Jump to content

MySQL, Allow Member To Change Password?


Kristoff1875

Recommended Posts

Hi, first time poster, have developed a little members system and now need some help to finish it off.

 

Basically, the site admin has a form he can fill in to add a new username and password to a MySQL database. This works great.

 

The username and password can then be used to login to the members only page of the website which will have offers etc for the Club (the website is for a Club) VIP members.

 

Everything works great, except for I can't seem to figure out how the members can change their password. Ideally this would be a link that pops up a window with fields saying: Old Password, New Password, Confirm New Password.

 

Not entirely sure how this should work, any advice is great.

 

Here is the code currently used:

 

<?php
$host="localhost"; // Host name
$username="******"; // Mysql username
$password="******"; // Mysql password
$db_name="******"; // Database name
$tbl_name="******"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php?=$myusername");
}
else {
header("location:error.php");
}
?>

 

Any help appreciated.

 

Cheers

Link to comment
Share on other sites

You would accept the values from your form (Old Password, New Password, Confirm New Password), check that the old password matches (the same way you log a user in), and then update the database with the new password.

$sql="UPDATE $tbl_name SET password='$mypassword' WHERE username='$myusername'";

Link to comment
Share on other sites

Thanks for the reply Lemmin, however I still don't fully grasp it. On the login success page it starts off as follows:

 

<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

 

Is that where it grasps which member is logged in and who's password it will be changing?

 

Cheers

Link to comment
Share on other sites

It looks like it sets a session variable myusername to be the username of the user who is logging in. So you can use that in the query when you are changing the password:

$sql="UPDATE $tbl_name SET password='$mypassword' WHERE username='".$_SESSION['myusername']."'";

Link to comment
Share on other sites

Cheers for the help again. I have added the following with a form field (just to get the change password field working so far:

 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// Insert data into mysql
$sql="UPDATE $tbl_name SET password='$mypassword' WHERE username='".$_SESSION['myusername']."'";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
}

else {
echo "ERROR";
}

// close connection
mysql_close();
?>

 

Everything goes through fine on the website, but when I try the login again, the new password doesn't work, and the old one still does?  :confused:

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.