Smudly Posted June 17, 2010 Share Posted June 17, 2010 I'm creating a profile page that allows users to change their first name, last name, email or password. Everything is working fine, except the password part. On one of the else statements, it says "Old passwords do not match". That is the message i get when I try changing the password. It could be an MD5 error MySQL version: 5.0.19 I'm not getting any mysql errors Here's the code: <?php session_start(); include('inc/connect.php'); $username = $_SESSION['username']; if ($username) { //if user is logged in $sql = mysql_query("SELECT * FROM `users` WHERE `username`='".$username."'"); $row = mysql_fetch_assoc($sql); $fname = $row['fname']; $lname = $row['lname']; $email = $row['email']; $edit = ($_POST['edit']); // Edit variables $fnamenew = ucfirst(strip_tags($_POST['fname'])); $lnamenew = ucfirst(strip_tags($_POST['lname'])); $emailnew = strip_tags($_POST['email']); $password = strip_tags(md5($_POST['password'])); $passwordnew = strip_tags(md5($_POST['passwordnew'])); $passwordconf = strip_tags(md5($_POST['passwordconf'])); if($edit){ // check password against database $oldpassworddb = $row['password']; // check passwords if($password==$oldpassworddb) { //check two new passwords if($passwordnew==$passwordconf) { // success // change password in database $edit = "UPDATE users SET `fname`='$fnamenew', `lname`='$lnamenew', `email`='$emailnew', `password`='$passwordnew' WHERE username='$username'"; mysql_query($edit); $fname = ucfirst(strip_tags($_POST['fname'])); $lname = ucfirst(strip_tags($_POST['lname'])); $email = strip_tags($_POST['email']); $submitted = "Changes Submitted"; } else die("New Passwords Don't Match!"); } else die("Old Password doesn't match!"); } } else header("Location: index.php"); ?> <html> <head> <title>Profile</title> </head> <body> <form action="profile.php" method="POST"> Username: <input type="text" value="<?php echo $username; ?>" readonly="readonly"><br /> First Name: <input type="text" maxlength="25" name="fname" value="<?php echo $fname; ?>"><br /> Last Name: <input type="text" maxlength="25" name="lname" value="<?php echo $lname; ?>"><br /> Email: <input type="text" maxlength="64" name="email" value="<?php echo $email; ?>"><br /> Password: <input type="password" maxlength="32" name="password"><br /> New Password: <input type="password" maxlength="32" name="passwordnew"><br /> Confirm Password: <input type="password" maxlength="32" name="passwordconf"><br /> <input type="submit" name="edit" value="Submit Changes"> <?php echo $submitted; ?> </form> </body> </html> Link to comment https://forums.phpfreaks.com/topic/205108-password-checking-problems/ Share on other sites More sharing options...
Pikachu2000 Posted June 17, 2010 Share Posted June 17, 2010 Echo the fields in question and compare them, then we'll go from there. Link to comment https://forums.phpfreaks.com/topic/205108-password-checking-problems/#findComment-1073672 Share on other sites More sharing options...
kratsg Posted June 18, 2010 Share Posted June 18, 2010 I'm a little lost by the strip_tags() function here: $password = strip_tags(md5($_POST['password'])); $passwordnew = strip_tags(md5($_POST['passwordnew'])); $passwordconf = strip_tags(md5($_POST['passwordconf'])); Link to comment https://forums.phpfreaks.com/topic/205108-password-checking-problems/#findComment-1073691 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.