Jump to content

[SOLVED] Change Password

sith717

By sith717
in PHP Coding Help

 Share

Recommended Posts

  • Replies 150
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

sith717 Member

sith717

Posted
  • Author
Posted

Delete the lines I told you to put in from change_password.php

 

echo $_SESSION['is_valid'];
exit();

 

Also change the

 

$_SESSION['is_valid'] = "true";

 

back to

 

$_SESSION['is_valid'] = true;

 

in checklogin.php

 

So I delete the

 

echo $_SESSION['is_valid'];
exit();

 

Link to comment
Share on other sites
peranha Regular Member

peranha

Posted
Posted 

<?php
error_reporting(E_ALL);
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die (mysql_error());
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "index.php"
$_SESSION['username'] = $myusername;
$_SESSION['is_valid'] = true;
session_register("myusername");
session_register("mypassword");


header("location:index.php");
}

else {

header("location:login_failed.php");
}
?>

 

<?php
session_start();
error_reporting(E_ALL);
$host = "localhost"; // Host name
$username = "bucketho_****"; // <-- Mysql username MAKE SURE THIS IS SET!
$password = "*****"; // <-- Mysql password MAKE SURE THIS IS SET!
$db_name = "bucketho_*****"; // <-- Database name CHANGE THIS TOO!
$tbl_name = "members"; // Table name
// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

if ($_GET['change_pass'] == true && $_SESSION['is_valid'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT COUNT(*) AS `total_found` FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$result = mysql_query($sql) or die (mysql_error());
$row = mysql_fetch_assoc($result);
$total_found = $row['total_found'];
if (($total_found == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql) or die (mysql_error());
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true && $_SESSION['is_valid'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}
else{
header("location:./");
exit();
}

 

try that, and see if you server is kicking out any errors.

Link to comment
Share on other sites
peranha Regular Member

peranha

Posted
Posted 

<?php
session_start();
error_reporting(E_ALL);
$host = "localhost"; // Host name
$username = "bucketho_****"; // <-- Mysql username MAKE SURE THIS IS SET!
$password = "*****"; // <-- Mysql password MAKE SURE THIS IS SET!
$db_name = "bucketho_*****"; // <-- Database name CHANGE THIS TOO!
$tbl_name = "members"; // Table name
// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

if ($_GET['change_pass_form'] == true && $_SESSION['is_valid'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT COUNT(*) AS `total_found` FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$result = mysql_query($sql) or die (mysql_error());
$row = mysql_fetch_assoc($result);
$total_found = $row['total_found'];
if (($total_found == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql) or die (mysql_error());
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['change_pass_form'] == true && $_SESSION['is_valid'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}
else{
header("location:./");
exit();
}

 

<?php
error_reporting(E_ALL);
$host="localhost"; // Host name
$username="bucketho_****"; // Mysql username
$password="*****"; // Mysql password
$db_name="bucketho_****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql) or die (mysql_error());
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "index.php"
$_SESSION['username'] = $myusername;
$_SESSION['is_valid'] = true;
session_register("myusername");
session_register("mypassword");


header("location:index.php");
}

else {

header("location:login_failed.php");
}
?>

 

Try those.

Link to comment
Share on other sites
waynew Advanced Member

waynew

Posted
Posted

I fixed the code seeing as you were nice to enough to show people your gratitude for their charity help:

 

<?php

//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer
//Hire a freelancer


?>

 

Should work.

Link to comment
Share on other sites
peranha Regular Member

peranha

Posted
Posted 

<?php
session_start();
error_reporting(E_ALL);
$host = "localhost"; // Host name
$username = "bucketho_****"; // <-- Mysql username MAKE SURE THIS IS SET!
$password = "*****"; // <-- Mysql password MAKE SURE THIS IS SET!
$db_name = "bucketho_*****"; // <-- Database name CHANGE THIS TOO!
$tbl_name = "members"; // Table name
// Connect to server and select databse.
mysql_connect($host, $username, $password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

if ($_GET['pass_change_form'] == true && $_SESSION['is_valid'] == true){
$new_pass1 = mysql_real_escape_string($_POST['pass1']);
$new_pass2 = mysql_real_escape_string($_POST['pass2']);
$old_pass = mysql_real_escape_string($_POST['old_pass']);
$username = $_SESSION['username'];
$sql = "SELECT COUNT(*) AS `total_found` FROM `members` WHERE `username`='$username' AND `password`='$old_pass' LIMIT 1;";
$result = mysql_query($sql) or die (mysql_error());
$row = mysql_fetch_assoc($result);
$total_found = $row['total_found'];
if (($total_found == 1) && ($new_pass1 == $new_pass2)){
	$sql = "UPDATE `members` SET `password`='$new_pass1' WHERE `username`='$username';";
	mysql_query($sql) or die (mysql_error());
	header("location:./");
	exit();
}
else{
	print "Error processing Password change. Please try again";
}
}
if ($_GET['pass_change_form'] == true && $_SESSION['is_valid'] == true){
?>
<form method="POST" action="?change_pass=true">
	<table border="0">
		<tr>
			<td>Old Password:</td>
			<td><input type="password" name="old_pass"></td>
		</tr>
		<tr>
			<td>New Password:</td>
			<td><input type="password" name="pass1"></td>
		</tr>
		<tr>
			<td>New Password(Again):</td>
			<td><input type="password" name="pass2"></td>
		</tr>
		<tr>
			<td> </td>
			<td><input type="submit" value="Submit"></td>
		</tr>
	</table>
</form>
<?php
}
else{
header("location:./");
exit();
}

 

Try that, had some things mixed up.

Link to comment
Share on other sites
Zane Prolific Member

Zane

Posted
Posted

This thread is going nowhere..

 

Seriously, you've came and reported to use every single possible error there could be..one at a time.

at this rate, this thread will go over 30 pages, which is really stupid for a small project like this

 

 

Like, everyone said..read a tutorial or hire a freelancer..

those are your BEST options.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.