Jump to content

Archived

This topic is now archived and is closed to further replies.

md3inaustin

Change Password Form

Recommended Posts

Below is the code I have written for a change password form.  The form displays the change password form if none of the fields are filled out, other wise it tries to process the request and then display a results page.  It works somewhat, but so far a user has to submit the form 2 times in order for it to work.  Does anyone know of a more simple way to create a change password form that verifies the current password before allowing a password change?  I haven't found anything yet on the net.

'Ppreciate any assistance.

[b]Below is the code:[/b]
[code]<?php include("library/titlebar.php");
mysql_query("UPDATE employees SET tmppass=password('$oldpassword') WHERE employeeid='$employeeid'");
if ($oldpassword == null) {
  echo $chngpassform;
}elseif ($row["tmppass"] != $row["password"]) {
  echo $error1;
  echo $chngpassform;
} else {
  mysql_query("UPDATE employees SET password=password('$newpassword') WHERE employeeid='$employeeid'");
  echo $results;
}
?>[/code]

Share this post


Link to post
Share on other sites
why not just combine password verification and password change into one?

the change password form...
[code]
<form action="changepass.php" method="post">
Old Password: <input type="password" name="oldpass"><br>
New Password: <input type="password" name="newpass1"><br>
Repeat New Password: <input type="password" name="newpass2">
<input type='submit'>
</form>
[/code]

changepass.php...
[code]
<?php
$oldpass = md5($_POST['oldpass']);
$newpass1 = md5($_POST['newpass1']);
$newpass2 = md5($_POST['newpass2']);

if($newpass1 != $newpass2){
  // error action
}

$result = mysql_query("SELECT password FROM employees WHERE employeeid='$employeeid' LIMIT 1");
$row = mysql_fetch_array("$result");

if($row['password'] != $oldpass){
  // error action
} else {
  if(@mysql_query("UPDATE employees SET password='$newpass' WHERE employeeid='$employeeid'")){
      // success action
  } else {
      // error action
  }
}
?>
[/code]

just threw it together real fast so no guarantee as to if it works precisely, and it assumes you already defined $employeeid and established a mysql connection, but you get the gist of the logic eh?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.