Jump to content


Photo

Help with Sessions - password change


  • Please log in to reply
3 replies to this topic

#1 dgerler

dgerler
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 18 August 2006 - 11:22 AM

Hello,
  This is my first post here. I have been working with php as a hobbyist for a couple of years, but have never setup a site that requires passwords. I have gone through the "Memebership System" tutorial with great success (I think  ;) ).

  My problem comes in when I try to add a page for the user to change their password. My code is below. For some reason the email address doesn't get carried over from the form. I get the message about forgetting the email address knucklehead.

this is my pwchange.php and change_pw.html is below that.

<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Automated </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="images2/style.css" rel="stylesheet" type="text/css" />
</head>
<body>

<div id="HEADER">
<?php include "./common/header.php"; ?>
</div> <!-- header -->

<div id="PATH">
	<p><a href="#">Home</a></p>
</div> <!-- PATH -->

<div id="SIDEBAR">
	<h2>RECENT NEWS</h2>
	<p class="Date">August 17, 2006</p>
	<p>The Dream Begins. I registered it.</p>
	<p class="More"><a href="#">Read More</a></p>
	
	<h2>Members</h2>
	<p></p>
	<p></p>
	<p></p>
</div> <!-- sidebar -->

<div id="CONTENT">

<? 
include './common/db.php'; 

switch($_POST['change']){ 
    default: 
    include 'change_pw.html'; 
    break; 
     
    case "change": 
    change_pw($_POST['email_address'], $POST['password']); 
    break; 
} 
function change_pw($email_address, $password){ 
	
    if(!$email_address){ 
        echo "You forgot to enter your Email address,   
            <strong>Knucklehead</strong><br />"; 
        include 'change_pw.html'; 
        exit(); 
    } 
    if(!$password){ 
        echo "You forgot to enter your new password,   
            <strong>Knucklehead</strong><br />"; 
        include 'change_pw.html'; 
        exit(); 
    } 

    
    // quick check to see if record exists     
    $sql_check = mysql_query("SELECT * FROM users WHERE email_address='$email_address'"); 
    $sql_check_num = mysql_num_rows($sql_check); 
    if($sql_check_num == 0){ 
        echo "No records found matching your email address<br />"; 
        include 'change_pw.html'; 
        exit(); 
    } 
      
     

    $db_password = md5($password); 
     
    $sql = mysql_query("UPDATE users SET password='$db_password'  
                WHERE email_address='$email_address'"); 
     
    $subject = "Your Password!"; 
    $message = "Hi, you have changed your password. 
     
    New Password: $password 
     
     
     
    Thanks! 
    The Webmaster 
     
    This is an automated response, please do not reply!"; 
     
    mail($email_address, $subject, $message, "From: Webmaster<admin@mydomain.com>n 
        X-Mailer: PHP/" . phpversion()); 
    echo "Your password has been sent! Please check your email!<br />"; 
    include 'login_form.html'; 
} 
?>


</div> <!-- content -->

<div id="FOOTER">
<?php include "./common/footer.php"; ?>

</div> <!-- footer -->
</body>
</html>

this is the change_pw.html

<form method="post" action="pwchange.php">

Email Address: <input class="text" value="<?php echo $email_address; ?>" name="email_address"><br />
New Password: <input type="password" value="" name="password"><br />

<input type="hidden" name="change" value="change"><br />
<input type="submit" value="Submit Form"> <input type="reset" value="Reset Form">
</form>



#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 18 August 2006 - 11:27 AM

have a look at your html source and make sure echo $email_address is actually echoed out correctly...

I suspect a register_globals issue or you have neglected to set something before the form is output.
follow me on twitter @PHPsycho

#3 dgerler

dgerler
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 18 August 2006 - 11:44 AM

Doh!

When working on a reply to ToonMariner  I found a missing _ in $POST['password'] ...

I obviously did the same thing when trying to echo the email address .. so I had the error becuase the password wasn't making it through.

I am now able to change my password.  :)

Dave


#4 dgerler

dgerler
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 19 August 2006 - 10:15 AM

Okay.. I found the problem that caused the password to not be carried through correctly.

My next question has to do with requiring them to be logged in to change password.

Remember that I am new to sessions.

I started fresh today and went directly to the pwchange.php page and was able to change the password. With my page this way, anyone could change someones password by knowing their email address.

This really is part of a broader problem I have, which is how do I require someone to be logged into a session in order to view a page. after that, limit who can change the password for a user.

I could require them to enter their old password and check it before processing the change, but that won't help with the other problem.

Dave






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users