Change password

[captain_scarlet87]

Hey, I keep on getting this error come up when trying to change the password of a logged in user:

 

An error occurred in script 'C:\wamp\www\html\change_password.php' on line 50:

 

Query: UPDATE users SET pass=SHA('whatever') WHERE username=jim.bob

MySQL Error: Unknown column 'jim.bob' in 'where clause'

 

This is the code i'm using:

 

<?php # Script 13.11 - change_password.php

// This page allows a logged-in user to change their password.

 

// Include the configuration file for error management and such.

require_once ('./includes/config.inc.php');

 

// Set the page title and include the HTML header.

$page_title = 'Change Your Password';

include ('./includes/header.html');

 

// If no first_name variable exists, redirect the user.

if (!isset($_SESSION['username'])) {

 

// Start defining the URL.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {

$url = substr ($url, 0, -1); // Chop off the slash.

}

// Add the page.

$url .= '/index.php';

 

ob_end_clean(); // Delete the buffer.

header("Location: $url");

exit(); // Quit the script.

 

} else {

 

if (isset($_POST['submitted'])) { // Handle the form.

 

require_once ('../mysql_connect.php'); // Connect to the database.

 

// Check for a new password and match against the confirmed password.

if (eregi ('^[[:alnum:]]{4,20}$', stripslashes(trim($_POST['password1'])))) {

if ($_POST['password1'] == $_POST['password2']) {

$p = escape_data($_POST['password1']);

} else {

$p = FALSE;

echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';

}

} else {

$p = FALSE;

echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';

}

 

if ($p) { // If everything's OK.

 

// Make the query.

$query = "UPDATE users SET pass=SHA('$p') WHERE username={$_SESSION['username']}";

$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

if (mysql_affected_rows() == 1) { // If it ran OK.

 

// Send an email, if desired.

echo '<h3>Your password has been changed.</h3>';

mysql_close(); // Close the database connection.

include ('./includes/footer.html'); // Include the HTML footer.

exit();

 

} else { // If it did not run OK.

 

// Send a message to the error log, if desired.

echo '<p><font color="red" size="+1">Your password could not be changed due to a system error. We apologize for any inconvenience.</font></p>';

 

}

 

} else { // Failed the validation test.

echo '<p><font color="red" size="+1">Please try again.</font></p>';

}

 

mysql_close(); // Close the database connection.

 

} // End of the main Submit conditional.

 

?>

 

<h1>Change Your Password</h1>

<form action="change_password.php" method="post">

<fieldset>

<p><b>New Password:</b> <input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters and numbers. Must be between 4 and 20 characters long.</small></p>

<p><b>Confirm New Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>

</fieldset>

<div align="center"><input type="submit" name="submit" value="Change My Password" /></div>

<input type="hidden" name="submitted" value="TRUE" />

</form>

 

<?php

} // End of the !isset($_SESSION['username']) ELSE.

include ('./includes/footer.html');

?>

 

Line 50 is this:

 

$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

 

Anyone know where I am going wrong? My database fields are labelled correctly I think (username, email, pass).

[Deoctor]

query should be like this

$query = "UPDATE users SET pass='SHA('$p')' WHERE username='{$_SESSION['username']}'";

[aleX_hill]

To make it a little more clear, you are missing the ' ' around the value, so it should read 'jim.bob' (as read from the session var.

[captain_scarlet87]

Hey guys, tried that out but now i'm getting a different error:

 

An error occurred in script 'C:\wamp\www\html\change_password.php' on line 50:

Query: UPDATE users SET pass='SHA('whatever')' WHERE username='jim.bob'

MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'whatever')' WHERE username='jim.bob'' at line 1

 

Have I got a version that will not work with this code?

 

I think I have version 5.0.45.

[PFMaBiSmAd]

It's not a matter of a correct version of mysql (the sql parser cannot tell your wrong syntax from a feature that might have been added in a later version), it is a matter of getting the syntax correct.

 

There should not be any single-quotes around the 'SHA()' term. That part was correct in your original post and ym_chaitu introduced an error (which is another reason it is generally best to explain what is wrong with something, rather than to post 'fixed' code.)

[otuatail]

have you got the right name of the table field username ?

[captain_scarlet87]

Thanks everyone!  Worked with the single quotes around the username and no quotes around SHA('$p).

 

$query = "UPDATE users SET pass=SHA('$p') WHERE username='{$_SESSION['username']}'";

[Deoctor]

@PFMaBiSmAd

sorry for that

but i think i made atleast one part of the query correct..

instead of passing comments on others work..