Linjon Posted April 9, 2010 Share Posted April 9, 2010 Hey. I have one script and if i change password by that then it changes all users passwords which are in database. This is my code: $username = $_POST['username']; $password = $_POST['password']; $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("amxbans", $con); mysql_query("UPDATE `game`.`users` SET `username` = '$username', `password` = '$password'"); echo "Password changed"; ?> Quote Link to comment Share on other sites More sharing options...
taquitosensei Posted April 9, 2010 Share Posted April 9, 2010 you need a where statement otherwise it updates all the rows in your table. It should probably be this mysql_query("UPDATE `game`.`users` SET `password` = '$password'" where `username` = '$username'); Quote Link to comment Share on other sites More sharing options...
Linjon Posted April 11, 2010 Author Share Posted April 11, 2010 Wow thanks it works now. Can someone help me with checking old password and new passwords? My form: <html> <body> <table> <form method = 'post' action= 'change.php'> <tr> <td>Username:</td> <td><input type = 'text' name = 'username'></td> </tr> <tr> <td>Password:</td> <td><input type = 'password' name = 'password'></td> </tr> <td>Password again:</td> <td><input type = 'password' name = 'password2'></td> </tr> <tr> <td><input type = 'submit' name = 'submit' value = 'Change password'></td> </tr> </form> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 11, 2010 Share Posted April 11, 2010 You'd need a field in the form called "oldpassword" or something. Then you'd do a check. <?php //Do a query to get the results of the current logged in user $query = mysql_query("select * from users where id = ".$_SESSION['id'].""); $row = mysql_fetch_assoc($query); $oldpassword = $_POST['oldpassword']; if(sha1($oldpassword) == $row['password']) { //Or whatever encryption it is (sha1 I put in) //go along with the rest of the code you already have. } else { echo 'You current password entered is incorrect'; } ?> Quote Link to comment Share on other sites More sharing options...
Linjon Posted April 11, 2010 Author Share Posted April 11, 2010 Problem: Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in change.php on line 13 My code: <?php $username = $_POST['username']; $password = $_POST['password']; $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("game", $con); //Do a query to get the results of the current logged in user $query = mysql_query("SELECT * FROM users WHERE username = ".$_POST['username'].""); $row = mysql_fetch_assoc($query); $oldpassword = $_POST['oldpassword']; if(sha1($oldpassword) == $row['password']) { //Or whatever encryption it is (sha1 I put in) //go along with the rest of the code you already have. } else { echo 'You current password entered is incorrect'; } mysql_query("UPDATE `game`.`users` SET `password` = '$password' where `username` = '$username'"); ?> Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 11, 2010 Share Posted April 11, 2010 Not to sure if it'll make that much of a difference, try mysql_fetch_array instead of mysql_fetch_assoc. Quote Link to comment Share on other sites More sharing options...
Linjon Posted April 11, 2010 Author Share Posted April 11, 2010 mysql_fetch_array didn't solve that Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 11, 2010 Share Posted April 11, 2010 Are there any rows in the database under username, where the username is the one posted ($_POST['username'] ? Quote Link to comment Share on other sites More sharing options...
the182guy Posted April 11, 2010 Share Posted April 11, 2010 That error message means the query failed, and it failed because of invalid syntax. You didnt put any quotes around the username string in the query. Change it to $query = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'"); Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted April 11, 2010 Share Posted April 11, 2010 Ah, I cut out all the quotes I usually use, thinking it'd work. My mistake.. >.< Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.