Garloz Posted April 1, 2010 Share Posted April 1, 2010 <?php if (isset($_POST['submit'])) { // Handle the form. require_once ('databaseconnectinfo.php'); // Connect to the db. // Create a function for escaping the data. function escape_data ($data) { global $dbc; // Need the connection. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string($data, $dbc); } // End of function. $message = NULL; // Create an empty new variable. // Check for a loginName. if (empty($_POST['loginName'])) { $lo = FALSE; $message .= '<p>You forgot to enter your Login Name!</p>'; } else { $lo = escape_data($_POST['loginName']); } // Check for an existing password. if (empty($_POST['password'])) { $pa = FALSE; $message .= '<p>You forgot to enter your existing password!</p>'; } else { $pa = escape_data($_POST['password']); } // Check for a password and match against the confirmed password. if (empty($_POST['password1'])) { $npa = FALSE; $message .= '<p>You forgot to enter your new password!</p>'; } else { if ($_POST['password1'] == $_POST['password2']) { $npa = escape_data($_POST['password1']); } else { $npa = FALSE; $message .= '<p>Your new password did not match the confirmed new password!</p>'; } } if ($lo && $pa && $npa) { // If everything's OK. $query = "SELECT id FROM tablename WHERE (loginName='$lo' AND password=password('$pa') )"; $result = @mysql_query ($query); $num = mysql_num_rows ($result); if ($num == 1) { $row = mysql_fetch_array($result, mysql_NUM); // Make the query. $query = "UPDATE tablename SET password=password('$npa') WHERE id=$row[0]"; $result = @mysql_query ($query); // Run the query. if (mysql_affected_rows() == 1) { // If it ran OK. // Send an email, if desired. echo '<p><b>Your password has been changed.</b></p>'; exit(); // Quit the script. } else { // If it did not run OK. $message = '<p>Your password could not be changed due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>'; } } else { $message = '<p>Your loginName and password do not match our records.</p>'; } mysql_close(); // Close the database connection. } else { $message .= '<p>Please try again.</p>'; } } // End of the main Submit conditional. // Print the error message if there is one. if (isset($message)) { echo '<font color="red">', $message, '</font>'; } ?> <form action="<?php echo $_SERVER['php_SELF'];?>" method="post"> <fieldset><legend>Enter your information in the form below:</legend> <p><b>Login Name:</b> <input type="text" name="loginName" size="10" maxlength="20" value="<?php if (isset($_POST['loginName'])) echo $_POST['loginName'];?>" /></p> <p><b>Current password:</b> <input type="password" name="password" size="20" maxlength="20" /></p> <p><b>New password:</b> <input type="password" name="password1" size="20" maxlength="20" /></p> <p><b>Confirm New password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="change My password" /></div> </form> It says all the time "Please try again" and don't update database. Quote Link to comment Share on other sites More sharing options...
Deoctor Posted April 1, 2010 Share Posted April 1, 2010 check whether u are able to connect to the database.. change require_once to require also try using error_reporting(0) in the beginning of the page.. to get errors Quote Link to comment Share on other sites More sharing options...
Garloz Posted April 1, 2010 Author Share Posted April 1, 2010 I fixed it. I had problem with function.. but now. It will give me "Your login name and password doesnt match..." That means, that php is unabled to connect or check from database. Because I add right username and password.. My code is like so now: <?php if (isset($_POST['submit'])) { // Handle the form. error_reporting(0); // This is an example of config.php $dbhost = 'localhost'; $dbuser = 'dbuser'; $dbpass = 'dbpass'; $dbname = 'dbname'; // This is an example opendb.php $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); // Create a function for escaping the data. function escape_data ($data) { if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_escape_string (trim ($data)); } // End of function. $message = NULL; // Create an empty new variable. // Check for a loginName. if (empty($_POST['loginName'])) { $lo = FALSE; $message .= '<p>You forgot to enter your Login Name!</p>'; } else { $lo = escape_data($_POST['loginName']); } // Check for an existing password. if (empty($_POST['password'])) { $pa = FALSE; $message .= '<p>You forgot to enter your existing password!</p>'; } else { $pa = escape_data($_POST['password']); } // Check for a password and match against the confirmed password. if (empty($_POST['password1'])) { $npa = FALSE; $message .= '<p>You forgot to enter your new password!</p>'; } else { if ($_POST['password1'] == $_POST['password2']) { $npa = escape_data($_POST['password1']); } else { $npa = FALSE; $message .= '<p>Your new password did not match the confirmed new password!</p>'; } } if ($lo && $pa && $npa) { // If everything's OK. $query = "SELECT id FROM testtable WHERE (username='$lo' AND password=password('$pa') )"; $result = @mysql_query ($query); $num = mysql_num_rows ($result); if ($num == 1) { $row = mysql_fetch_array($result, mysql_NUM); // Make the query. $query = "UPDATE testtable SET password=password('$npa') WHERE id=$row[0]"; $result = @mysql_query ($query); // Run the query. if (mysql_affected_rows() == 1) { // If it ran OK. // Send an email, if desired. echo '<p><b>Your password has been changed.</b></p>'; exit(); // Quit the script. } else { // If it did not run OK. $message = '<p>Your password could not be changed due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>'; } } else { $message = '<p>Your loginName and password do not match our records.</p>'; } mysql_close(); // Close the database connection. } else { $message .= '<p>Please try again.</p>'; } } // End of the main Submit conditional. // Print the error message if there is one. if (isset($message)) { echo '<font color="red">', $message, '</font>'; } ?> <form action="<?php echo $_SERVER['php_SELF'];?>" method="post"> <fieldset><legend>Enter your information in the form below:</legend> <p><b>Login Name:</b> <input type="text" name="loginName" size="10" maxlength="20" value="<?php if (isset($_POST['loginName'])) echo $_POST['loginName'];?>" /></p> <p><b>Current password:</b> <input type="password" name="password" size="20" maxlength="20" /></p> <p><b>New password:</b> <input type="password" name="password1" size="20" maxlength="20" /></p> <p><b>Confirm New password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"><input type="submit" name="submit" value="change My password" /></div> </form> Quote Link to comment Share on other sites More sharing options...
Garloz Posted April 1, 2010 Author Share Posted April 1, 2010 I think the error is here, but im not sure.. $query = "SELECT id FROM testtable WHERE (username='$lo' AND password=password('$pa') )"; $result = @mysql_query ($query); $num = mysql_num_rows ($result); if ($num == 1) { $row = mysql_fetch_array($result, mysql_NUM); // Make the query. $query = "UPDATE testtable SET password=password('$npa') WHERE id=$row[0]"; $result = @mysql_query ($query); // Run the query. if (mysql_affected_rows() == 1) { // If it ran OK. Help anyone??? Please. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.