whats wrong?? (change password form)

[techiefreak05]

[code]<?php
include("database.php");

$md5pass1 = md5($_POST['newpass']);
$username = $_SESSION['username'];

if(isset($_POST['sublogin'])){
mysql_select_db('zyco_zycologin')
or die('Error, cannot select mysql database');

$query = "UPDATE password SET password = PASSWORD($md5pass1)". "WHERE username = $username";

mysql_query($query) or die(error! password was NOT updated!);
}
?>

<form action="" method="post">
<table align="center" border="0" cellspacing="0" cellpadding="3" BGCOLOR=56A5EC>
<tr><td >Username:</td><td><input type="text" name="newpass" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Update Password"></td></tr>

[/code]

id there anything obviously wrong with this?? there is somethnig wrong with the "mysql_query($query) or die(error! password was NOT updated!);"

[techiefreak05]

[code]$query = "UPDATE password SET password = PASSWORD($md5pass1)". "WHERE username = $username";[/code]

should be

[code]$query = "UPDATE users SET password = PASSWORD($md5pass1)". "WHERE username = $username";[/code]

i tried that, but i still get the error

[ronverdonk]

The SET PASSWORD statement assigns a password to an existing MySQL user account.

Syntax is, according to MySql documentation :

[code]SET PASSWORD [FOR user] = PASSWORD('some password')[/code]

and not UPDATE.

[techiefreak05]

So , how would I fix my code? I tried the code you said but it still doesnt work.. and yes i edited the code...

[tomfmason]

or

[code=php:0]"UPDATE users SET password = '$md5pass1' WHERE username = '$username'"[/code]

[techiefreak05]

thats not working either...

[ronverdonk]

Now I get confused. Let's  get this clear: are you updating a password in one of your own tables, or are you updating a password for an existing MySQL user account?

[techiefreak05]

updating a password for a table.. and the table is "users"

[tomfmason]

I just did this as a test

[code=php:0]<?php
include("db.php");
$username = "test";
$pass = "test1234";
$password = md5($pass);
$sql ="UPDATE users SET password = '$password' WHERE username = '$username'";
$result = mysql_query($sql) or die(mysql_error());
if (!$result) {
    echo "There was an error";
}else{
    echo "password was reset to $pass";
}
?>[/code]

It worked just fine.

[ignace]

I should use the user id instead of the username, username is not really a unique value, unless you make sure that when a user registers, it can not register a duplicate username, however look out for phishing then...

[techiefreak05]

I edited the code and it works, THANKS!!

[techiefreak05]

it said it worked! but it didnt.. the password wasnt changed!!

[tomfmason]

You should realy have two fields, one for the password and another to confirm the new password. 

Here is a code that I tested. So I know that it works.

[code=php:0]<?php
if (isset($submit)) {
    if ((!$password) || (!$confirm)) {
        echo "You must enter both fields";
        exit;
    }
    if ($password !== $confirm) {
        echo "Your passwords do not match";
        exit;
    }
    include("db.php");
    $username = $_SESSION['username'];
    $mdpwd = md5($password);
    $sql ="UPDATE users SET password = '$mdpwd' WHERE username = '$username'";
    $result = mysql_query($sql) or die(mysql_error());
     if (!$result) {
         echo "There was an error";
    }else{
         echo "password was reset to $password";
    }
}
?>
//put your html below here
[/code]

Hope this helps,
Tom

[tomfmason]

Also I just noticed that you did not have anything in the action"" If you did not already fix this, you will need to put the name of this file in there.