jacko_162 Posted March 16, 2010 Share Posted March 16, 2010 I have a small user system setup that stores username, firstname etc... it also stores username as a MD5 in the database. i have a forgot password function that creates a random password and sends it to the email on that users account. my question now is how can i go about allowing the user to login and change this in his settings.php page. this is a custom script and i can post any needed details. at the moment i was thinking of making a seperate page for password change. where the user has to enter "current" password then type new one and verify it twice. this easy to do? Link to comment https://forums.phpfreaks.com/topic/195416-how-to-allow-user-to-change-password/ Share on other sites More sharing options...
Wolphie Posted March 16, 2010 Share Posted March 16, 2010 This is reasonably easy to do if you've already created a registration/login system before. Although I don't understand why you'd store usernames as an MD5 hash in the database? Unless you mean passwords? When they go to reset the password simply ask them to verify their current password, enter a new password and verify the new password. Once the user hits submit, check to see if their old password is correct, if so, proceed to encrypt the new password and then replace the old one in the database with the new one. Link to comment https://forums.phpfreaks.com/topic/195416-how-to-allow-user-to-change-password/#findComment-1026884 Share on other sites More sharing options...
jacko_162 Posted March 16, 2010 Author Share Posted March 16, 2010 This is reasonably easy to do if you've already created a registration/login system before. Although I don't understand why you'd store usernames as an MD5 hash in the database? Unless you mean passwords? When they go to reset the password simply ask them to verify their current password, enter a new password and verify the new password. Once the user hits submit, check to see if their old password is correct, if so, proceed to encrypt the new password and then replace the old one in the database with the new one. yeah sorry i ment password. this is what i currently have at the moment as my password-change.php page; <?php if (isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $newpassword = $_POST['newpassword']; $confirmnewpassword = $_POST['confirmnewpassword']; $result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); if(!$result) { echo "The username you entered does not exist"; } else if($password!= mysql_result($result, 0)) { echo "You entered an incorrect password"; } if($newpassword=$confirmnewpassword) $sql=mysql_query("UPDATE members SET passwd='$newpassword' where login='$username' AND member_id='$_SESSION[sESS_MEMBER_ID]'"); if($sql) { echo "Congratulations You have successfully changed your password"; } else { echo "The new password and confirm new password fields must be the same"; } } ?> <form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset><legend>Enter your information in the form below:</legend> <p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" /></p> <p><b>Current password:</b> <input type="password" name="password" size="20" maxlength="20" /></p> <p><b>New password:</b> <input type="password" name="newpassword" size="20" maxlength="20" /></p> <p><b>Confirm New password:</b> <input type="password" name="confirmnewpassword" size="20" maxlength="20" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="change My password" /></div> </form> upon submit all i get is the following generated error; "You entered an incorrect passwordCongratulations You have successfully changed your password" not sure where im going wrong.. but it does update the database with the right password. then i gotta make it input the password as MD5 Link to comment https://forums.phpfreaks.com/topic/195416-how-to-allow-user-to-change-password/#findComment-1026891 Share on other sites More sharing options...
jacko_162 Posted March 16, 2010 Author Share Posted March 16, 2010 do i get the error; "You entered an incorrect password Congratulations You have successfully changed your password" because the password is currently stored in the database as MD5? Link to comment https://forums.phpfreaks.com/topic/195416-how-to-allow-user-to-change-password/#findComment-1026898 Share on other sites More sharing options...
jacko_162 Posted March 16, 2010 Author Share Posted March 16, 2010 ok i managed to get it to add the new password with MD5 encryption, but i still get the error "You entered an incorrect passwordCongratulations You have successfully changed your password" i am assuming its checking the current password and failing because its in MD5 encryption? how can i get around this? <?php if (isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $newpassword = $_POST['newpassword']; $confirmnewpassword = $_POST['confirmnewpassword']; $db_password = md5($newpassword); $result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); if(!$result) { echo "The username you entered does not exist"; } else if($password!= mysql_result($result, 0)) { echo "You entered an incorrect password"; } if($newpassword=$confirmnewpassword) $sql=mysql_query("UPDATE members SET passwd='$db_password' where login='$username' AND member_id='$_SESSION[sESS_MEMBER_ID]'"); if($sql) { echo "Congratulations You have successfully changed your password"; } else { echo "The new password and confirm new password fields must be the same"; } } ?> <form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset><legend>Enter your information in the form below:</legend> <p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" /></p> <p><b>Current password:</b> <input type="password" name="password" size="20" maxlength="20" /></p> <p><b>New password:</b> <input type="password" name="newpassword" size="20" maxlength="20" /></p> <p><b>Confirm New password:</b> <input type="password" name="confirmnewpassword" size="20" maxlength="20" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="change My password" /></div> </form> Link to comment https://forums.phpfreaks.com/topic/195416-how-to-allow-user-to-change-password/#findComment-1026911 Share on other sites More sharing options...
kessels1234 Posted March 17, 2010 Share Posted March 17, 2010 Hi, First let's say I'm a beginner in php . The way you do it now : Assume that a password == mysecretpassword You ask the database if mysecretpassword exists with a given username. Ofcourse this doesn't exist because the first time (when registered on the website or application) you converted the given password to a MD5 and that's what's in the database Something like:h35dfg78766df5f7d8d8f6 So when you want to compare this you have to convert the given password again to md5 $password = $_POST['password']; Should be something like this : $password = md5($_POST['password']); Hope it helps Danny Link to comment https://forums.phpfreaks.com/topic/195416-how-to-allow-user-to-change-password/#findComment-1027496 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.