[SOLVED] Change Password

[sith717]

I need to make a php page to change password.

 

Can someone make a simple form and mysql thing to do it?

 

Here is the existing file

 

Checklogin.php

 

<?php
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "index.php"
session_register("myusername");
session_register("mypassword");


header("location:index.php");
}

else {

header("location:login_failed.php");
}
?>

 

 

Here is the mql info thing

 

CREATE TABLE `members` (
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2 ;

-- 
-- Dumping data for table `members`
-- 

INSERT INTO `members` VALUES (1, '****', '****');

 

I made the private info * to protect it.

Thanks.

 

I need a script that can connect to the database and change the password.

 

Thanks,

 

Hopefully it can be done for free which would be a great help!

[Maq]

You would have better luck in the freelance section.

[sith717]

I really am not wanting to pay for this, since its something simple, and I really have no idea how to do...

[jonsjava]

I really am not wanting to pay for this, since its something simple, and I really have no idea how to do...

 

We are more than happy to help.  Unfortunately, helping means taking the bad code, and making it work, not writing it for you.  As Maq said, you'd have better luck paying someone 20 bucks to do it for you.  Or you can write it yourself, seeing how simple it is.

[sith717]

No I mean, like the whole code works, I just have to add a change password part...

 

 

 

[Maq]

Psuedo:

 

You need a form that asks for the user's username, old password, and new password.

Pass the info to the php script.

 

check the user info (like you have)

 

UPDATE members SET password = $_POST['new_password'] WHERE username = $_POST['username'];

 

if(success)

return true;

else

return false;

 

[sith717]

Ugh? Can you put that into the script?

 

I have no idea how to combine it.

 

I am really slow...

[sith717]

I know, sorry about that...

 

So who ever helps me out hopefully gets something...

[Maq]

Sorry, but people here want to help, not do everything for you.  If you want to post this in the freelance and try to get it done for free you're more than welcome.  I'm sure people would agree that they are going to do something with pay rather than free.  I'm also sure someone has a tutorial or a snippet of code that will help you out.  Sorry, good luck.

[sith717]

I understand.

 

I looked around for a snippet of that what your saying and didn't find it.

[jonsjava]

change_password.php

<?php
//access this file via "change_password.php?pass_change_form=true"
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if ($_GET['change_pass'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT * FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$results = mysql_query($sql);
$count_res = mysql_num_rows($sql);
if (($count_res == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql);
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}

and change your checklogin.php to this:

<?php
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "index.php"
$_SESSION['username'] = $myusername;
session_register("myusername");
session_register("mypassword");


header("location:index.php");
}

else {

header("location:login_failed.php");
}
?>

Felt generous today. Not what I would normally do.

[sith717]

What is different about the 2 codes you gave me?

 

 

[jonsjava]

one is the password changer, the other, I just added a session variable that I like to use to handle usernames (makes it easier on my coding, nothing else).

I had to fix a small syntax, and that's the reason for the edit.

[Maq]

So who ever helps me out hopefully gets something...

 

Probably just a thanks... 

[sith717]

Oh I saw, nvm.

 

Also, I put in the codes. The change_password.php page is blank. It wont load.

 

 

[jonsjava]

So who ever helps me out hopefully gets something...

 

Probably just a thanks...   

 

lol. I don't do it for the money. I have a good job. I'm of a mindset that you don't get anything for work, unless you get it before you do the work.

 

A thanks would be great, though.

[jonsjava]

go to http://your_site.com/directory/change_password.php?pass_change_form=true

[sith717]

Please read the post that I posted before you.

 

I put in the code change_password.php and edited checklogin.php

 

When I go to change_password.php it wont load, it is blank.

 

Not sure why.

 

 

[jonsjava]

as I said, go to change_password.php?pass_change_form=true

 

if you just go to change_password.php, you're going to get a blank page.

[sith717]

It loads now.

 

It shows an error:

 

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/bucketho/public_html/admin/change_password.php on line 19

Error processing Password change. Please try again

 

Its  probably because it doesnt know what user to change the password for?

 

Like before I can change the password I put in thhat login session thing, maybe I need that?

 

[jonsjava]

gotta be logged in with that session value

[sith717]

This is the login session code:

 

<?
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}
?>

 

Do I place it on the top like this:

 

<?
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}
?>

<?php
//access this file via "change_password.php?pass_change_form=true"
$host="localhost"; // Host name
$username="bucketho_***"; // Mysql username
$password="****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if ($_GET['change_pass'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT * FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$results = mysql_query($sql);
$count_res = mysql_num_rows($sql);
if (($count_res == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql);
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}

[jonsjava]

wouldn't hurt. forgot to add sessions to my file (wrote it under yours, then broke it up). all you need is

<?php
session_start();
if ($_GET['change_pass'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT * FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$results = mysql_query($sql);
$count_res = mysql_num_rows($sql);
if (($count_res == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql);
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}

[sith717]

http://delta.bluespacetechnologies.com/~bucketho/admin/change_password.php?change_pass=true

 

Something is wrong...

 

Do you need any of the file to show you?

[sith717]

This is getting very frustrating I know...