jacko_162 Posted March 21, 2010 Share Posted March 21, 2010 i have the following password change form; <?php session_start(); include('Includes/auth.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="content-script-type" content="text/javascript" /> <title>Index</title> </head> <body class="cloudy"> <?php if (isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $newpassword = $_POST['newpassword']; $confirmnewpassword = $_POST['confirmnewpassword']; $db_password = md5($newpassword); $result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); if(!mysql_num_rows($result)) { echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>The username you entered does not exist</div></div>"; } else if(md5($password)!= mysql_result($result, 0)) { echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>You entered an incorrect password</div></div>"; } else if($newpassword==$confirmnewpassword) { $sql=mysql_query("UPDATE members SET passwd='$db_password' where login='$username' AND member_id='$_SESSION[sESS_MEMBER_ID]'"); if($sql) { echo "<div class='notification success png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>Congratulations You have successfully changed your password</div></div>"; } } else { echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>The new password and confirm new password fields must be the same</div></div>"; } } ?> <?php { $result=mysql_query("SELECT * FROM members WHERE member_id=$_SESSION[sESS_MEMBER_ID]"); $row = mysql_fetch_array($result); $arr = array(); $arr = explode(';',$row['settings']); $member_id = $row['member_id']; $login = $row['login']; ?> <form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post"> <em>Enter your user information in the form below; </em><br /> <br /> <table width="100%" border="0" cellspacing="0" cellpadding="4"> <tr> <td width="45%" align="right"><em><strong>User Name:</strong></em></td> <td width="55%"><input disabled="disabled" type="text" name="username" size="25" maxlength="30" value="<?php echo $login ?>" /></td> </tr> <tr> <td width="45%" align="right"><em><strong>Current password:</strong></em></td> <td width="55%"><input type="password" name="password" size="25" maxlength="30" /></td> </tr> <tr> <td width="45%" align="right"><em><strong>New password:</strong></em></td> <td width="55%"><input type="password" name="newpassword" size="25" maxlength="30" /></td> </tr> <tr> <td width="45%" align="right"><em><strong>Confirm New password:</strong></em></td> <td width="55%"><input type="password" name="confirmnewpassword" size="25" maxlength="30" /></td> </tr> </table> <div align="center"><br /> <input name="submit" type="submit" value="submit" /> </div></form> <br /> <?php } ?> </body> i cant get it to change the password i just get the error message in the code: The username you entered does not exist can anyone see anything that would casue this? sql table setup as follows; members - member_id - login - email - passwd passwords are stored as MD5. many thanks for any help... my users cant change passwords Link to comment https://forums.phpfreaks.com/topic/196010-password-change-form/ Share on other sites More sharing options...
MadTechie Posted March 21, 2010 Share Posted March 21, 2010 check for SQL errors, change $result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); to $result = mysql_query("SELECT passwd FROM members WHERE login='$username'") or die(mysql_error()); other than that check the use does exist! also MD5 isn't going to help much when anyone can change anyone elses password read up on mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/196010-password-change-form/#findComment-1029573 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.