Jump to content

Archived

This topic is now archived and is closed to further replies.

Mutley

Change/Update password (MD5)

Recommended Posts

How do I allow users to change thier password? I was thinking a simple update form, then I realised it is MD5 encrypted passwords in the database, so wondering if any percautions or alterations to the update form need to be made? To enter it as MD5?

Thanks.

Share this post


Link to post
Share on other sites
You could simply do
[code]if (md5($_POST['password']) == $db_password)
{
// continue
}[/code]

Hope this solve your question on md5.

Share this post


Link to post
Share on other sites
typically, you'll want to confirm their old password and then have them type in the new password twice, just to make sure they don't mistype it. something like this usually works well:
[code]
<?php
if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'"));
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>
[/code]

hope this helps!

Share this post


Link to post
Share on other sites
That's great obs! But, unexpected T_Else here:

  [code]  } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
>>>HERE>>>>>>>    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }[/code]

Share this post


Link to post
Share on other sites
try removing the curly brace before the expression [code] else[/code] on your marked line

according to my editing program <a href="http://www.context.cx/"> Context </a> there are one too many closing braces in the whole thing

Share this post


Link to post
Share on other sites
Theres 7 open { and 8 close } curley brackets.

I tried removing the one before the ELSE but same error. Also tried removing a bracket at the very end instead, no luck.

Share this post


Link to post
Share on other sites
I tried this with no luck, adding a { to the end of one of the IF statements, which appears to be missed out:

[code]<?php

require_once("connection.php");

if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'")); {
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
} else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>[/code]

If you look on line 15 on his, the IF statement doesn't close? I still have the same problem with that ELSE statement though.

Share this post


Link to post
Share on other sites
This is my change password form which does the trick for me

[code]<?
session_start();
session_register("session");

//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}

// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";

// Convert to simple variables
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];

if (!isset($_POST['password1'])) {
?>
<h2>Change password!<h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

    <p class="style3"><label for="password1"">New password:</label>
    <input type="password" title="Please enter a password" name="password1" size="30"></p>

    <p class="style3"><label for="password2">Re-enter Password:</label>
    <input type="password" title="Please re-enter password" name="password2" size="30"></p>

    <p style="stext-align:left"><label for="submit">&nbsp</label>
    <input type="submit" value="Change" class="submit-button"/></p>
</form>
<?php
}

elseif (empty($password1) || empty($password2))  {

    echo $empty_fields_message;

}

else {

include 'includes/connection.php';

$db_password1=md5(mysql_real_escape_string($password1));

//Setting flags for checking
$status = "OK";
$msg="";

if ( strlen($password1) < 3 or strlen($password1) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";}

if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";}

if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update users set password='$db_password1' where userid='$session[userid]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password1;
}
}
}
?>[/code]

Share this post


Link to post
Share on other sites
sorry, mutley, i haven't been on for the weekend... here's the issue: line #12 of my code above finishes the if() line with a semicolon instead of an opening bracket... here's the revised code:
[code]
<?php
if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'")) {
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.