Jump to content

[SOLVED] problem with my change password script


dazzclub

Recommended Posts

Hi everyone,

 

I have got a form that can let users change their password. Im sure you guys know how the script works.

 

It checks to see if the email and current password is in the database if theres any problems it will report an error else all is well.

 

well im stuck on testing it...i enter a password and email i know is in the database but my error spits out

 

"email and password dit not match"

 

Now i have two ideas why it could be wrong. my query to check if the typed in email and password script doesnt work or its my form.

 

here is the entire script, sorry for it being so long.

------------------------------------------------

<?php

require_once("includes/connection.php");

//looks for all errors

error_reporting(E_ALL);

 

?>

<html>

<head>

<title>Paints -  change password</title>

<link rel="stylesheet" type="text/css" href="styles/style.css"/>

</head>

<body>

<?php

//check the form has been submitted

if(isset($_POST['submitted'])) {

 

require_once("includes/connection.php");

//could possibly insert a database connection here

 

//initialise an error array.

$errors = array();

 

 

//check for an email address

if (empty($_POST['email'])) {

$errors[] = 'you forgot to enter your

email address.';

}else{

$e = mysqli_real_escape_string($connection, trim($_POST['email']));

}

//check for current password

if (empty($_POST['pass'])){

$errors[] = 'you forgot to enter your

current password.';

}else{

 

$p = mysqli_real_escape_string($connection, trim($_POST['pass']));

}

//check for a new password against the confirmed password

if(!empty($_POST['pass1'])){

if($_POST['pass1']!=

$_POST['pass2']) {

 

$errors[] = 'your new password did

not match the confirmed password';

 

}else{

$np = mysqli_real_escape_string($connection, trim($_POST['pass1']));

}

}else{

$errors[] = 'you forgot to enter your

newpassword.';

}

if(empty($errors)) { //if everything is okay

 

//check that they've entered the right email address/password combination

$query = "SELECT user_id FROM users WHERE (email='$e' AND pass=SHA1('$p'))";

 

$return = @mysqli_query($connection, $query);

 

$num = @mysqli_num_rows($return);

 

if ($num==1) { //match was made

 

//get user_id;

$row = mysqli_fetch_array($return, MYSQLI_NUM);

 

//make update

$query = "UPDATE users SET pass=SHA1('$np') WHERE user_id=$row[0]";

 

$return = @mysqli_query($connection, $query);

 

if(mysqli_affected_rows($connection) == 1) { //if it ran ok

 

//print message

echo 'THANK YOU<br />

your new password has been updated.';

 

}else{ //if it did not run ok

 

//public message

echo 'system error<br />

failed to update your password';

 

//debugging

echo ' ' . mysqli_error . ' <br />

Query: ' .$query. '';

}

//quit the script and not show the form

exit();

 

}else{ //invalid email/password combination

echo 'ERROR!<br />

The email address and password did not match those on file';

}

 

}else{ //report the errors

echo 'ERROR!

The following errors occured';

 

foreach($errors as $msg) { //print each error

 

echo " - $msg<br />";

}

echo 'please try agin';

}//End if (empty($errors)) IF.

 

mysqli_close($connection); //Close the database connection

 

}//end of main submit condtional

?>

<form action="change-password.php" method="post">

<ul class="regform">

<li>email: <input name="email" type="text" id="email" maxlength ="40"

value ="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" ></li>

  <li> </li>

  <li>Current password: <input type="password" name="pass" ></li>

    <li> </li>

<li>new password: <input type="password" name="pass1" ></li>

<li> </li>

<li>confirm new password: <input type="password" name="pass2" ></li>

<li> </li>

  <li><input type="submit" name="submit" value="change password"></li>

  <li><input type="hidden" name="submitted" value="TRUE"></li>

</ul>

</form>

</body>

</html>

------------------------------------------------

if anyone could help that would be great

 

regards

Dazzclub

You first use $np for your new password but then check $p for the database

 

$np = mysqli_real_escape_string($connection, trim($_POST['pass1']));

 

 

$query = "SELECT user_id FROM users WHERE (email='$e' AND pass=SHA1('$p'))";

 

hmm...in that query i am confirming that the old password, which is $p, if that matches then the new password variable, $np, is then used to update the users old password in the following update query...

 

thanks..back to the drawing board i guess

follow...

 

hmm...i wouldn't need to check for the new password yet as i need to confirm that the old password is present.

 

so thats why i use $p in that select query. The new password variable, $np, is then used to update the old one.

 

AAAAAARRRRrrrrggghhh!

Also, mysql_affected_rows() returns 0 if they don't actually change anything, I.E: they change their password to what it is already.  Watch out for that and include something in the ELSE to see if their new password is the same as their old one and say "Password changed!" anyway.

ok...

 

after my cig and coffee break i cam back and i thought the problem could have been how i set up the database to hold the details, especially the password. It was set to type as varchar, i then changed it to char.

 

after that didnt work i thought i'd create a user with a simple email and password. i then used the form to try and change this users password and it worked.

 

the only difference between the two users was the length of their email and password. i may have set a maxlength on the form, so it didnt allow the whole value to pass through, thus not matching the info in the database.

 

well thats my thoery. so far problem solved.

 

thanks for all your help peeps. :)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.