infinite-monkey Posted January 4, 2011 Share Posted January 4, 2011 Hi there I'm a newbie to all of this so please be gentle! I am starting up my own online business and I am feeling my way through PHP. I have been doing ok so far but I'm having problems with the "change your password" function. I change the password, I receive a reactivation email, but when I try to log in with the new password it hasnt changed. Code I'm using as follows: <?php // process.php include 'config.php'; if(isset($_POST['changepassword'])) { $current = trim($_POST['current']); $new = trim($_POST['new']); $confirm = trim($_POST['confirm']); $pw = md5($current); $query = mysql_query("SELECT * FROM Users WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); if(mysql_num_rows($query) > 0) { while($row = mysql_fetch_array($query)) { if ( $_POST['new'] == $_POST['confirm'] ) {}else{ echo '<script>alert("Your passwords were not the same, please enter the same password in each field.");</script>'; echo '<script>history.back(1);</script>'; exit; } $password = md5($new); $do = mysql_query("UPDATE Users SET Password = '$password' WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); $dotwo = mysql_query("UPDATE Users SET Activated = 0 WHERE Password = '$password' LIMIT 1") or die(mysql_error()); $send = mail($row['Email'] , "Password changed" , "Your password has been changed to: ".trim($_POST['new'])."\n\nYou can change it again via the members only panel, but first you must re-activate your account:\nhttp://www.infinite-monkey.co.uk/activate.php?id=".$row['Actkey']."\n\nDo not reply to this email, it is automated. Thanks." , "From: [email protected]"); if((($do)&&($dotwo)&&($send))) { echo '<script>alert("Password changed. You will now be logged out and you must re-activate your account, check your email, a confirmation email has been sent.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } else { echo '<script>alert("There appears to have been an error in the script. 1 or 2 of 3 things may have happened:\n\n• Your password could have been reset/changed\n• Your account could have been deactivated, see the resend validation email page\n• Your email may not have been sent.\n\nYou will now be logged out, if you are not able to login, reset your password using the form, or resend the validation email to activate your account again.\n\nWe are sorry for the inconvenience.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } } } else { echo '<script>alert("Incorrect password.");</script>'; echo '<script>history.back(1);</script>'; exit; Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/ Share on other sites More sharing options...
revraz Posted January 4, 2011 Share Posted January 4, 2011 I would compare to the PW to a Username's PW, not just the first PW that matches. What if two people have the same PW? Same with the UPDATE, update the Username's row, not by a where clause on the Password. Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/#findComment-1154504 Share on other sites More sharing options...
infinite-monkey Posted January 4, 2011 Author Share Posted January 4, 2011 Thank you! That's exactly what the problem is. I have no idea how to fix it though...any pointers? :-\ Thanks again! Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/#findComment-1154508 Share on other sites More sharing options...
BLaZuRE Posted January 4, 2011 Share Posted January 4, 2011 I'm curious, what do you not know how to change and/or what did you try? I don't see a simpler way than directly giving you the code. Is this your code or did you grab it from somewhere else? Sorry if this is harsh, but I don't get why you don't get it. Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/#findComment-1154509 Share on other sites More sharing options...
Zurev Posted January 4, 2011 Share Posted January 4, 2011 How does a user get to this page? If you can verify the users identity, their userID from the database based on however they're logged in, sessions, cookies what have you, then you can update the password in the row pertaining to that specific user. Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/#findComment-1154510 Share on other sites More sharing options...
infinite-monkey Posted January 4, 2011 Author Share Posted January 4, 2011 Yeah I confess I grabbed the code from a tutorial. Is that bad? I'm really trying to understand it as I go, but I also want to get my site up and running as quickly as I can. User gets to this page after they log in. They are directed to a "members only" area which is a control panel which allows them to change their password. Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/#findComment-1154512 Share on other sites More sharing options...
revraz Posted January 4, 2011 Share Posted January 4, 2011 Change your query to search based on both username and pw, not just pw. Change your update the same way. Try it and post the code you try and we'll help you. BTW, that sounds like a bad tutorial if that's what they proposed. Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/#findComment-1154551 Share on other sites More sharing options...
Zurev Posted January 5, 2011 Share Posted January 5, 2011 Yeah I found that tutorial on an MMORPG website, not the best place to find coding tutorials. I would look at the tutorials on this site first, obviously , then try tutsplus to be honest, they even have learning PHP from scratch. Quote Link to comment https://forums.phpfreaks.com/topic/223336-change-password-function/#findComment-1155030 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.