Help with PHP account script

[fintastik]

I am trying to write a script, that will let users change their password for their accounts on a online game.

 

Their account information is stored in a tblBillID mssql database, the fields are BillID and Password.

 

Now I obviously dont want everyone being able to change everyone elses password, so I am thinking I will have to create a form with a Login and Password field, and a New Password field.  If the Login and Password match with the account on the database, then it will run a sql query to update the password field with the 'NewPassword' field on the form.

 

Im just stuck with regards to matching the Login and Password from my web form,  with the account information stored on the database.

 

I have a query that I think should work

            $accquery = "UPDATE tblBillID set Password = '".$_POST['NewPassword']."' where BillID = '".$_POST['loginID']."'";
            $accresult = odbc_exec($conn,$accquery);
            odbc_close($conn);
            echo "<b>Account Has Been Updated</b>";
            exit;

 

This is the form I will use:

            <form action="" method="post">
<table><tr><td>

Login:</td><td>
<input name="loginID" type="text" maxlength="14" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

Password:</td><td>
<input name="Password" type="password" maxlength="28" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

Retype Password:</td><td>
<input name="Password2" type="password" width="100" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

New Password:</td><td>
<input name="NewPassword" type="text" maxlength="30" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

Retype New Password:</td><td>
<input name="NewPassword2" type="text" width="100" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>

<tr>

<td><input type="submit" name="Create" value="Update Account!"></td>
                  </tr>
               </table>
            </form>

 

If anyone could explain how would be the best way to make sure my loginID and Password form values match with my database BillID and Password fields before updating the Password field with 'NewPassword' it would be greatly appreciated.

[fintastik]

Ok, I got it to work using this:

 

    if ($valid == true) {

            $accquery = "UPDATE tblBillID set Password = '".$_POST['NewPassword']."' where BillID = '".$_POST['loginID']."' and Password = '".$_POST['Password']."'";
            $accresult = odbc_exec($conn,$accquery);
            odbc_close($conn);
            echo "<b>Account Has Been Updated</b>";
            exit;
         }
      
  
  if ($valid == false) {
  echo "<b>Please type your information again, make sure it matches!</b>";}
  

}
}
?>

<script type="text/javascript">
<!--
var letters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz '
var numbers='1234567890'
var custom='@.?'

function alpha(e,allow) {
var k;
k=document.all?parseInt(e.keyCode): parseInt(e.which);
return (allow.indexOf(String.fromCharCode(k))!=-1);
}
//form clear function
function clearDefault(el) {
  if (el.defaultValue==el.value) el.value = ""
}
// -->
</script>

            <form action="" method="post">
<table><tr><td>

Login:</td><td>
<input name="loginID" type="text" maxlength="14" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

Password:</td><td>
<input name="Password" type="password" maxlength="28" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

Retype Password:</td><td>
<input name="Password2" type="password" width="100" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

New Password:</td><td>
<input name="NewPassword" type="text" maxlength="30" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>

Retype New Password:</td><td>
<input name="NewPassword2" type="text" width="100" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>

<tr>

<td><input type="submit" name="Create" value="Update Account!"></td>
                  </tr>
               </table>
            </form>
      

 

Now I ran into a different problem.  The script works and only updates  the database information if the login and password match with the database, but if it doesnt match, no rows get updated in the database, but it still displays the 'Account has been updated' because the  query was completed even though it updated no rows.

 

I realize I should probably have posted this in the MSSQL forum, but it doesnt seem to active so I tried here first.

 

Any help to get it to display Account has been updated only if rows were changed in the db?

[fintastik]

anyone have any ideas?

[pengu]

<?php

if (mysql_num_rows($result) == 1) {
	echo "You already have this item.";
	exit();
}

?>

 

Adjust accordingly.

[fintastik]

Thank you sir,

 

Works perfectly

[fintastik]

I spoke to soon,

if (mysql_num_rows($result) == 1) {





echo "You already have this item.";





exit();



}

 

Now it echos 'You already have this item' even when it successfully updates a row.

 

Here is how I am using it, possibly wrong?

    if ($valid == true) {

            $accquery = "UPDATE tblBillID set Password = '".$_POST['NewPassword']."' where BillID = '".$_POST['loginID']."' and Password = '".$_POST['Password']."'";
            $accresult = odbc_exec($conn,$accquery);

            odbc_close($conn);}
					if (mssql_num_rows($accquery) == 0) {
echo "Incorrect Password";
exit;
}
else
            {echo "<b>Account Has Been Updated</b>";
            exit;
         }

}

 

 

[pengu]

Sorry for late reply.

 

Try this..

if (mysql_num_rows($result) != 1)