Jump to content

Archived

This topic is now archived and is closed to further replies.

techiefreak05

whats wrong?? (change password form)

Recommended Posts

[code]<?php
include("database.php");

$md5pass1 = md5($_POST['newpass']);
$username = $_SESSION['username'];

if(isset($_POST['sublogin'])){
mysql_select_db('zyco_zycologin')
or die('Error, cannot select mysql database');

$query = "UPDATE password SET password = PASSWORD($md5pass1)". "WHERE username = $username";

mysql_query($query) or die(error! password was NOT updated!);
}
?>

<form action="" method="post">
<table align="center" border="0" cellspacing="0" cellpadding="3" BGCOLOR=56A5EC>
<tr><td >Username:</td><td><input type="text" name="newpass" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Update Password"></td></tr>

[/code]

id there anything obviously wrong with this?? there is somethnig wrong with the "mysql_query($query) or die(error! password was NOT updated!);"

Share this post


Link to post
Share on other sites
[code]$query = "UPDATE password SET password = PASSWORD($md5pass1)". "WHERE username = $username";[/code]

should be

[code]$query = "UPDATE users SET password = PASSWORD($md5pass1)". "WHERE username = $username";[/code]

i tried that, but i still get the error


Share this post


Link to post
Share on other sites
The SET PASSWORD statement assigns a password to an existing MySQL user account.

Syntax is, according to MySql documentation :

[code]SET PASSWORD [FOR user] = PASSWORD('some password')[/code]

and not UPDATE.


Share this post


Link to post
Share on other sites
So , how would I fix my code? I tried the code you said but it still doesnt work.. and yes i edited the code...

Share this post


Link to post
Share on other sites
or

[code=php:0]"UPDATE users SET password = '$md5pass1' WHERE username = '$username'"[/code]

Share this post


Link to post
Share on other sites
Now I get confused. Let's  get this clear: are you updating a password in one of your own tables, or are you updating a password for an existing MySQL user account?

Share this post


Link to post
Share on other sites
I just did this as a test

[code=php:0]<?php
include("db.php");
$username = "test";
$pass = "test1234";
$password = md5($pass);
$sql ="UPDATE users SET password = '$password' WHERE username = '$username'";
$result = mysql_query($sql) or die(mysql_error());
if (!$result) {
    echo "There was an error";
}else{
    echo "password was reset to $pass";
}
?>[/code]

It worked just fine.

Share this post


Link to post
Share on other sites
I should use the user id instead of the username, username is not really a unique value, unless you make sure that when a user registers, it can not register a duplicate username, however look out for phishing then...

Share this post


Link to post
Share on other sites
You should realy have two fields, one for the password and another to confirm the new password. 

Here is a code that I tested. So I know that it works.

[code=php:0]<?php
if (isset($submit)) {
    if ((!$password) || (!$confirm)) {
        echo "You must enter both fields";
        exit;
    }
    if ($password !== $confirm) {
        echo "Your passwords do not match";
        exit;
    }
    include("db.php");
    $username = $_SESSION['username'];
    $mdpwd = md5($password);
    $sql ="UPDATE users SET password = '$mdpwd' WHERE username = '$username'";
    $result = mysql_query($sql) or die(mysql_error());
     if (!$result) {
         echo "There was an error";
    }else{
         echo "password was reset to $password";
    }
}
?>
//put your html below here
[/code]

Hope this helps,
Tom

Share this post


Link to post
Share on other sites
Also I just noticed that you did not have anything in the action"" If you did not already fix this, you will need to put the name of this file in there.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.