intodesi Posted April 22, 2008 Share Posted April 22, 2008 Ok, I have nearly finished my login system for my site, one last detail (Hopefully the last) is a change password script. Right now a user registers and their password is generated and sent to them, and then its md5'd and stored in the db. function makeRandomPassword() { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } Now that works great, and helps with security, but I am not sure on how to go about creating the code to let the user change their password once the they are activated, and signed in. the form would look like so old password here --> id="old_password" new password here -->id="new_password" new password again -->id="new_check" and then when submitted, it would go to the script I know how to get the submited infor into the script with &_POST My questions are what do I do to check new_password against new_check to make sure they are the same and if they are not, have them go back and try again. then how do I md5 it? The way ive always done is is go to one of those sites that do it for me I think I could figure out how to update the db, I wont have to check the old password against the database, since its an authenticated session. Let me see what else. Think thats it, any would would be greatly appreciated again. Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/ Share on other sites More sharing options...
DeanWhitehouse Posted April 22, 2008 Share Posted April 22, 2008 <?php if($new_password == $new_passwordcheck) ?> that is how to check Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523568 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Author Share Posted April 22, 2008 One part Down,, Thanks Blade Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523575 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Author Share Posted April 22, 2008 does this look sound? <? session_start(); if ($_SESSION['is_valid'] != true) { echo "You Do not have the required permisions to view this Page!<br />"; echo "please go back to the client area <a href='http://zinto-design.com/index.php?c=clientarea'>Client Area</a>"; exit; } ?> <? $uid = $_SESSION['uid']; $old_pw = $_POST[old_pw]; $new_pw = $_POST[new_pw]; $new_check = $_POST[new_check]; if($new_pw == $new_check) { echo "Please make sure you correctly inputed your new password twice<br />"; echo "Back to New Password form <a href='index.php?c=change>New Password Form</a>"; } include 'conf_session.php'; $sql_check = mysql_query("SELECT * FROM clients WHERE u_pass='$old_pw'"); $sql_check_num = mysql_num_rows($sql_check); if($sql_check_num == 0){ echo "You must enter the correct old password<br />"; echo "<a href='index.php?c=change'>Go Back</a>"; exit(); } $new_pass = md5($new_pass) $sql = mysql_query("UPDATE clients SET u_pass='$new_pass' WHERE uid='$uid'"); echo "Your password has been updated! <br />"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523596 Share on other sites More sharing options...
DarkWater Posted April 22, 2008 Share Posted April 22, 2008 It's late, so I may have missed something, but it looks good. Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523597 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Author Share Posted April 22, 2008 except i get a Parse error: syntax error, unexpected T_VARIABLE in /home/techurch/public_html/zinto/clients/includes/change_pw.php on line 28 which would be $sql = mysql_query("UPDATE clients SET u_pass='$new_pass' WHERE uid='$uid'"); Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523602 Share on other sites More sharing options...
DarkWater Posted April 22, 2008 Share Posted April 22, 2008 except i get a Parse error: syntax error, unexpected T_VARIABLE in /home/techurch/public_html/zinto/clients/includes/change_pw.php on line 28 which would be $sql = mysql_query("UPDATE clients SET u_pass='$new_pass' WHERE uid='$uid'"); $sql = mysql_query("UPDATE clients SET u_pass='$new_pw' WHERE uid='$uid'"); That'll work. You used the wrong variable name for your query. =) You have it as $new_pw in the rest of the script. Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523607 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Author Share Posted April 22, 2008 lmao, Thanks Dark Much appreciated, again Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523614 Share on other sites More sharing options...
DarkWater Posted April 22, 2008 Share Posted April 22, 2008 No problem. Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523616 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Author Share Posted April 22, 2008 whats the difference between != and == because when i used <?php if($new_password == $new_passwordcheck) ?> like blade suggested, it wouldnt work.. they wouldnt check up but when i did this <?php if($new_password != $new_passwordcheck) ?> it passed through Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523636 Share on other sites More sharing options...
intodesi Posted April 22, 2008 Author Share Posted April 22, 2008 Ok so i guess this sums it up for me In the previous section, you saw what Comparison Operators were. In this lessons, we'll explore the Comparison Operator for Not Equal To: !=. So open up your text editor, and add the following script: <?PHP $correct_username = 'logmein'; $what_visitor_typed = 'logMEin'; if ($what_visitor_typed != $correct_username) { print("You're not a valid user of this site!"); } ?> Save your work and try it out. You should be able to guess what it does! But the thing to note here is the new Comparison Operator. Instead of using the double equals sign we’re now using an exclamation mark and a single equals sign. The rest of the If Statement is exactly the same format as you used earlier. The things you’re trying to compare need to be different before a value of true is returned by PHP. In the second variable ($what_visitor_typed), the letters “ME” are in uppercase; in the first variable, they are in lowercase. So the two are not the same. Because we used the NOT equal to operator, the text will get printed. Change your script to this: $correct_username = 'logmein'; $what_visitor_typed = 'logmein'; if ($what_visitor_typed != $correct_username) { print("You're not a valid user of this site!"); } else { print("Welcome back, friend!"); } See if you can figure out what has changed. Before you run the script, what will get printed out? from http://www.homeandlearn.co.uk/php/php3p6.html Quote Link to comment https://forums.phpfreaks.com/topic/102256-solved-change-password-script/#findComment-523643 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.