[SOLVED] mysql update

[ngreenwood6]

I am trying to create a reset password section for my login script.  My database looks like this:

 

login=database

members=table

username, password, email, etc.=input values

 

I am trying to get it so that when a user submits the password change it updates the password (note:password is md5). I am using this command:

 

"UPDATE members SET password = '$new_pass' WHERE password = '$reset_email'"

 

$reset_email = $_POST['reset_email'] and $new_pass = $_POST['new_pass'] which are given from the form. However whenever i submit the form it changes the password, but I don't know what to. No password i type works and the md5 changes. Am i missing something? Any help is appreciated.

[cooldude832]

um why is password your where clause it should the userid or the username?

[Stephen]

What is the rest of your code? With setting $new_pass, $reset_email variables and stuff. If reset email is an --email-- why would you check for it in a --password-- column?

 

And as cooldude said it should be

WHERE userid = '$myuserid'

 

Otherwise it will update every password from "lol" to "lol2".

[ngreenwood6]

sorry i typed it wrong my code is actually:

"UPDATE members SET password = '$new_pass' WHERE password = '$reset_email'"

 

The code is in 2 pages

 

reset_password.php:

<table>
			<form name="password_reset" method="post" action="reset.php">
			<tr>
			<td>Email
			<td>:
			<td><input name="reset_email" type="text" />
			</tr>
			<tr>
			<td><input name="submit" type="submit" value="submit" />
			</tr>
			</form>
			</table>

 

and reset.php:

<?php

$reset_email = Trim(stripslashes($_POST['reset_email']));

$host="localhost"; // Host name 

$username="root"; // Mysql username 

$password=""; // Mysql password 

$db_name="login"; // Database name 

$tbl_name="members"; // Table name 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");


$sql="SELECT * FROM members WHERE email = '$reset_email'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

if($count==1){
$row = mysql_fetch_array($result);
}
?>
<table>
<form name="reset" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<tr>
<td><?php echo $row['security']; ?>
<td>:
<td><input name="answer" type="text">
</tr>
<tr>
<td>New password
<td>:
<td><input name="new_pass" type="text">
</tr>
<tr>
<td><input name="submit" type="submit" value="submit">
</tr>
</form>
</table>
<?php

$new_pass = Trim(stripslashes(md5($_POST['new_pass'])));

//define the database variables
$host = "localhost";
$db_name = "login";
$db_table = "members";
$db_username = "root";
$db_password = "";

//function to insert the data into the database
$update_db = "UPDATE members SET password = '$new_pass' WHERE email = '$reset_email'";

//variable to connect to database
$mysqli_connect = mysqli_connect($host,$db_username,$db_password,$db_name)
or die ("Could not connect to database");

//variable to send data to the database
mysqli_query($mysqli_connect,$update_db)
or die ("Error: ".mysqli_error($mysqli_connect));

?>

 

I am trying to update the password after the user inputs their email address and verifies their security question. That is still in the works but the password update isnt working for now.

[LemonInflux]

"UPDATE members SET password = '$new_pass' WHERE password = '$reset_email'"

 

Why is password being set to reset email?

----------------

Now playing: Linkin Park - No More Sorrow (Live At Milton Keynes)

via FoxyTunes

[elflacodepr]

i think this is getting bit confusing, if you want to reset or change password why not make the user to type his old password then type a new one.

 

so it will be like:

 

"UPDATE members SET password = '$new_pass' WHERE password = '$old_pass'"

 

after all you should make sure that you are changing the correct password from the correct user.

[ngreenwood6]

I am a noob. i am trying to get it to update the passwrod for the email address that gets submitted the page before. Please help!

 

elflacodepr - I am getting them to put in their email address and then it goes to the next page. I want them to put in their email address, then confirm their security question, then enter their new password.

[Stephen]

It should be more like:

UPDATE members SET password = '$new_pass' WHERE email = '$reset_email'

[LemonInflux]

Then surely you should identify them by their username or user ID. What if 2 users have the same password or email address?

 

----------------

Now playing: Linkin Park - No More Sorrow (Live At Milton Keynes)

via FoxyTunes

[ngreenwood6]

i am sorry once again. stephen that is actually what my code was. I just figured out what the password it is setting is. It is setting a blank password when i submit.

 

lemoninflux - 2 users cant have the same email address it is prohibited.

[ngreenwood6]

Does anybody know why it would be setting the password to blank instead of what i am inputting in the form?

[dezkit]

your code, please.

[ngreenwood6]

It is the reset.php page that is listed above.

[LemonInflux]

i am sorry once again. stephen that is actually what my code was. I just figured out what the password it is setting is. It is setting a blank password when i submit.

 

lemoninflux - 2 users cant have the same email address it is prohibited.

 

Nothing stops them having the same password though?

 

----------------

Now playing: Linkin Park - No More Sorrow (Live At Milton Keynes)

via FoxyTunes

[ngreenwood6]

no it doesnt matter if 2 users have the same password or if they reset their password to the same password. No 2 users can have the same username or email address.