Jump to content


Photo

Change Password Form


  • Please log in to reply
1 reply to this topic

#1 md3inaustin

md3inaustin
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 30 October 2006 - 08:13 PM

Below is the code I have written for a change password form.  The form displays the change password form if none of the fields are filled out, other wise it tries to process the request and then display a results page.  It works somewhat, but so far a user has to submit the form 2 times in order for it to work.  Does anyone know of a more simple way to create a change password form that verifies the current password before allowing a password change?  I haven't found anything yet on the net.

'Ppreciate any assistance.

Below is the code:
<?php include("library/titlebar.php");
mysql_query("UPDATE employees SET tmppass=password('$oldpassword') WHERE employeeid='$employeeid'");
if ($oldpassword == null) {
  echo $chngpassform;
}elseif ($row["tmppass"] != $row["password"]) {
  echo $error1;
  echo $chngpassform;
} else {
  mysql_query("UPDATE employees SET password=password('$newpassword') WHERE employeeid='$employeeid'");
  echo $results;
}
?>


#2 genericnumber1

genericnumber1
  • Members
  • PipPipPip
  • Advanced Member
  • 1,858 posts

Posted 30 October 2006 - 09:10 PM

why not just combine password verification and password change into one?

the change password form...
<form action="changepass.php" method="post">
Old Password: <input type="password" name="oldpass"><br>
New Password: <input type="password" name="newpass1"><br>
Repeat New Password: <input type="password" name="newpass2">
<input type='submit'>
</form>

changepass.php...
<?php
$oldpass = md5($_POST['oldpass']);
$newpass1 = md5($_POST['newpass1']);
$newpass2 = md5($_POST['newpass2']);

if($newpass1 != $newpass2){
   // error action
}

$result = mysql_query("SELECT password FROM employees WHERE employeeid='$employeeid' LIMIT 1");
$row = mysql_fetch_array("$result");

if($row['password'] != $oldpass){
   // error action
} else {
   if(@mysql_query("UPDATE employees SET password='$newpass' WHERE employeeid='$employeeid'")){
      // success action
   } else {
      // error action
   }
}
?>

just threw it together real fast so no guarantee as to if it works precisely, and it assumes you already defined $employeeid and established a mysql connection, but you get the gist of the logic eh?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users