Jump to content

[SOLVED] Change Password


sith717

Recommended Posts

I need to make a php page to change password.

 

Can someone make a simple form and mysql thing to do it?

 

Here is the existing file

 

Checklogin.php

 

<?php
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "index.php"
session_register("myusername");
session_register("mypassword");


header("location:index.php");
}

else {

header("location:login_failed.php");
}
?>

 

 

Here is the mql info thing

 

CREATE TABLE `members` (
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2 ;

-- 
-- Dumping data for table `members`
-- 

INSERT INTO `members` VALUES (1, '****', '****');

 

I made the private info * to protect it.

Thanks.

 

I need a script that can connect to the database and change the password.

 

Thanks,

 

Hopefully it can be done for free which would be a great help!

Link to comment
Share on other sites

  • Replies 150
  • Created
  • Last Reply

I really am not wanting to pay for this, since its something simple, and I really have no idea how to do...

 

We are more than happy to help.  Unfortunately, helping means taking the bad code, and making it work, not writing it for you.  As Maq said, you'd have better luck paying someone 20 bucks to do it for you.  Or you can write it yourself, seeing how simple it is.

Link to comment
Share on other sites

Psuedo:

 

You need a form that asks for the user's username, old password, and new password.

Pass the info to the php script.

 

check the user info (like you have)

 

UPDATE members SET password = $_POST['new_password'] WHERE username = $_POST['username'];

 

if(success)

return true;

else

return false;

 

Link to comment
Share on other sites

Sorry, but people here want to help, not do everything for you.  If you want to post this in the freelance and try to get it done for free you're more than welcome.  I'm sure people would agree that they are going to do something with pay rather than free.  I'm also sure someone has a tutorial or a snippet of code that will help you out.  Sorry, good luck.

Link to comment
Share on other sites

change_password.php

<?php
//access this file via "change_password.php?pass_change_form=true"
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if ($_GET['change_pass'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT * FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$results = mysql_query($sql);
$count_res = mysql_num_rows($sql);
if (($count_res == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql);
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}

and change your checklogin.php to this:

<?php
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "index.php"
$_SESSION['username'] = $myusername;
session_register("myusername");
session_register("mypassword");


header("location:index.php");
}

else {

header("location:login_failed.php");
}
?>

Felt generous today. Not what I would normally do.

Link to comment
Share on other sites

So who ever helps me out hopefully gets something...

 

Probably just a thanks...   :P

 

lol. I don't do it for the money. I have a good job. I'm of a mindset that you don't get anything for work, unless you get it before you do the work.

 

A thanks would be great, though.

Link to comment
Share on other sites

It loads now.

 

It shows an error:

 

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/bucketho/public_html/admin/change_password.php on line 19

Error processing Password change. Please try again

 

Its  probably because it doesnt know what user to change the password for?

 

Like before I can change the password I put in thhat login session thing, maybe I need that?

 

Link to comment
Share on other sites

This is the login session code:

 

<?
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}
?>

 

Do I place it on the top like this:

 

<?
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}
?>

<?php
//access this file via "change_password.php?pass_change_form=true"
$host="localhost"; // Host name
$username="bucketho_***"; // Mysql username
$password="****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

if ($_GET['change_pass'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT * FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$results = mysql_query($sql);
$count_res = mysql_num_rows($sql);
if (($count_res == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql);
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}

Link to comment
Share on other sites

wouldn't hurt. forgot to add sessions to my file (wrote it under yours, then broke it up). all you need is

<?php
session_start();
if ($_GET['change_pass'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT * FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$results = mysql_query($sql);
$count_res = mysql_num_rows($sql);
if (($count_res == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql);
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.