dazzclub Posted June 24, 2008 Share Posted June 24, 2008 Hi everyone, I have got a form that can let users change their password. Im sure you guys know how the script works. It checks to see if the email and current password is in the database if theres any problems it will report an error else all is well. well im stuck on testing it...i enter a password and email i know is in the database but my error spits out "email and password dit not match" Now i have two ideas why it could be wrong. my query to check if the typed in email and password script doesnt work or its my form. here is the entire script, sorry for it being so long. ------------------------------------------------ <?php require_once("includes/connection.php"); //looks for all errors error_reporting(E_ALL); ?> <html> <head> <title>Paints - change password</title> <link rel="stylesheet" type="text/css" href="styles/style.css"/> </head> <body> <?php //check the form has been submitted if(isset($_POST['submitted'])) { require_once("includes/connection.php"); //could possibly insert a database connection here //initialise an error array. $errors = array(); //check for an email address if (empty($_POST['email'])) { $errors[] = 'you forgot to enter your email address.'; }else{ $e = mysqli_real_escape_string($connection, trim($_POST['email'])); } //check for current password if (empty($_POST['pass'])){ $errors[] = 'you forgot to enter your current password.'; }else{ $p = mysqli_real_escape_string($connection, trim($_POST['pass'])); } //check for a new password against the confirmed password if(!empty($_POST['pass1'])){ if($_POST['pass1']!= $_POST['pass2']) { $errors[] = 'your new password did not match the confirmed password'; }else{ $np = mysqli_real_escape_string($connection, trim($_POST['pass1'])); } }else{ $errors[] = 'you forgot to enter your newpassword.'; } if(empty($errors)) { //if everything is okay //check that they've entered the right email address/password combination $query = "SELECT user_id FROM users WHERE (email='$e' AND pass=SHA1('$p'))"; $return = @mysqli_query($connection, $query); $num = @mysqli_num_rows($return); if ($num==1) { //match was made //get user_id; $row = mysqli_fetch_array($return, MYSQLI_NUM); //make update $query = "UPDATE users SET pass=SHA1('$np') WHERE user_id=$row[0]"; $return = @mysqli_query($connection, $query); if(mysqli_affected_rows($connection) == 1) { //if it ran ok //print message echo 'THANK YOU<br /> your new password has been updated.'; }else{ //if it did not run ok //public message echo 'system error<br /> failed to update your password'; //debugging echo ' ' . mysqli_error . ' <br /> Query: ' .$query. ''; } //quit the script and not show the form exit(); }else{ //invalid email/password combination echo 'ERROR!<br /> The email address and password did not match those on file'; } }else{ //report the errors echo 'ERROR! The following errors occured'; foreach($errors as $msg) { //print each error echo " - $msg<br />"; } echo 'please try agin'; }//End if (empty($errors)) IF. mysqli_close($connection); //Close the database connection }//end of main submit condtional ?> <form action="change-password.php" method="post"> <ul class="regform"> <li>email: <input name="email" type="text" id="email" maxlength ="40" value ="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" ></li> <li> </li> <li>Current password: <input type="password" name="pass" ></li> <li> </li> <li>new password: <input type="password" name="pass1" ></li> <li> </li> <li>confirm new password: <input type="password" name="pass2" ></li> <li> </li> <li><input type="submit" name="submit" value="change password"></li> <li><input type="hidden" name="submitted" value="TRUE"></li> </ul> </form> </body> </html> ------------------------------------------------ if anyone could help that would be great regards Dazzclub Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/ Share on other sites More sharing options...
revraz Posted June 24, 2008 Share Posted June 24, 2008 You first use $np for your new password but then check $p for the database $np = mysqli_real_escape_string($connection, trim($_POST['pass1'])); $query = "SELECT user_id FROM users WHERE (email='$e' AND pass=SHA1('$p'))"; Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573534 Share on other sites More sharing options...
dazzclub Posted June 24, 2008 Author Share Posted June 24, 2008 hmm...in that query i am confirming that the old password, which is $p, if that matches then the new password variable, $np, is then used to update the users old password in the following update query... thanks..back to the drawing board i guess Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573544 Share on other sites More sharing options...
dazzclub Posted June 24, 2008 Author Share Posted June 24, 2008 follow... hmm...i wouldn't need to check for the new password yet as i need to confirm that the old password is present. so thats why i use $p in that select query. The new password variable, $np, is then used to update the old one. AAAAAARRRRrrrrggghhh! Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573562 Share on other sites More sharing options...
revraz Posted June 24, 2008 Share Posted June 24, 2008 echo $query to see what both the $e and sha1($p) contains. Then you can compare it to your DB. Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573564 Share on other sites More sharing options...
DarkWater Posted June 24, 2008 Share Posted June 24, 2008 Also, mysql_affected_rows() returns 0 if they don't actually change anything, I.E: they change their password to what it is already. Watch out for that and include something in the ELSE to see if their new password is the same as their old one and say "Password changed!" anyway. Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573567 Share on other sites More sharing options...
dazzclub Posted June 24, 2008 Author Share Posted June 24, 2008 @revraz I have echo'd the value of $e and $p and they echo the correct email address and password.... ..i think a coffee and a cig break is in order.. cheers for your help Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573583 Share on other sites More sharing options...
dazzclub Posted June 24, 2008 Author Share Posted June 24, 2008 ok... after my cig and coffee break i cam back and i thought the problem could have been how i set up the database to hold the details, especially the password. It was set to type as varchar, i then changed it to char. after that didnt work i thought i'd create a user with a simple email and password. i then used the form to try and change this users password and it worked. the only difference between the two users was the length of their email and password. i may have set a maxlength on the form, so it didnt allow the whole value to pass through, thus not matching the info in the database. well thats my thoery. so far problem solved. thanks for all your help peeps. Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573597 Share on other sites More sharing options...
revraz Posted June 24, 2008 Share Posted June 24, 2008 That'll do it. Also make sure the length in the DB is correct for the hash you use. Link to comment https://forums.phpfreaks.com/topic/111729-solved-problem-with-my-change-password-script/#findComment-573627 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.