blesseld Posted September 2, 2009 Share Posted September 2, 2009 Hey All, I am starting to build my profile page for members, and I figured id start with changing the users password. I based some code off my forgot password page, and molded it to my needs. Now the weird thing is, I created a little script that will view my users info form the database, after I submit my password change request, it updates the MD5 password field in the database, but I cannot log on. Also after I click submit, the new password field shows a long string of characters. Any help appreciated, <?php $sheet_name = "tbnl-profile"; include ("../inc/control.php"); //main inc dir. include ("inc/tbnl-functions.php"); //users inc dir. include ("inc/tbnl-header.php"); include ("../inc/page-top.php"); echo $content; echo <<< _END <form method='post' action='tbnl-profile.php' enctype='multipart/form-data'> Enter or edit your details and/or upload an image:<br /> <textarea name='text' cols='40' rows='3'>$text</textarea><br /> Image: <input type='file' name='image' size='14' maxlength='32' /> <input type='submit' value='Save Profile' /> </pre> </form> _END; if (isset($_POST['pass'])) { $pass = sanitizeString($_POST['pass']); $newpass = sanitizeString($_POST['newpass']); if ($pass == "" || $newpass == "") { $error = "<p class=\"main-text\">Not all fields were entered</p><br />"; } else { $res = mysql_query("select * from tbnlmembers where user='$user'") or die("cannot select from email"); $row = mysql_fetch_array($res); $user = $row["user"]; $password = $row["newpass"]; $newpass = md5($password); mysql_query("update tbnlmembers set pass='$newpass' where user='$user'") or die("cannot send your password"); } } //if (strlen($password) < 3 or strlen($password) > { // $msg = $msg . "Password must be more than 3 char legth and maximum 8 char lenght<BR>"; // $status = "NOTOK"; //} //if ($password <> $password2) { // $msg = $msg . "Both passwords are not matching<BR>"; // $status = "NOTOK"; //} echo <<< _END <br /> <br /> <div id="user-login-form"> <form action="tbnl-profile.php" method="post" enctype="multipart/form-data""> $error <ul class="single"> <li><label>Password</label><input type='password' maxlength='32' name='pass' value='$pass' /></li> <li><label>New Password</label><input type='password' maxlength='32' name='newpass' value='$newpass' /></li> <li><input type="submit" name="submit" value="Submit" /></li> </ul> </form> </div> _END; include ("../inc/page-bot.php"); ?> Quote Link to comment https://forums.phpfreaks.com/topic/172864-change-password-for-profile-page-working-but-not-help-please/ Share on other sites More sharing options...
mikesta707 Posted September 2, 2009 Share Posted September 2, 2009 idk if you meant to do the following, but shouldnt $password = $row["newpass"]; $newpass = md5($password); be something like $newpass = md5($newpass); based on what it is now, you are taking the value from the newpass column of your table (which i'm not entirely sure actually exists) MD5-ing that value and setting it as the actual password. The password entered in the form doesn't even take part in the script at all Quote Link to comment https://forums.phpfreaks.com/topic/172864-change-password-for-profile-page-working-but-not-help-please/#findComment-911078 Share on other sites More sharing options...
blesseld Posted September 2, 2009 Author Share Posted September 2, 2009 Ok, Ya I misunderstood what i was doing, with a bit more research i was able to figure it out. Here is what I did, Is this an OK way of doing this?? <?php $sheet_name = "tbnl-profile"; include ("../inc/control.php"); //main inc dir. include ("inc/tbnl-functions.php"); //users inc dir. include ("inc/tbnl-header.php"); include ("../inc/page-top.php"); echo $content; if (!isset($_SESSION['user'])) die("<br /><br />You need to login to view this page"); $user = $_SESSION['user']; if (isset($_POST['pass'])) { $pass = sanitizeString($_POST['pass']); $newpass = sanitizeString($_POST['newpass']); if ($pass == "" || $newpass == "") { $error = "<p class=\"main-text\">Not all fields were entered</p><br />"; } else { mysql_query("select * from tbnlmembers where user='$user'") or die("cannot select from email"); $newpass = md5($newpass); mysql_query("update tbnlmembers set pass='$newpass' where user='$user'") or die("cannot send your password"); } } //if (strlen($password) < 3 or strlen($password) > { // $msg = $msg . "Password must be more than 3 char legth and maximum 8 char lenght<BR>"; // $status = "NOTOK"; //} //if ($password <> $password2) { // $msg = $msg . "Both passwords are not matching<BR>"; // $status = "NOTOK"; //} echo <<< _END <br /> <br /> <div id="user-login-form"> <form action="tbnl-profile.php" method="post" enctype="multipart/form-data""> $error <ul class="single"> <li><label>Password</label><input type='password' maxlength='32' name='pass' value='$pass' /></li> <li><label>New Password</label><input type='password' maxlength='32' name='newpass' value='$newpass' /></li> <li><input type="submit" name="submit" value="Submit" /></li> </ul> </form> </div> _END; include ("../inc/page-bot.php"); Quote Link to comment https://forums.phpfreaks.com/topic/172864-change-password-for-profile-page-working-but-not-help-please/#findComment-911147 Share on other sites More sharing options...
mikesta707 Posted September 2, 2009 Share Posted September 2, 2009 looks fine to me.. does it work? Quote Link to comment https://forums.phpfreaks.com/topic/172864-change-password-for-profile-page-working-but-not-help-please/#findComment-911148 Share on other sites More sharing options...
blesseld Posted September 2, 2009 Author Share Posted September 2, 2009 Indeed it does, didn't realize i could cut all that other crap out. Quote Link to comment https://forums.phpfreaks.com/topic/172864-change-password-for-profile-page-working-but-not-help-please/#findComment-911149 Share on other sites More sharing options...
blesseld Posted September 2, 2009 Author Share Posted September 2, 2009 ran into an extra problem, decided to send the user off to a page that says the password has been changed, then I give them a link to go back to the profile page. When i click it it says I need ot be logged in to view the page. I'm not sure why my session isn't being passed. So my change password form has action=profile-update-page.php <?php $sheet_name = "tbnl-profile-updated"; include ("../inc/control.php"); //main inc dir. include ("inc/tbnl-functions.php"); //users inc dir. include ("inc/tbnl-header.php"); include ("../inc/page-top.php"); echo $content; if (!isset($_SESSION['user'])) die("<br /><br />You need to login to view this page"); $user = $_SESSION['user']; if (isset($_POST['pass'])) { $pass = sanitizeString($_POST['pass']); $newpass = sanitizeString($_POST['newpass']); if ($pass == "" || $newpass == "") { $error = "<p class=\"main-text\">Not all fields were entered</p><br />"; } else { mysql_query("select * from tbnlmembers where user='$user'") or die("cannot find user"); $newpass = md5($newpass); mysql_query("update tbnlmembers set pass='$newpass' where user='$user'") or die("cannot reset password"); } } //if (strlen($password) < 3 or strlen($password) > { // $msg = $msg . "Password must be more than 3 char legth and maximum 8 char lenght<BR>"; // $status = "NOTOK"; //} //if ($password <> $password2) { // $msg = $msg . "Both passwords are not matching<BR>"; // $status = "NOTOK"; //} echo <<< _END <br /> <div id="warning-box-ty"><p class="main-text">Your profile has been updated, please <a href="http://www.tbaynightlife.com/users/tbnl-profile.php?user=$user">Click Here</a> to return to your profile page.<br /><br /></p></div> <br /> <p class="main-text">$user</p> _END; include ("../inc/page-bot.php"); ?> The user is still recognized here, when i click the link just above, the session gets dropped. any ideas? This is one part im very unsure of and this again is my profile page <?php $sheet_name = "tbnl-profile"; include ("../inc/control.php"); //main inc dir. include ("inc/tbnl-functions.php"); //users inc dir. include ("inc/tbnl-header.php"); include ("../inc/page-top.php"); echo $content; if (!isset($_SESSION['user'])) die("<br /><br />You need to login to view this page"); $user = $_SESSION['user']; echo <<< _END <br /> <br /> <div id="user-sign-up-form"> <form action="tbnl-profile-updated.php" method="post" enctype="multipart/form-data""> $error <ul class="single"> <li><label>Current Password</label><input type='password' maxlength='32' name='pass' value='$pass' /></li> <li><label>New Password</label><input type='password' maxlength='32' name='newpass' value='$newpass' /></li> <li><input type="submit" name="submit" value="Submit" /></li> </ul> </form> </div> _END; include ("../inc/page-bot.php"); ?> Quote Link to comment https://forums.phpfreaks.com/topic/172864-change-password-for-profile-page-working-but-not-help-please/#findComment-911159 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.