GunnDawg Posted February 4, 2010 Share Posted February 4, 2010 Alright so I have a site where you can register, log in, send emails (from user to user), upload an avatar image. I then decided to add a control panel to allow users to change their username and password. I managed to get the 'change username' part to work just fine, and figured I would have no trouble getting the 'change password' part to work as well. I am having a few issues with the code. First it wont MD5 encrypt it like my register script does, and second it doesnt check to make sure the password was typed correctly on the 'veryify password' field, it just goes ahead and changes the users password to the first password input box. So no encryption and no verify checking. Here is the code for changepw.php: http://pastebin.com/m5d898a8e Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted February 4, 2010 Share Posted February 4, 2010 $querycpw = "UPDATE `users` SET `password` = '".$_POST['newpw']."' WHERE `username` = '".$username."' limit 1"; Why don't you try updating it to the variable that is the result of the hash, rather than the value in POST? Why do you say it does not verify it was typed correctly? It certainly looks like your code is doing that? die ("Passwords do not match"); Are you serious? (edit)md5 is hashing, not encryption. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted February 4, 2010 Share Posted February 4, 2010 New Password: <input type = "text" name = "newpw"><br> Repeat Password: <input type = "text" name = "newpwrt"><br> Both should be: type="password" Unless you like friends and coworkers looking over your shoulder to know what your passwords are. Quote Link to comment Share on other sites More sharing options...
GunnDawg Posted February 4, 2010 Author Share Posted February 4, 2010 Its just a small learning experience, nothing I plan on making real serious. So what do you suggest i change in my code to make this store the md5 result rather than the password it self ? Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted February 4, 2010 Share Posted February 4, 2010 Oh. I see now why it's not performing the verification. <form action = "changepw.php" method = "POST"> Your form is a POST, yet in your code you are doing: $submit = strip_tags($_GET['submit']); $newpw = strip_tags($_GET['newpw']); $newpwrt = strip_tags($_GET['newpwrt']); Do you see the problem there? Quote Link to comment Share on other sites More sharing options...
GunnDawg Posted February 4, 2010 Author Share Posted February 4, 2010 ah ok, I was able to correct the password checking and made sure it got stored in MD5, but now my dang login page keeps telling me the new password is invalid The original password you create works fine when you log in, but when you change it (and yes the db updates it) and try to log in, then it no longer works. this is annoying. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted February 4, 2010 Share Posted February 4, 2010 What's the code on your login page? Quote Link to comment Share on other sites More sharing options...
GunnDawg Posted February 4, 2010 Author Share Posted February 4, 2010 Wait suddenly it works Thanks a ton, been scratching my head for a while now with this one. Much appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.