jacko_162 Posted March 21, 2010 Share Posted March 21, 2010 i have the following password change form; <?php session_start(); include('Includes/auth.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="content-script-type" content="text/javascript" /> <title>Index</title> </head> <body class="cloudy"> <?php if (isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $newpassword = $_POST['newpassword']; $confirmnewpassword = $_POST['confirmnewpassword']; $db_password = md5($newpassword); $result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); if(!mysql_num_rows($result)) { echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>The username you entered does not exist</div></div>"; } else if(md5($password)!= mysql_result($result, 0)) { echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>You entered an incorrect password</div></div>"; } else if($newpassword==$confirmnewpassword) { $sql=mysql_query("UPDATE members SET passwd='$db_password' where login='$username' AND member_id='$_SESSION[sESS_MEMBER_ID]'"); if($sql) { echo "<div class='notification success png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>Congratulations You have successfully changed your password</div></div>"; } } else { echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>The new password and confirm new password fields must be the same</div></div>"; } } ?> <?php { $result=mysql_query("SELECT * FROM members WHERE member_id=$_SESSION[sESS_MEMBER_ID]"); $row = mysql_fetch_array($result); $arr = array(); $arr = explode(';',$row['settings']); $member_id = $row['member_id']; $login = $row['login']; ?> <form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <em>Enter your user information in the form below; </em><br /> <br /> <table width="100%" border="0" cellspacing="0" cellpadding="4"> <tr> <td width="45%" align="right"><em><strong>User Name:</strong></em></td> <td width="55%"><input disabled="disabled" type="text" name="username" size="25" maxlength="30" value="<?php echo $login ?>" /></td> </tr> <tr> <td width="45%" align="right"><em><strong>Current password:</strong></em></td> <td width="55%"><input type="password" name="password" size="25" maxlength="30" /></td> </tr> <tr> <td width="45%" align="right"><em><strong>New password:</strong></em></td> <td width="55%"><input type="password" name="newpassword" size="25" maxlength="30" /></td> </tr> <tr> <td width="45%" align="right"><em><strong>Confirm New password:</strong></em></td> <td width="55%"><input type="password" name="confirmnewpassword" size="25" maxlength="30" /></td> </tr> </table> <div align="center"><br /> <input name="submit" type="submit" value="submit" /> </div></form> <br /> <?php } ?> </body> i cant get it to change the password i just get the error message in the code: The username you entered does not exist can anyone see anything that would casue this? sql table setup as follows; members - member_id - login - email - passwd passwords are stored as MD5. many thanks for any help... my users cant change passwords Quote Link to comment https://forums.phpfreaks.com/topic/196010-password-change-form/ Share on other sites More sharing options...
MadTechie Posted March 21, 2010 Share Posted March 21, 2010 check for SQL errors, change $result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); to $result = mysql_query("SELECT passwd FROM members WHERE login='$username'") or die(mysql_error()); other than that check the use does exist! also MD5 isn't going to help much when anyone can change anyone elses password read up on mysql_real_escape_string Quote Link to comment https://forums.phpfreaks.com/topic/196010-password-change-form/#findComment-1029573 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.