Jump to content

password change form


jacko_162

Recommended Posts

i have the following password change form;

 

<?php
session_start();

include('Includes/auth.php'); 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
    <head>

        <meta http-equiv="content-type" content="text/html; charset=utf-8" />
        <meta http-equiv="content-style-type" content="text/css" />
        <meta http-equiv="content-script-type" content="text/javascript" />
    <title>Index</title>
</head>
<body class="cloudy">

<?php
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];
$db_password = md5($newpassword);

$result = mysql_query("SELECT passwd FROM members WHERE login='$username'");
if(!mysql_num_rows($result)) { 
   echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>The username you entered does not exist</div></div>"; 
} 
else if(md5($password)!= mysql_result($result, 0)) { 
   echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>You entered an incorrect password</div></div>"; 
} else if($newpassword==$confirmnewpassword) {
   $sql=mysql_query("UPDATE members SET passwd='$db_password' where login='$username' AND member_id='$_SESSION[sESS_MEMBER_ID]'"); 
    if($sql) { 
       echo "<div class='notification success png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>Congratulations You have successfully changed your password</div></div>"; 
    }
} else { 
echo "<div class='notification attention png_bg'><a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a><div>The new password and confirm new password fields must be the same</div></div>"; 
}  
}
?>
<?php
  {
  
    $result=mysql_query("SELECT * FROM members WHERE member_id=$_SESSION[sESS_MEMBER_ID]");
    $row = mysql_fetch_array($result);
    $arr = array();
    $arr = explode(';',$row['settings']);
    $member_id = $row['member_id'];
    $login = $row['login'];
    ?>
<form enctype="multipart/form-data" action="<? $_SERVER['PHP_SELF']; ?>" method="post">
<em>Enter your user information in the form below; </em><br />
<br />
<table width="100%" border="0" cellspacing="0" cellpadding="4">
  <tr>
    <td width="45%" align="right"><em><strong>User Name:</strong></em></td>
    <td width="55%"><input disabled="disabled" type="text" name="username" size="25" maxlength="30" value="<?php echo $login ?>" /></td>
  </tr>
  <tr>
    <td width="45%" align="right"><em><strong>Current password:</strong></em></td>
    <td width="55%"><input type="password" name="password" size="25" maxlength="30" /></td>
  </tr>
  <tr>
    <td width="45%" align="right"><em><strong>New password:</strong></em></td>
    <td width="55%"><input type="password" name="newpassword" size="25" maxlength="30" /></td>
  </tr>
  <tr>
    <td width="45%" align="right"><em><strong>Confirm New password:</strong></em></td>
    <td width="55%"><input type="password" name="confirmnewpassword" size="25" maxlength="30" /></td>
  </tr>
</table>
<div align="center"><br />
  <input name="submit" type="submit" value="submit" />
</div></form> <br />
<?php } ?>
</body>

 

i cant get it to change the password i just get the error message in the code: The username you entered does not exist

 

can anyone see anything that would casue this?

 

sql table setup as follows;

 

members

- member_id

- login

- email

- passwd

 

passwords are stored as MD5.

 

many thanks for any help... my users cant change passwords :)

Link to comment
https://forums.phpfreaks.com/topic/196010-password-change-form/
Share on other sites

check for SQL errors,

change

$result = mysql_query("SELECT passwd FROM members WHERE login='$username'");

to

$result = mysql_query("SELECT passwd FROM members WHERE login='$username'") or die(mysql_error());

 

other than that check the use does exist!

 

also MD5 isn't going to help much when anyone can change anyone elses password

read up on mysql_real_escape_string

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.