Jump to content

Change/Update password (MD5)


Mutley

Recommended Posts

typically, you'll want to confirm their old password and then have them type in the new password twice, just to make sure they don't mistype it. something like this usually works well:
[code]
<?php
if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'"));
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>
[/code]

hope this helps!
Link to comment
Share on other sites

That's great obs! But, unexpected T_Else here:

  [code]  } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
>>>HERE>>>>>>>    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }[/code]
Link to comment
Share on other sites

I tried this with no luck, adding a { to the end of one of the IF statements, which appears to be missed out:

[code]<?php

require_once("connection.php");

if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'")); {
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
} else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>[/code]

If you look on line 15 on his, the IF statement doesn't close? I still have the same problem with that ELSE statement though.
Link to comment
Share on other sites

This is my change password form which does the trick for me

[code]<?
session_start();
session_register("session");

//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}

// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";

// Convert to simple variables
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];

if (!isset($_POST['password1'])) {
?>
<h2>Change password!<h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

    <p class="style3"><label for="password1"">New password:</label>
    <input type="password" title="Please enter a password" name="password1" size="30"></p>

    <p class="style3"><label for="password2">Re-enter Password:</label>
    <input type="password" title="Please re-enter password" name="password2" size="30"></p>

    <p style="stext-align:left"><label for="submit">&nbsp</label>
    <input type="submit" value="Change" class="submit-button"/></p>
</form>
<?php
}

elseif (empty($password1) || empty($password2))  {

    echo $empty_fields_message;

}

else {

include 'includes/connection.php';

$db_password1=md5(mysql_real_escape_string($password1));

//Setting flags for checking
$status = "OK";
$msg="";

if ( strlen($password1) < 3 or strlen($password1) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";}

if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";}

if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update users set password='$db_password1' where userid='$session[userid]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password1;
}
}
}
?>[/code]
Link to comment
Share on other sites

sorry, mutley, i haven't been on for the weekend... here's the issue: line #12 of my code above finishes the if() line with a semicolon instead of an opening bracket... here's the revised code:
[code]
<?php
if (isset($_POST['submit'])) {
  if (empty($_POST['oldpass']) || empty($_POST['pass1']) || empty($_POST['pass2'])) {
    $error = "<p class=\"error\">All fields required!</p>\n";
  } elseif ($_POST['pass1'] !== $_POST['pass2']) {
    $error = "<p class=\"error\">New Passwords do not match!</p>\n";
  } else {
    // assuming you know the user's id since they are already logged in:
    $sql = mysql_query("SELECT * FROM users WHERE password = MD5('$_POST[oldpass]') AND id = '$id'");
    if (mysql_num_rows($sql) == 1) {
      // password correct, set new one
      if (!mysql_query("UPDATE users SET password = MD5('$_POST[pass1]') WHERE id = '$id'")) {
        $error = "<p class=\"error\">Couldn't change password</p>\n";
      } else {
        $success = "<p class=\"success\">Password successfully changed!</p>\n";
      }
    } else {
      // wrong old password
      $error = "<p class=\"error\">Incorrect password! Password not changed!</p>\n";
    }
  }
}

echo isset($error) ? $error : '';
echo isset($success) ? $success : '';
?>

<form name="updatePass" action="" method="post">
Old Password: <input type="password" name="oldpass" value="" /><br />
New Password: <input type="password" name="pass1" value="" /><br />
Confirm New: <input type="password" name="pass2" value="" /><br />
<input type="submit" name="submit" value="Change It" />
</form>
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.