Jump to content

change password for profile page. working but not? help please


Recommended Posts

Hey All,

 

I am starting to build my profile page for members,  and I figured id start with changing the users password.

 

I based some code off my forgot password page, and molded it to my needs.  Now the weird thing is, I created a little script that will view my users info form the database, after I submit my password change request, it updates the MD5 password field in the database, but I cannot log on.  Also after I click submit, the new password field shows a long string of characters.

 

Any help appreciated,

 

<?php
$sheet_name = "tbnl-profile";
include ("../inc/control.php"); //main inc dir.
include ("inc/tbnl-functions.php"); //users inc dir.
include ("inc/tbnl-header.php");
include ("../inc/page-top.php");
echo $content;
echo <<< _END
<form method='post' action='tbnl-profile.php'
enctype='multipart/form-data'>
Enter or edit your details and/or upload an image:<br />
<textarea name='text' cols='40' rows='3'>$text</textarea><br />
Image: <input type='file' name='image' size='14' maxlength='32' />
<input type='submit' value='Save Profile' />
</pre>
</form>
_END;

if (isset($_POST['pass'])) {
    $pass = sanitizeString($_POST['pass']);
    $newpass = sanitizeString($_POST['newpass']);
    if ($pass == "" || $newpass == "") {
        $error = "<p class=\"main-text\">Not all fields were entered</p><br />";
    } else {
        $res = mysql_query("select * from tbnlmembers where user='$user'") or die("cannot select from email");
        $row = mysql_fetch_array($res);
        $user = $row["user"];
        $password = $row["newpass"];
        $newpass = md5($password);
        mysql_query("update tbnlmembers set pass='$newpass' where user='$user'") or die("cannot send your password");
    }
}
//if (strlen($password) < 3 or strlen($password) >  {
//    $msg = $msg . "Password must be more than 3 char legth and maximum 8 char lenght<BR>";
//    $status = "NOTOK";
//}

//if ($password <> $password2) {
//    $msg = $msg . "Both passwords are not matching<BR>";
//    $status = "NOTOK";
//}
echo <<< _END
<br />
<br />
<div id="user-login-form">
<form action="tbnl-profile.php" method="post" enctype="multipart/form-data"">
$error
<ul class="single">
	<li><label>Password</label><input type='password' maxlength='32' name='pass' value='$pass' /></li>
	<li><label>New Password</label><input type='password' maxlength='32' name='newpass' value='$newpass' /></li>
	<li><input type="submit" name="submit" value="Submit" /></li>
</ul>
</form>
</div>
_END;

include ("../inc/page-bot.php");
?>

idk if you meant to do the following, but shouldnt

$password = $row["newpass"];
        $newpass = md5($password);

 

be something like

$newpass = md5($newpass);

 

based on what it is now, you are taking the value from the newpass column of your table (which i'm not entirely sure actually exists) MD5-ing that value and setting it as the actual password. The password entered in the form doesn't even take part in the script at all

Ok,

 

Ya  I  misunderstood what i was doing, with a bit more research i was able to figure it out.

 

Here is what I did,  Is this an OK way of doing this??

 

<?php
$sheet_name = "tbnl-profile";
include ("../inc/control.php"); //main inc dir.
include ("inc/tbnl-functions.php"); //users inc dir.
include ("inc/tbnl-header.php");
include ("../inc/page-top.php");
echo $content;
if (!isset($_SESSION['user']))
    die("<br /><br />You need to login to view this page");
$user = $_SESSION['user'];
if (isset($_POST['pass'])) {
    $pass = sanitizeString($_POST['pass']);
    $newpass = sanitizeString($_POST['newpass']);
    if ($pass == "" || $newpass == "") {
        $error = "<p class=\"main-text\">Not all fields were entered</p><br />";
    } else {
        mysql_query("select * from tbnlmembers where user='$user'") or die("cannot select from email");
        $newpass = md5($newpass);
        mysql_query("update tbnlmembers set pass='$newpass' where user='$user'") or die("cannot send your password");
    }
}
//if (strlen($password) < 3 or strlen($password) >  {
//    $msg = $msg . "Password must be more than 3 char legth and maximum 8 char lenght<BR>";
//    $status = "NOTOK";
//}

//if ($password <> $password2) {
//    $msg = $msg . "Both passwords are not matching<BR>";
//    $status = "NOTOK";
//}
echo <<< _END
<br />
<br />
<div id="user-login-form">
<form action="tbnl-profile.php" method="post" enctype="multipart/form-data"">
$error
<ul class="single">
	<li><label>Password</label><input type='password' maxlength='32' name='pass' value='$pass' /></li>
	<li><label>New Password</label><input type='password' maxlength='32' name='newpass' value='$newpass' /></li>
	<li><input type="submit" name="submit" value="Submit" /></li>
</ul>
</form>
</div>
_END;

include ("../inc/page-bot.php");

ran into an extra problem,  decided to send the user off to a page that says the password has been changed,  then I give them a link to go back to the profile page.  When i click it it says I need ot be logged in to view the page.  I'm not sure why my session isn't being passed.

 

So my change password form has action=profile-update-page.php

 

<?php
$sheet_name = "tbnl-profile-updated";
include ("../inc/control.php"); //main inc dir.
include ("inc/tbnl-functions.php"); //users inc dir.
include ("inc/tbnl-header.php");
include ("../inc/page-top.php");
echo $content;
if (!isset($_SESSION['user']))
    die("<br /><br />You need to login to view this page");
$user = $_SESSION['user'];


if (isset($_POST['pass'])) {
    $pass = sanitizeString($_POST['pass']);
    $newpass = sanitizeString($_POST['newpass']);
    if ($pass == "" || $newpass == "") {
        $error = "<p class=\"main-text\">Not all fields were entered</p><br />";
    } else {
        mysql_query("select * from tbnlmembers where user='$user'") or die("cannot find user");
        $newpass = md5($newpass);
        mysql_query("update tbnlmembers set pass='$newpass' where user='$user'") or die("cannot reset password");
    }
}
//if (strlen($password) < 3 or strlen($password) >  {
//    $msg = $msg . "Password must be more than 3 char legth and maximum 8 char lenght<BR>";
//    $status = "NOTOK";
//}

//if ($password <> $password2) {
//    $msg = $msg . "Both passwords are not matching<BR>";
//    $status = "NOTOK";
//}
echo <<< _END
<br />
<div id="warning-box-ty"><p class="main-text">Your profile has been updated, please <a href="http://www.tbaynightlife.com/users/tbnl-profile.php?user=$user">Click Here</a> to return to your profile page.<br /><br /></p></div>
<br />
<p class="main-text">$user</p>
_END;
include ("../inc/page-bot.php");
?>

 

The user is still recognized here,  when i click the link just above, the session gets dropped.  any ideas?  This is one part im very unsure of

 

and this again is my profile page

 

<?php
$sheet_name = "tbnl-profile";
include ("../inc/control.php"); //main inc dir.
include ("inc/tbnl-functions.php"); //users inc dir.
include ("inc/tbnl-header.php");
include ("../inc/page-top.php");
echo $content;
if (!isset($_SESSION['user']))
    die("<br /><br />You need to login to view this page");
$user = $_SESSION['user'];


echo <<< _END
<br />
<br />
<div id="user-sign-up-form">
<form action="tbnl-profile-updated.php" method="post" enctype="multipart/form-data"">
$error
<ul class="single">
	<li><label>Current Password</label><input type='password' maxlength='32' name='pass' value='$pass' /></li>
	<li><label>New Password</label><input type='password' maxlength='32' name='newpass' value='$newpass' /></li>
	<li><input type="submit" name="submit" value="Submit" /></li>
</ul>
</form>
</div>
_END;

include ("../inc/page-bot.php");
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.