Jump to content


Photo

Change password form


  • Please log in to reply
4 replies to this topic

#1 hannah

hannah
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 10 October 2006 - 03:50 PM

I am trying to create a form so users can change their passwords. Obviously i am not writing the code right. I've tried like 20 different methods I got from the internet and books but still doesn't work. My server has PHP 5.0 so I donno what the deal is.
So this is called changepass.php which will be called after changepass01.html sends the form information there.

<?php

include 'connect.php';

$currentpass = $HTTP_POST_VARS['pass'];
$oldpass = $HTTP_POST_VARS['oldpass'];
$newpass = $HTTP_POST_VARS['newpass'];
$user = $HTTP_POST_VARS['user'];



if (empty($oldpass) || empty($newpass))
{
echo('<p><center><b>please enter BOTH your old and new passwords</b></p>');
exit();
}


elseif ($oldpass !== $currentpass)
{
echo('you entered an incorrect password, hit back to retry');
exit();
}


elseif ($oldpass == $currentpass)
{
$query="UPDATE memtb SET pass='$newpass' WHERE id='$user';";
$result =mysql_query($query);

if ($result)
echo mysql_affected_rows().' inserted into the DB';

exit();
}


?>


So what am I doing wrong? I found some people use
$query = "SELECT id FROM memtb WHERE (id='".$user."')"; somethin like that where you use periods I donno I tried doing that.. but then it doesn't update.

Please help! Thanks in advance :)


#2 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 10 October 2006 - 03:54 PM

This seems straight forward, but a quick question before we go any further...

What's the difference between $currentpass and $oldpass?

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#3 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 10 October 2006 - 04:08 PM

Don't use $HTTP_POST_VARS, use $_POST instead. When you enter the routine, dump what is coming from the form:
<?php echo '<pre>' . print_r($_POST,true) . '</pre>';

Ken

#4 mewhocorrupts

mewhocorrupts
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts
  • LocationParker, CO

Posted 10 October 2006 - 04:29 PM

So what am I doing wrong? I found some people use
$query = "SELECT id FROM memtb WHERE (id='".$user."')"; somethin like that where you use periods I donno I tried doing that.. but then it doesn't update.


The periods in that string connect a literal string (the part within the quotes) and a PHP variable.  The final string would be as follows:
<?php
...
$user = "MyName";
$query = "SELECT id FROM memtb WHERE (id='".$user."')";
echo $query;
...
?>

Would output:
SELECT id FROM memtb WHERE (id='MyName')

Now, for the problem that your having with your password change form, could you post the code in your changepass01.html?
-mewhocorrupts

#5 hannah

hannah
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 11 October 2006 - 03:25 AM

OMFG I finally made it work! Thank you all for your responses.
Huggiebear, yea I see ur point. I donno what the differences are. When i copied down the code the code provider did not show the form code so yea that was confusing. I cleared it up now.

kenrbnsn, you were right, I learned that $HTTP_POST_VARS is not auto-global. $_POST works much better. However i did not understand how to apply what you've suggested.

Anyways, here's the final code for anybody who wants to see it:

changepass.php
<?php

include 'connect.php';

$user=$_POST['user'];
$currentpass=$_POST['pass'];
$pass1=$_POST['oldpass'];
$pass2=$_POST['newpass'];

if (empty($pass) || empty($pass1))
{
echo('<p><center><b>please enter BOTH your old and new passwords</b></p>');
exit();
}


elseif ($pass1 == $pass2)
{
$query="UPDATE memtb SET pass='$newpass' WHERE id='$user';";
$result =mysql_query($query);

if ($result)
echo mysql_affected_rows().' inserted into the DB';

exit();
}


?>

changepass01.html
<form action="passchange.php" method="post">
<fieldset><legend>Enter your information in the form below:</legend>

<p><b>Login Name:</b> <input type="text" name="user" size="10" maxlength="20" /></p>

<p><b>Current Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>

<p><b>New Password:</b> <input type="password" name="oldpass" size="20" maxlength="20" /></p>

<p><b>Confirm New Password:</b> <input type="password" name="newpass" size="20" maxlength="20" /></p>
</fieldset>

<div align="center"><input type="submit" name="submit" value="Change My Password" /></div>

</form>

what frustrates me, as a newbie, is how i struggled so hard to get here, and it really could have been prevented had the code providers have been giving accurate information.
Anyways, kudos to all you moderators and php geniuses. If i ever become as knowledgable as you guys, I'll be sure to give back.

www.greatlakesboatingfederation.org  <--I'm the web design intern there. Just wanted to throw that out.

Peace




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users