tpstudent Posted September 16, 2008 Share Posted September 16, 2008 Hi, I had did some codes to allow user to log in and change their password. Currently, it seems to be not reading the current password in the database; to match with the password field which they have to enter their current password. The error faced: <?php session_start(); echo $name; ob_start(); ?> <html> <head> <title>Staff Signage</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="style.css" rel="stylesheet" type="text/css"> <style type="text/css"> <!-- body { background-color: #FFFFFF; } --> </style></head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <!-- ImageReady Slices (main1.psd) --> <table width="800" height="600" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01"> <tr> <td width="800" height="136"><?php include("include/header.php") ?></td> </tr> <tr> <td width="800" height="438" valign="top" bgcolor="#FFFFFF"> <table width="795" height="426" border="0"> <tr> <td width="10" height="2"></td> <td width="762"></td> <td width="10"></td> </tr> <tr> <td height="409"></td> <td valign="top" bgcolor="#FFFFFF"><form name="form1" method="post" action="password.php"> <?php $password=$row['password']; $success = false; $submitted = isset($_POST['formsubmitted']); $staffid = $_SESSION['staffid']; if($submitted){ if (!empty($_POST['cpassword'])) { $cpassword =$_POST['cpassword']; } else { $cpassword =NULL; echo '<span class = "font"><font color="red"><span class = "contentText"><b>You forgot to enter your Current Password!</b></span></font><br><br>'; }//end of check userid if (!empty($_POST['npassword'])) { $npassword =$_POST['npassword']; } else { $bpost =NULL; echo '<font color="red"><span class = "contentText"><b>You forgot to enter your New Password!</b></span></font><br><br>'; }//end of check password if($cpassword && $npassword) { if($cpassword==$password) { $password = mysql_real_escape_string($_POST["$npassword"]); require_once('staffSql.php'); // connect to the mysql database server. mysql_select_db($dbname); $query = "UPDATE staff set password='$npassword' where staffid ='$staffid'"; $result = mysql_query($query); if ($result) { echo"<br/><span class ='headerText'><center>Password Successfully changed.</center></span><br>"; echo"<span class ='headerText'><center>Redirecting to main..</center></span><br><br>"; header("refresh:2;url=main.php"); $success= true; }//end of if result else { echo"<span class ='font'>Password Unsuccessfully changed.</span><br><br>"; }//end of else }//end of if password matches that in db else { echo"<span class ='text'><font color='red'>You have entered your current password wrongly.</font></span><br><br>"; } } } ?> <input type="hidden" name="formsubmitted" value="TRUE"/> <?php if($success == false) { ?> <span class="headerText">Change Your Password</span><br> <br> <span class="contentText">Current Password: </font></span> <input name="cpassword" type="password" value=""> <br> <br> <span class="contentText">Password: </font></span> <input name="npassword" type="password" value=""> <br> <br> <input type="submit" name="submit" value="Change Password" /> <input type="reset" value="Reset" /><?php } ?> </form> </td> <td></td> </tr> </table> </td> </tr> <tr> <td width="800" height="26"> <?php include("include/footer.php") ?> </td> </tr> </table> <!-- End ImageReady Slices --> </body> </html> <?php ob_flush(); ?> Link to comment https://forums.phpfreaks.com/topic/124417-mysql-password-change/ Share on other sites More sharing options...
beedie Posted September 16, 2008 Share Posted September 16, 2008 Looks like you haven't hit the database to give a value to $password before checking it against the new one. Link to comment https://forums.phpfreaks.com/topic/124417-mysql-password-change/#findComment-642509 Share on other sites More sharing options...
fanfavorite Posted September 16, 2008 Share Posted September 16, 2008 $password=$row['password']; is your problem. You are not fetching the current password into the $row array before like: $q = mysql_query ("SELECT password FROM staff WHERE staffid = '$staffid'"); $row = mysql_fetch_array($q); Link to comment https://forums.phpfreaks.com/topic/124417-mysql-password-change/#findComment-642511 Share on other sites More sharing options...
tpstudent Posted September 16, 2008 Author Share Posted September 16, 2008 Hi, I tried to retrieve the password row; however there is still the same problem faced. Can help me see what I had done wrong. Thanks. <?php session_start(); echo $name; ob_start(); ?> <html> <head> <title>Staff Signage</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="style.css" rel="stylesheet" type="text/css"> <style type="text/css"> <!-- body { background-color: #FFFFFF; } --> </style></head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <!-- ImageReady Slices (main1.psd) --> <table width="800" height="600" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01"> <tr> <td width="800" height="136"><?php include("include/header.php") ?></td> </tr> <tr> <td width="800" height="438" valign="top" bgcolor="#FFFFFF"> <table width="795" height="426" border="0"> <tr> <td width="10" height="2"></td> <td width="762"></td> <td width="10"></td> </tr> <tr> <td height="409"></td> <td valign="top" bgcolor="#FFFFFF"><form name="form1" method="post" action="password.php"> <?php $success = false; $submitted = isset($_POST['formsubmitted']); $staffid = $_SESSION['staffid']; require_once('staffSql.php'); // connect to the mysql database server. mysql_select_db($dbname); $query = "SELECT password FROM staff WHERE staffid = '$staffid'"; $result = mysql_fetch_array(mysql_query($query)); $password=$row['password']; if($submitted){ if (!empty($_POST['cpassword'])) { $cpassword =$_POST['cpassword']; } else { $cpassword =NULL; echo '<span class = "font"><font color="red"><span class = "contentText"><b>You forgot to enter your Current Password!</b></span></font><br><br>'; }//end of check userid if (!empty($_POST['npassword'])) { $npassword =$_POST['npassword']; } else { $bpost =NULL; echo '<font color="red"><span class = "contentText"><b>You forgot to enter your New Password!</b></span></font><br><br>'; }//end of check password if($cpassword && $npassword) { if($cpassword==$password) { $password = mysql_real_escape_string($_POST["$npassword"]); require_once('staffSql.php'); // connect to the mysql database server. mysql_select_db($dbname); $query = "UPDATE staff set password='$npassword' where staffid ='$staffid'"; $result = mysql_query($query); if ($result) { echo"<br/><span class ='headerText'><center>Password Successfully changed.</center></span><br>"; echo"<span class ='headerText'><center>Redirecting to main..</center></span><br><br>"; header("refresh:2;url=main.php"); $success= true; }//end of if result else { echo"<span class ='font'>Password Unsuccessfully changed.</span><br><br>"; }//end of else }//end of if password matches that in db else { echo"<span class ='text'><font color='red'>You have entered your current password wrongly.</font></span><br><br>"; } } } ?> <input type="hidden" name="formsubmitted" value="TRUE"/> <?php if($success == false) { ?> <span class="headerText">Change Your Password</span><br> <br> <span class="contentText">Current Password: </font></span> <input name="cpassword" type="password" value=""> <br> <br> <span class="contentText">Password: </font></span> <input name="npassword" type="password" value=""> <br> <br> <input type="submit" name="submit" value="Change Password" /> <input type="reset" value="Reset" /><?php } ?> </form> </td> <td></td> </tr> </table> </td> </tr> <tr> <td width="800" height="26"> <?php include("include/footer.php") ?> </td> </tr> </table> <!-- End ImageReady Slices --> </body> </html> <?php ob_flush(); ?> Link to comment https://forums.phpfreaks.com/topic/124417-mysql-password-change/#findComment-642525 Share on other sites More sharing options...
beedie Posted September 16, 2008 Share Posted September 16, 2008 $result = mysql_fetch_array(mysql_query($query)); $password=$row['password']; The above doesn't give $row anything. Try $password= $result['password']; Link to comment https://forums.phpfreaks.com/topic/124417-mysql-password-change/#findComment-642563 Share on other sites More sharing options...
fypstudent Posted September 16, 2008 Share Posted September 16, 2008 it worked! thank you! Link to comment https://forums.phpfreaks.com/topic/124417-mysql-password-change/#findComment-642574 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.