Jump to content


Photo

Change/Update password (MD5)


  • Please log in to reply
8 replies to this topic

#1 Mutley

Mutley
  • Members
  • PipPipPip
  • Advanced Member
  • 765 posts

Posted 02 September 2006 - 11:52 PM

How do I allow users to change thier password? I was thinking a simple update form, then I realised it is MD5 encrypted passwords in the database, so wondering if any percautions or alterations to the update form need to be made? To enter it as MD5?

Thanks.
~ Mutley.

#2 hackerkts

hackerkts
  • Members
  • PipPipPip
  • Advanced Member
  • 593 posts
  • LocationSingapore
  • Age:18

Posted 03 September 2006 - 01:23 AM

You could simply do
if (md5($_POST['password']) == $db_password)
{
	// continue
}

Hope this solve your question on md5.

Regards,
hackerkts

To be a coder, you must learn how to think and not to give up so easily.


#3 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 03 September 2006 - 01:40 AM

typically, you'll want to confirm their old password and then have them type in the new password twice, just to make sure they don't mistype it. something like this usually works well:
<?php
if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'"));
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>

hope this helps!
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#4 Mutley

Mutley
  • Members
  • PipPipPip
  • Advanced Member
  • 765 posts

Posted 03 September 2006 - 11:03 AM

That's great obs! But, unexpected T_Else here:

 
  } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
>>>HERE>>>>>>>    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }

~ Mutley.

#5 paul2463

paul2463
  • Members
  • PipPipPip
  • Advanced Member
  • 955 posts
  • LocationUK

Posted 03 September 2006 - 12:01 PM

try removing the curly brace before the expression
else
on your marked line

according to my editing program <a href="http://www.context.cx/"> Context </a> there are one too many closing braces in the whole thing
you cannot affect the past but you can ruin a perfectly good present by worrying about the future

*********************************************************************
The <A HREF="http://www.php.net/d...php">MANUAL</A> is actually a useful resource

#6 Mutley

Mutley
  • Members
  • PipPipPip
  • Advanced Member
  • 765 posts

Posted 03 September 2006 - 02:42 PM

Theres 7 open { and 8 close } curley brackets.

I tried removing the one before the ELSE but same error. Also tried removing a bracket at the very end instead, no luck.
~ Mutley.

#7 Mutley

Mutley
  • Members
  • PipPipPip
  • Advanced Member
  • 765 posts

Posted 03 September 2006 - 06:11 PM

I tried this with no luck, adding a { to the end of one of the IF statements, which appears to be missed out:

<?php

require_once("connection.php");

if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'")); {
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
		} else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>

If you look on line 15 on his, the IF statement doesn't close? I still have the same problem with that ELSE statement though.
~ Mutley.

#8 AdRock

AdRock
  • Members
  • PipPipPip
  • Advanced Member
  • 911 posts

Posted 03 September 2006 - 10:56 PM

This is my change password form which does the trick for me

<?
session_start();
session_register("session");

//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}

// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";

// Convert to simple variables 
$password1 = $_POST['password1']; 
$password2 = $_POST['password2'];

if (!isset($_POST['password1'])) {
?>
<h2>Change password!<h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

    <p class="style3"><label for="password1"">New password:</label>
    <input type="password" title="Please enter a password" name="password1" size="30"></p>

    <p class="style3"><label for="password2">Re-enter Password:</label>
    <input type="password" title="Please re-enter password" name="password2" size="30"></p>

    <p style="stext-align:left"><label for="submit">&nbsp</label>
    <input type="submit" value="Change" class="submit-button"/></p>
</form>
<?php
}

elseif (empty($password1) || empty($password2))  {

    echo $empty_fields_message;

}

else {

include 'includes/connection.php'; 

$db_password1=md5(mysql_real_escape_string($password1));

//Setting flags for checking
$status = "OK";
$msg="";

if ( strlen($password1) < 3 or strlen($password1) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";}					

if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";}					

if($status<>"OK"){ 
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update users set password='$db_password1' where userid='$session[userid]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password1;
}
}
}
?>

If your topic has been solved, please mark the topic as SOLVED.

This helps others from identifying which topics need help still

#9 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 04 September 2006 - 01:32 PM

sorry, mutley, i haven't been on for the weekend... here's the issue: line #12 of my code above finishes the if() line with a semicolon instead of an opening bracket... here's the revised code:
<?php
if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'")) {
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>

You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users