Kristoff1875 Posted November 13, 2009 Share Posted November 13, 2009 Hi, first time poster, have developed a little members system and now need some help to finish it off. Basically, the site admin has a form he can fill in to add a new username and password to a MySQL database. This works great. The username and password can then be used to login to the members only page of the website which will have offers etc for the Club (the website is for a Club) VIP members. Everything works great, except for I can't seem to figure out how the members can change their password. Ideally this would be a link that pops up a window with fields saying: Old Password, New Password, Confirm New Password. Not entirely sure how this should work, any advice is great. Here is the code currently used: <?php $host="localhost"; // Host name $username="******"; // Mysql username $password="******"; // Mysql password $db_name="******"; // Database name $tbl_name="******"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php?=$myusername"); } else { header("location:error.php"); } ?> Any help appreciated. Cheers Quote Link to comment Share on other sites More sharing options...
lemmin Posted November 13, 2009 Share Posted November 13, 2009 You would accept the values from your form (Old Password, New Password, Confirm New Password), check that the old password matches (the same way you log a user in), and then update the database with the new password. $sql="UPDATE $tbl_name SET password='$mypassword' WHERE username='$myusername'"; Quote Link to comment Share on other sites More sharing options...
Kristoff1875 Posted November 13, 2009 Author Share Posted November 13, 2009 Thanks for the reply Lemmin, however I still don't fully grasp it. On the login success page it starts off as follows: <? session_start(); if(!session_is_registered(myusername)){ header("location:main_login.php"); } ?> Is that where it grasps which member is logged in and who's password it will be changing? Cheers Quote Link to comment Share on other sites More sharing options...
lemmin Posted November 13, 2009 Share Posted November 13, 2009 It looks like it sets a session variable myusername to be the username of the user who is logging in. So you can use that in the query when you are changing the password: $sql="UPDATE $tbl_name SET password='$mypassword' WHERE username='".$_SESSION['myusername']."'"; Quote Link to comment Share on other sites More sharing options...
Kristoff1875 Posted November 13, 2009 Author Share Posted November 13, 2009 Cheers for the help again. I have added the following with a form field (just to get the change password field working so far: // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Get values from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // Insert data into mysql $sql="UPDATE $tbl_name SET password='$mypassword' WHERE username='".$_SESSION['myusername']."'"; $result=mysql_query($sql); // if successfully insert data into database, displays message "Successful". if($result){ echo "Successful"; echo "<BR>"; echo "<a href='insert.php'>Back to main page</a>"; } else { echo "ERROR"; } // close connection mysql_close(); ?> Everything goes through fine on the website, but when I try the login again, the new password doesn't work, and the old one still does? Quote Link to comment Share on other sites More sharing options...
Kristoff1875 Posted November 14, 2009 Author Share Posted November 14, 2009 Anyone any ideas? Cheers Quote Link to comment Share on other sites More sharing options...
Kristoff1875 Posted November 16, 2009 Author Share Posted November 16, 2009 Polite Bump Quote Link to comment Share on other sites More sharing options...
Kristoff1875 Posted November 17, 2009 Author Share Posted November 17, 2009 Sorted it now! Forgot to carry the session in to the page handling the request!! DOH! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.