 

 

$sql = mysql_query("UPDATE clients SET u_pass='$new_pw' WHERE uid='$uid'"); 

 

That'll work.  You used the wrong variable name for your query. =)  You have it as $new_pw in the rest of the script.

[intodesi]

lmao, Thanks Dark Much appreciated, again

[DarkWater]

No problem.

[intodesi]

whats the difference between != and ==

 

because when i used

<?php
if($new_password == $new_passwordcheck)

?>

 

like blade suggested, it wouldnt work.. they wouldnt check up

 

but when i did this

 

<?php
if($new_password != $new_passwordcheck)

?>

it passed through

[intodesi]

Ok so i guess this sums it up for me

 

In the previous section, you saw what Comparison Operators were. In this lessons, we'll explore the Comparison Operator for Not Equal To: !=.

 

So open up your text editor, and add the following script:

 

<?PHP

 

$correct_username = 'logmein';

$what_visitor_typed = 'logMEin';

 

if ($what_visitor_typed != $correct_username) {

print("You're not a valid user of this site!");

}

 

?>

 

Save your work and try it out. You should be able to guess what it does! But the thing to note here is the new Comparison Operator. Instead of using the double equals sign we’re now using an exclamation mark and a single equals sign. The rest of the If Statement is exactly the same format as you used earlier.

 

The things you’re trying to compare need to be different before a value of true is returned by PHP. In the second variable ($what_visitor_typed), the letters “ME” are in uppercase; in the first variable, they are in lowercase. So the two are not the same. Because we used the NOT equal to operator, the text will get printed. Change your script to this:

 

$correct_username = 'logmein';

$what_visitor_typed = 'logmein';

 

if ($what_visitor_typed != $correct_username) {

print("You're not a valid user of this site!");

}

else {

print("Welcome back, friend!");

}

 

See if you can figure out what has changed. Before you run the script, what will get printed out?

 

from

 

http://www.homeandlearn.co.uk/php/php3p6.html