Jump to content

Change Password Script

Hooo

By Hooo
in PHP Coding Help

 Share

Recommended Posts

Hooo Newbie

Hooo

Posted
Posted

Hi, I believe the main part of the code is correct, however the logic I believe is wrong. I know there are many misplaces { and } and would like to know what to change to make it work.

 

Thanks.

 

<html>
<body>

<?php

include 'config.php';
include 'opendb.php';

session_start();

$opass = $_POST["opass"];
$npass = $_POST["npass"];
$npass1 = $_POST["npass1"];
$salt = 's+(_a*';
$salt_passo = md5($opass.$salt);
$salt_passn = md5($npass.$salt);
$result = mysql_query("SELECT userpass FROM Users WHERE usname = '" .$_SESSION['usname'] . "'"); 

if(isset($_SESSION['usname']))
{

else {
if ($salt_passo != $result) {
echo "Your old password was entered incorrectly";

} else {
if ($salt_passo != $salt_passn) {
echo "The two new password didn't match";

} else {

$sql=mysql_query(UPDATE Users SET userpass='$salt_passn' WHERE usname = '" .$_SESSION['usname'] . "'");

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
}
}
}
}
else
{

echo '<meta http-equiv="refresh" content="2;url=index.php">';

}

?>

</body>
</html>

Link to comment
Share on other sites
bundyxc Member

bundyxc

Posted
Posted

Honestly, your logic is so screwed up, I have no clue what you're even trying to do.

Either document your code, or let us know what you're trying to do... but honestly, if a human can't understand your code, your computer won't be able to do it.

 

Comment your lines with 

//Comment goes here.

Link to comment
Share on other sites
Hooo Newbie

Hooo

Posted
  • Author
Posted

Basically, the script is to change a password once a member is logged in.

 

So first I include the files, start the session and ask if a session is set. If it is ( { ) then the elses happen, like if old password inputted into form beforehand matches pass in database, carry on, if not, echo error basically. Then it checks that both New Password and Confirm New Password fields are matching, and carries on and does the SQL update.

 

At the end, the if session set ends with a redirect to index, which is the login page.

 

Hope you understand? :)

 

Thanks, I know it isn't pretty either :P

Link to comment
Share on other sites
AngelicS Newbie

AngelicS

Posted
Posted

Try this =)

<?php

include 'config.php';
include 'opendb.php';

session_start();

$opass = $_POST["opass"];
$npass = $_POST["npass"];
$npass1 = $_POST["npass1"];
$salt = 's+(_a*';
$salt_passo = md5($opass.$salt);
$salt_passn = md5($npass.$salt);
$result = mysql_query("SELECT userpass FROM Users WHERE usname = '{$_SESSION['usname']}'") or die(mysql_error()); 

if(isset($_SESSION['usname']))
{

if ($salt_passo != $result) 
{
echo "Your old password was entered incorrectly";
}
elseif ($salt_passo != $salt_passn)
{
echo "The two new password didn't match";
} 
else 
{
mysql_query("UPDATE `Users` SET `userpass`='{$salt_passn}' WHERE `usname` = '{$_SESSION['usname']}'") or die("Error: ".mysql_error());
}
}
else
{
echo '<meta http-equiv="refresh" content="2;url=index.php">';
}

?>

 

I think you've been programming another language for a while, and newly started PHP?

 

Instead of doing the following

 

else{
if{

And forget to close both of them

Try using the

 

elseif()
{}

 

=)

 

Best wishes

//AngelicS

Link to comment
Share on other sites
Hooo Newbie

Hooo

Posted
  • Author
Posted

Done what you have suggested, however now when I enter the old pass, plus a new passX2, I get: Your old password was entered incorrectly.

 

Could this be something to do with the encrypting?

 

I believe I have used the same algorithm of md5 + $salt

 

Thanks

Link to comment
Share on other sites
AngelicS Newbie

AngelicS

Posted
Posted 

$result = mysql_query("SELECT userpass FROM Users WHERE usname = '{$_SESSION['usname']}'") or die(mysql_error());

 

if you try to echo the variable $results, I think that you wont get anything =)

Am I right?

 

If I am, try doing it like this instead:

 

$result = mysql_query("SELECT userpass FROM Users WHERE usname = '{$_SESSION['usname']}'") or die(mysql_error()); 
$row=mysql_fetch_assoc($result);

 

And then when you get to the if statement, change it to this:

 

if ($salt_passo != $row['userpass']) 
{
   echo "Your old password was entered incorrectly";
}

 

Best wishes

//AngelicS

Link to comment
Share on other sites
Hooo Newbie

Hooo

Posted
  • Author
Posted

No, the code I have (Changed from first time I posted)

 

elseif ($npass != $npass1)
{
echo "The two new password didn't match";
}

 

and the Variables:

 

$opass = $_POST["opass"];
$npass = $_POST["npass"];
$npass1 = $_POST["npass1"];
$salt = 's+(_a*';
$salt_passo = md5($opass.=$salt);
$salt_passn = md5($npass.=$salt);

Link to comment
Share on other sites
Hooo Newbie

Hooo

Posted
  • Author
Posted

Edited my post, sorry, noticed that mistake ;)

 

There is no need to check when both are encrypted as it will encrypt with the SQL anyway, so I checked npass != npass1. Both of which are taken directly from the previous form, and should both be filled with the same password.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.