Jump to content


Photo

whats wrong?? (change password form)


  • Please log in to reply
13 replies to this topic

#1 techiefreak05

techiefreak05
  • Members
  • PipPipPip
  • Advanced Member
  • 494 posts
  • LocationER, MN

Posted 05 August 2006 - 09:16 AM

<?php
include("database.php");

$md5pass1 = md5($_POST['newpass']);
$username = $_SESSION['username'];

if(isset($_POST['sublogin'])){
mysql_select_db('zyco_zycologin')
or die('Error, cannot select mysql database');

$query = "UPDATE password SET password = PASSWORD($md5pass1)". "WHERE username = $username";

mysql_query($query) or die(error! password was NOT updated!);
}
?>

<form action="" method="post">
<table align="center" border="0" cellspacing="0" cellpadding="3" BGCOLOR=56A5EC>
<tr><td >Username:</td><td><input type="text" name="newpass" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Update Password"></td></tr>


id there anything obviously wrong with this?? there is somethnig wrong with the "mysql_query($query) or die(error! password was NOT updated!);"
Link shortener with advanced, detailed statistics:

http://tyny.us/

#2 techiefreak05

techiefreak05
  • Members
  • PipPipPip
  • Advanced Member
  • 494 posts
  • LocationER, MN

Posted 05 August 2006 - 09:21 AM

$query = "UPDATE password SET password = PASSWORD($md5pass1)". "WHERE username = $username";


should be

$query = "UPDATE users SET password = PASSWORD($md5pass1)". "WHERE username = $username";

i tried that, but i still get the error



Link shortener with advanced, detailed statistics:

http://tyny.us/

#3 ronverdonk

ronverdonk
  • Members
  • PipPipPip
  • Advanced Member
  • 277 posts
  • LocationNetherlands

Posted 05 August 2006 - 09:23 AM

The SET PASSWORD statement assigns a password to an existing MySQL user account.

Syntax is, according to MySql documentation :

SET PASSWORD [FOR user] = PASSWORD('some password')

and not UPDATE.



RTFM is an almost extinct art form, it should be subsidized.

#4 techiefreak05

techiefreak05
  • Members
  • PipPipPip
  • Advanced Member
  • 494 posts
  • LocationER, MN

Posted 05 August 2006 - 09:27 AM

So , how would I fix my code? I tried the code you said but it still doesnt work.. and yes i edited the code...
Link shortener with advanced, detailed statistics:

http://tyny.us/

#5 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 August 2006 - 09:28 AM

or

"UPDATE users SET password = '$md5pass1' WHERE username = '$username'"

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#6 techiefreak05

techiefreak05
  • Members
  • PipPipPip
  • Advanced Member
  • 494 posts
  • LocationER, MN

Posted 05 August 2006 - 09:31 AM

thats not working either...
Link shortener with advanced, detailed statistics:

http://tyny.us/

#7 ronverdonk

ronverdonk
  • Members
  • PipPipPip
  • Advanced Member
  • 277 posts
  • LocationNetherlands

Posted 05 August 2006 - 09:34 AM

Now I get confused. Let's  get this clear: are you updating a password in one of your own tables, or are you updating a password for an existing MySQL user account?

RTFM is an almost extinct art form, it should be subsidized.

#8 techiefreak05

techiefreak05
  • Members
  • PipPipPip
  • Advanced Member
  • 494 posts
  • LocationER, MN

Posted 05 August 2006 - 09:35 AM

updating a password for a table.. and the table is "users"
Link shortener with advanced, detailed statistics:

http://tyny.us/

#9 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 August 2006 - 09:45 AM

I just did this as a test

<?php
include("db.php");
$username = "test";
$pass = "test1234";
$password = md5($pass);
$sql ="UPDATE users SET password = '$password' WHERE username = '$username'";
$result = mysql_query($sql) or die(mysql_error());
if (!$result) {
     echo "There was an error";
}else{
    echo "password was reset to $pass";
}			 
?>

It worked just fine.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#10 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,431 posts
  • LocationBelgium

Posted 05 August 2006 - 10:00 AM

I should use the user id instead of the username, username is not really a unique value, unless you make sure that when a user registers, it can not register a duplicate username, however look out for phishing then...

#11 techiefreak05

techiefreak05
  • Members
  • PipPipPip
  • Advanced Member
  • 494 posts
  • LocationER, MN

Posted 05 August 2006 - 10:06 AM

I edited the code and it works, THANKS!!

Link shortener with advanced, detailed statistics:

http://tyny.us/

#12 techiefreak05

techiefreak05
  • Members
  • PipPipPip
  • Advanced Member
  • 494 posts
  • LocationER, MN

Posted 05 August 2006 - 10:07 AM

it said it worked! but it didnt.. the password wasnt changed!!
Link shortener with advanced, detailed statistics:

http://tyny.us/

#13 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 August 2006 - 10:34 AM

You should realy have two fields, one for the password and another to confirm the new password. 

Here is a code that I tested. So I know that it works.

<?php
if (isset($submit)) {
    if ((!$password) || (!$confirm)) {
        echo "You must enter both fields";
        exit;
    }
    if ($password !== $confirm) {
        echo "Your passwords do not match";
        exit;
    }
    include("db.php");
    $username = $_SESSION['username'];
    $mdpwd = md5($password);
    $sql ="UPDATE users SET password = '$mdpwd' WHERE username = '$username'";
    $result = mysql_query($sql) or die(mysql_error());
     if (!$result) {
         echo "There was an error";
    }else{
         echo "password was reset to $password";
    }
}
?>
//put your html below here

Hope this helps,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#14 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 05 August 2006 - 10:39 AM

Also I just noticed that you did not have anything in the action"" If you did not already fix this, you will need to put the name of this file in there.

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users