Password Change Script doesn't work

[Russia]

I currently have a change password script.

 

This is it:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<?php
error_reporting(E_ALL);
$config = "inc/config.php";
if(file_exists($config))
{
    include($config);
}
else
{
    die("config dir incorrect<br />");
}

if (isset($_POST['chpass'])) 
{
    $member = $_POST['member'];
    $newPass = $_POST['newpass'];
    $result = mysql_query("SELECT * FROM `members` WHERE member_id = '$member'");
    if(mysql_num_rows($result)!=0)
    {
        $row = mysql_fetch_array($result);
        $pass = $row['passwd'];
        if(strcmp($_POST['oldpass'], $pass) == 0) 
        {
            $newPass = strip_tags(mysql_real_escape_string($newPass));
            mysql_query("UPDATE `members` SET passwd = '$newPass' where member_id = '$member'");
            echo "password changed";
        }
        else
        {
            echo "old password incorrect";    
        }
    }
    else
    {
        echo "Could not find memeber";    
    }
}

?>

<form action="accounts-password.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p>New Password: <input type="password" name="newpass" /></p>
<input type="submit" name="chpass" />
</form>

</body>
</html>

 

Basically it wont work, this is the error:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/sith717/public_html/accounts-password.php on line 27
Could not find memeber 

 

 

This is how the database table is structured:

+------------+----------+-----------+

| member_id | login | passwd |

+------------+----------+-----------+

| 1 | testing | testing |

+------------------------------------+

[Alex]

Right after the query is executed put:

 

if(!$result)
     echo mysql_error();

 

Post the result.

[mikesta707]

is the member_id column an int column? if so remove the single quotes around the $member variable in the query statement

[Alex]

is the member_id column an int column? if so remove the single quotes around the $member variable in the query statement

Even if it is of type INT it shouldn't cause that problem.

[mikesta707]

if its of type int, and you pass the value surrounded by single quotes, it will think you are trying to pass a string into an integer column, which will cause an mysql error, which in turn will destroy everything else

[Russia]

So what do I change?

 

I have no idea what you guys are talking about.

 

Its still not working...

[Alex]

So what do I change?

 

I have no idea what you guys are talking about.

 

Its still not working...

Do what I said and tell us the error it returns; or try what mikesta707 said (remove the quotes).

 

@mikesta707: Just to confirm I tested it, received no error.

[mikesta707]

it depends on your version of MYSQL. what version do you have? what is your table structure? have you tried removing the single quotes from your query?

[Russia]

ALSO! I MADE A MISTAKE I HAVE GIVEN YOU GUYS THE WRONG Column names!

 

Here is the correct version:

+------------+----------+-----------+

| id | username | password |

+------------+----------+-----------+

| 1 | testing | testing |

+------------------------------------+

 

WHAT DO I HAVE TO CHANGE IN MY SCRIPT?

 

And no I didnt change anything.

[mikesta707]

umm.. well what is the $member variable? is it the id column, or the username column? i would assume its the username column, so change the column 'member_id' to username, and keep the single quotes

[Russia]

I HAVE FIXED IT!

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<?php
error_reporting(E_ALL);
$config = "inc/config.php";
if(file_exists($config))
{
    include($config);
}
else
{
    die("config dir incorrect<br />");
}

if (isset($_POST['chpass'])) 
{
    $member = $_POST['member'];
    $newPass = $_POST['newpass'];
    $result = mysql_query("SELECT * FROM `members` WHERE id='1'");  
    if(mysql_num_rows($result)!=0)
    {
        $row = mysql_fetch_array($result);
        $pass = $row['password'];
        if(strcmp($_POST['oldpass'], $pass) == 0) 
        {
            $newPass = strip_tags(mysql_real_escape_string($newPass));
            mysql_query("UPDATE `members` SET password = '$newPass' where id = '$member'");
            echo "password changed";
        }
        else
        {
            echo "old password incorrect";    
        }
    }
    else
    {
        echo "Could not find memeber";    
    }
}

?>

<form action="accounts-password.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p>New Password: <input type="password" name="newpass" /></p>
<input type="submit" name="chpass" />
</form>

</body>
</html>

 

Thank You all for the help, but I want to add one thing, I want to make the New Password textbox show twice, like for verification like to see if they match. How do I do that?

[mikesta707]

just add another textbox that called confirm password, and before you do any queries test to see that newpass and confirmpass are both equal

[Russia]

How would i do that.

 

What would be the code for that?

[mikesta707]

the same way you made the first textbox... its simple html. to test them

$member = $_POST['member'];
$newPass = $_POST['newpass'];
$confirm = $_POST['comfirm'];

if ($newPass != $confirm){
echo "Passwords don't match";
exit();
}

[Russia]

Thank You. I have used your idea but changed it a bit, tell me how I did:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Untitled Document</title> 
</head> 

<body> 

<?php 
error_reporting(E_ALL); 
$config = "inc/config.php"; 
if(file_exists($config)) 
{ 
    include($config); 
} 
else 
{ 
    die("config dir incorrect<br />"); 
} 

if (isset($_POST['chpass']))  
{ 
    $newPass = $_POST['newpass']; 
    $veri = $_POST['veri']; 
    $strcmp = strcmp($newPass, $veri);
    if($strcmp == 0)
    {
        $result = mysql_query("SELECT * FROM `members` WHERE id = '1'"); 
        if(mysql_num_rows($result)!=0) 
        { 
            $row = mysql_fetch_array($result); 
            $pass = $row['password']; 
            if(strcmp($_POST['oldpass'], $pass) == 0)  
            { 
                $newPass = strip_tags(mysql_real_escape_string($newPass)); 
                mysql_query("UPDATE `members` SET password = '$newPass' where id = '$member'"); 
                echo "Your Password has been changed. You will now be logged out."; 
            } 
            else 
            { 
                echo "The old password is incorrect. Please try again.";     
            } 
        } 
        else 
        { 
            echo "Could not find the member you are changing the password for.";     
        } 
    }
    else
    {
        echo "Your new password's do not match. Please try again.";
    }
} 

?> 

<form action="accounts-password.php" method="POST"> 
<input type="hidden" name="member" value="1" /> 
<p>Old password: <input type="password" name="oldpass" /></p> 
<p>New Password: <input type="password" name="newpass" /></p> 
<p>Re-enter New Password: <input type="password" name="veri" /></p> 
<input type="submit" name="chpass" /> 
</form> 

</body> 

</html> 

[mikesta707]

seems fine... did you test it?

[Russia]

It works.

 

I need help with javascript now...