Jump to content

Recommended Posts

Hiya Peeps,

 

Heres my code.

 

function ChangePassword($coldpassword, $cnewpassword, $ccnewpassword, $csaltv = "pepper925") {

	$password->salt = mysql_real_escape_string(trim(addslashes(strip_tags(sha1($csaltv)))));
	$password->old =  mysql_real_escape_string(trim(addslashes(strip_tags(md5($coldpassword . $password->salt)))));
	$password->new =  mysql_real_escape_string(trim(addslashes(strip_tags(md5($cnewpassword . $password->salt)))));
	$password->conf = mysql_real_escape_string(trim(addslashes(strip_tags(md5($ccnewpassword . $password->salt)))));


	$session->username =  mysql_real_escape_string(trim(addslashes(strip_tags($_SESSION['username']))));		
	$session->id =        mysql_real_escape_string(trim(addslashes(strip_tags($_SESSION['id']))));	

	print 'New: ' . $password->new . '<br> Conf: ' . $password->conf . '<br> Old: ' . $password->old . '<br><br>';

    $passwordsql->checkpassword = "SELECT * FROM `members` WHERE username = '$session->username' AND id = '$session->id' AND password = '$password->old'";
	$passwordsql->runcheckpassword = mysql_query($passwordsql->checkpassword) or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR);

		while($passwordmatch = mysql_fetch_array($passwordsql->runcheckpassword)) {

		if($password->new = $password->conf) {


			if($password->old = $passwordmatch['password']) {

				$passwordsql->changepassword = "UPDATE `members` SET password = '$password->new' WHERE username = '$session->username' AND id = '$session->id' AND password = '$password->old'";
				$passwordsql->runchangepassword = mysql_query($passwordsql->changepassword)	 or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR);

				$passwordchangedone = 'Your password was sucessfully changed';

				return ($passwordchangedone);

			} else {

				$passwordolddontmatch = 'Your old password does not match your current password please try again.';


				return ($passwordolddontmatch);

			}

		} else {

			$passwordsdonotmatch = "Your new password doesnt not match the new password confirmation";

			return ($passwordsdonotmatch);

		}

	}


}

 

I need to fix the if() statments because all they do is update the password and when i deliberately enter the password and confirm password wrong no error is displayed.

 

Many thanks,

 

James.

You are very correct mate but i have no feedback.

 

Either which way '=' or '==' they both are working for some reason.

 

I have no error being displayed if i get the details correct all it does it change to password and return the successful message.

 

Many thanks,

 

James.

no they are not working in the way you think.

 

when the assignment operator (=) is in an if statement, it will assign the value of the right hand operand to the left hand operand and return true

 

IE the following

if ($i = 5){
//
}

Will assign $i with the value of 5, and return true because it successfully assigned the value of 5 to $i. However, you want to use the comparison operator (==), which will compare values. Right now your if statements assign the value of, for example, password->new to password->conf, in the following if statement

if($password->new = $password->conf)

 

this will always run true because it will succeed in assigning the value to the password->new variable. This won't return any errors because this is valid syntax. Sometmes you want to use the assignment operator in a boolean statement, like, for example, iterating through a mysql result with mysql_fetch_array, like in the following example

 

$sql = mysql_query("Select * From table");

while($row = mysql_fetch_array($sql)){
//do stuff with data
}

 

but in your case you want to use the comparison operator

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.