Angelojoseph17 Posted April 12, 2010 Share Posted April 12, 2010 Hi guys, I am my wits end here. I have written a script which allows users to change their password by entering their current password, username, new password. The script compares the current password against the password stored in the database. However it is md5 ecrypted I am new to php and i'm not sure how do this. Please help. <?php mysql_connect("la", "la", "al") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); $username=$_POST["username"]; $password=$_POST["password"]; $newpassword = $_POST['newpassword']; $confirmnewpassword = $_POST['confirmnewpassword']; $res=mysql_query("select * from users where username='$username'") or die("cannot select from email"); $row=mysql_fetch_array($res); if(!$row["username"]) { echo "The username you entered does not exist<a href=changepassword.php>Try Again</a> or <a href=index.htm>Quit</a>"; } else if($password!= $row["password"]) { echo "You entered an incorrect password. <a href=changepassword.php>Try Again</a> or <a href=index.htm>Quit</a>"; } else if($newpassword==$confirmnewpassword) $upassword=md5($newpassword); $sql=mysql_query("update users set password='$upassword' where username='$username'") or die("cannot send your password"); if($sql) { echo "Congratulations! You have successfully changed your password. <a href=index.htm>Continue</a>"; } $email=$row["email"]; $name=$row["firstname"]; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: admin>' . "\r\n"; $subject ="You have changed your password-"; $body="<div align=center><br><br>----------------------------- Password Recovery--------------------------------<br><br><br><br> Dear $name, Your Password is set to: $newpassword<br><br>Remember your password this time!</div>"; if(mail($email,$subject,$body,$headers)) {echo "<h4>Your password has been sent to your email address: $email</h4>";} else {echo "<h4>Password Not Send.<br><Br>Please Try Again Later!...</h4>";} ?> Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted April 12, 2010 Share Posted April 12, 2010 md5 the current password and then compare it to the one in the database. Quote Link to comment Share on other sites More sharing options...
Angelojoseph17 Posted April 12, 2010 Author Share Posted April 12, 2010 ha, I did not think of that. Thanks dude. Gonna give it a try. Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 12, 2010 Share Posted April 12, 2010 Here's a related tip. Do the easy validations first. For example, in this case, check if the new password and confirm password match. If not, then there is no need to do a database query to retrieve the current password for comparison. A database query will be much more taxing on the servers than a simple string comparison. Quote Link to comment Share on other sites More sharing options...
Angelojoseph17 Posted April 12, 2010 Author Share Posted April 12, 2010 thanks mjdamato will keep that in mind. that worked for me. Many thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.