Jump to content

Php password change script with validation ??


mohit587

Recommended Posts

Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 plz help me with this as m new with php???? below m pasting the code :

 

 

<?php

session_start();

include "connection.php";

//include_once('header1.php');

$msg="";

 

 

if($_SERVER['REQUEST_METHOD']=='POST' &&

empty($_POST['username']) ||

empty($_POST['password']) ||

empty($_POST['newpass']) ||

empty($_POST['newpassconfirm'])

 

 

 

)

{

$msg="empty fields";

}

 

{

$user=$_POST['username'];

$pass=$_POST['password'];

$newpass=$_POST['newpass'];

$confirmpass=$_POST['newpassconfirm'];

 

$result=mysql_query("SELECT password FROM user WHERE username='$user'");

if(!$result)

{

$msg="The Username You Entered Does not Exist";

}

elseif($pass!= mysql_result($result,0))

{

echo $msg="You Entered An Incorrect Password";

}

if($newpass != $confirmpass)

{ $msg = "Passwords do not match"; }

elseif($newpass=$confirmpass)

$sql=mysql_query("update user set password='$newpass' where username ='$user'");

 

if($sql)

{

echo "Congrats you have successfully changed your password.";

}

header('refresh:3 databases.php');

}

{

?>

 

 

<html>

<body>

<?php echo $msg ; ?>

<form class="changepass" action="changepass.php" method="POST"><P>

<table><tr><td>

Enter ur username :</td> <td> <input type="text" name="username" /></td></tr>

<tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr>

<tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr>

<tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr>

<tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr>

 

 

 

</table>

 

</form>

</body>

</html>

 

<?php }?>

 

Link to comment
Share on other sites

Ok sir i ll keep in mind abt these tags in future as m new to this forum  .

Its not working as : Validations are nt working properly, passwords even gets changed without even  putting confirm password ..kindly help me with this script it ll be very helpfull to me as m new to php .

Link to comment
Share on other sites

Thank u NLT sir it did as u said nt still not wrkin and i myself did some tweakin wit the code and now my code is :

<?php
include "connection.php";
session_start();
$msg="";

if($_SERVER['REQUEST_METHOD']=='POST' && 
!empty($_POST['username']) ||
   !empty($_POST['oldpass']) ||
!empty($_POST['pass1']) ||
!empty($_POST['pass2'])

  )
{
$user = trim($_POST['username']);
$oldpass=trim($_POST['oldpass']);
$pass1 = trim($_POST['pass1']);
$pass2 = trim($_POST['pass2']);

if($pass1 != $pass2)
{ $msg = "Passwords do not match"; }
elseif($pass1=="" || $pass2=="" || $user=="" || $oldpass) {  $msg='Empty fields not allowed ' ;}
$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result) 
{
   $msg="The Username You Entered Does not Exist";	
}
if(!$pass1= mysql_result($result,0)) 
{
  echo $msg="You Entered An Incorrect Password";  
   } 
   elseif($pass1==$pass2) 
$sql=mysql_query("update user set password='$pass1' where username ='$user'");
if($sql)   
   {
   	echo "Congrats you have successfully changed your password.";
}
header('refresh:300 databases.php');}
  
  	?>   	
<html>
<head></head>
<body>
<div><?php echo $msg; ?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Username:<input type="text" name="username"/>
Old password:<input type="password" name="oldpass"/><br/>
New password:<input type="password" name="pass1"/><br/>
Confirm New password: <input type="password" name="pass2"/><br/>
<input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" 
onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'">
</form>
</div>
</body>
</html>

 

 

The prob  is that  it doesnt change password even after filling all the fields correctly it says empty fields nt allowed and if i change invalid username its nt showing the correct validation rather it shows all the validations that incorrect pass, congratulations pass changed etc etc????? why this can u please help  its nt workin  :(

Link to comment
Share on other sites

First of all mysql_query() gives true if query succeeds, so you should not simply check its return value... Or actually you should, but only to see wheter the query succeeded or not, and if it did, then use a loop with mysql_fetch_array() or similar to get the actual result(s). In your case you don’t need to use a loop, since the result is only one anyway (provided that the "username" field is unique).

 

So, for example:

$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result)  {
                   //Error, probably something wrong in query syntax
} else {
        //Ok, query succeeded, now check the result
      if ($a = mysql_fetch_array($result)) {
               //now $a is an array that contains the retrieved fields
      } else {
           //No results found for this username
      }
}

 

This is the first thing that came to mind, probabily there is something else, you should specify what errors you get, if any, or anyway what the script returns.

Link to comment
Share on other sites

Sir m a beginner in php so m unable to follow up with ur suggestions..... so i request u to please help me by editing my code.... as wen utold me to use mysql_num_rows which i dunno hw to use  :( can u please fix my code n tell me how t use it , i wud really appreciate it  :shy:

Link to comment
Share on other sites

Sir m a beginner in php so m unable to follow up with ur suggestions..... so i request u to please help me by editing my code.... as wen utold me to use mysql_num_rows which i dunno hw to use  :( can u please fix my code n tell me how t use it , i wud really appreciate it  :shy:

Can you please post your current code so we can have a look.

 

 

Link to comment
Share on other sites

yes sir my current code is:

 

 

 

 

<?php
session_start();
include "connection.php";
//include_once('header1.php');
$msg="";


if($_SERVER['REQUEST_METHOD']=='POST' &&
empty($_POST['username']) ||
empty($_POST['password']) ||
empty($_POST['newpass']) ||
empty($_POST['newpassconfirm'])



)
{
$msg="empty fields";
}

{
$user=$_POST['username'];
$pass=$_POST['password'];
$newpass=$_POST['newpass'];
$confirmpass=$_POST['newpassconfirm'];

$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result)
{
$msg="The Username You Entered Does not Exist";
}
elseif($pass!= mysql_result($result,0))
{
echo $msg="You Entered An Incorrect Password";
}
if($newpass != $confirmpass)
{ $msg = "Passwords do not match"; }
elseif($newpass==$confirmpass)
$sql=mysql_query("update user set password='$newpass' where username ='$user'");

if($sql)
{
echo "Congrats you have successfully changed your password.";
}
header('refresh:3 databases.php');
}

?>


<html>
<body>
<?php echo $msg ; ?>
<form class="changepass" action="changepass.php" method="POST"><P>
<table><tr><td>
Enter ur username :</td> <td> <input type="text" name="username" /></td></tr>
<tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr>
<tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr>
<tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr>
<tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr>



</table>

</form>
</body>
</html>


 

 

Hopin some help frm ur side  :(

Link to comment
Share on other sites

yes sir my current code is:

 

 

 

 

<?php
session_start();
include "connection.php";
//include_once('header1.php');
$msg="";


if($_SERVER['REQUEST_METHOD']=='POST' &&
empty($_POST['username']) ||
empty($_POST['password']) ||
empty($_POST['newpass']) ||
empty($_POST['newpassconfirm'])



)
{
$msg="empty fields";
}

{
$user=$_POST['username'];
$pass=$_POST['password'];
$newpass=$_POST['newpass'];
$confirmpass=$_POST['newpassconfirm'];

$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result)
{
$msg="The Username You Entered Does not Exist";
}
elseif($pass!= mysql_result($result,0))
{
echo $msg="You Entered An Incorrect Password";
}
if($newpass != $confirmpass)
{ $msg = "Passwords do not match"; }
elseif($newpass==$confirmpass)
$sql=mysql_query("update user set password='$newpass' where username ='$user'");

if($sql)
{
echo "Congrats you have successfully changed your password.";
}
header('refresh:3 databases.php');
}

?>


<html>
<body>
<?php echo $msg ; ?>
<form class="changepass" action="changepass.php" method="POST"><P>
<table><tr><td>
Enter ur username :</td> <td> <input type="text" name="username" /></td></tr>
<tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr>
<tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr>
<tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr>
<tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr>



</table>

</form>
</body>
</html>


 

 

Hopin some help frm ur side  :(

 

 

Have you tried to echo some of the variables to see if they're coming across as they should?

 

print_r['$_POST'];

Link to comment
Share on other sites

yes this is the last script which is workin fine and updating passwords but the prob in this is that :

1. its not showing any validations .

2. when i enter only one new password ...even then also it changes the pass

3  when i enter only username and old pass and leave the new pass and retype fields blank even then also it changes the pass to blank and says congrats pass has been changed.

 

<?php
include "connection.php";
session_start();

$msg="";
$user=$_POST['username'];
$pass=$_POST['password'];
$newpass=$_POST['newpass'];
$confirmpass=$_POST['newpassconfirm'];
$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result) 
{
   $msg="The Username You Entered Does not Exist";	
}
elseif($pass!= mysql_result($result,0)) 
{
  echo $msg="You Entered An Incorrect Password";  
   } 
   if($newpass==$confirmpass) 
$sql=mysql_query("update user set password='$newpass' where username ='$user'");
if($sql)   
   {
   	echo "Congrats you have successfully changed your password.";
}
header('refresh:3 databases.php');
  
  	
  	?>   	

Link to comment
Share on other sites

It's because you're not checking if they have a value through submit.

 

You can do those type of checks with the isset function.

 

For example, for one of your variables in your form to make sure has a value, you could use:

if(isset($_POST['username'])) 
{
// Do stuff here
}

 

 

Link to comment
Share on other sites

With ur all  kind support i ve fixed the code nw everythins workin fine just one error so i m attachin the pic of the error so plz help me fix that error......my new code is:

  
<?php
include "connection.php";
session_start();
$msg="";


if (isset($_POST["username"]) && isset($_POST["oldpass"]) && isset($_POST["pass1"]) && isset($_POST["pass2"]) ){
    if($_POST["username"]==""){
    $msg = "empty uname <br/>";
    }

    if($_POST["oldpass"]==""){
    $msg = "empty oldy <br/>";
    }


    if($_POST["pass1"]==""){
    $msg=" empty pass1 <br/>";
    }
   
    if($_POST["pass2"]==""){
    $msg =" empty pass2 <br/>";
    }}

if($_SERVER['REQUEST_METHOD']=='POST' && 
!empty($_POST['username']) ||
   !empty($_POST['oldpass']) ||
!empty($_POST['pass1']) ||
!empty($_POST['pass2'])

  )
{
$user = $_POST['username'];
$oldpass=$_POST['oldpass'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
//if($pass1=="" || $pass2=="" || $user=="" || $oldpass) {  $msg='Empty fields not allowed ' ;}
if($pass1 != $pass2)
{ $msg = "Passwords do not match"; }
$result= mysql_query("SELECT password FROM user WHERE username='$user' and password='$oldpass'");
mysql_num_rows($result);

if(!$result) 
{
   $msg="The Username You Entered Does not Exist";	
}


if(!$oldpass = mysql_result($result,0)) 
{
  echo $msg="You Entered An Incorrect Password";  
   } 
   
   
  
   elseif($pass1==$pass2) 
$sql=mysql_query("update user set password='$pass2' where username ='$user'");
if($sql)   
   {
   	echo "Congrats you have successfully changed your password.";
}
header('refresh:300 databases.php');}

  
  	?>   	
<html>
<head></head>
<body>
<div><?php echo $msg; ?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Username:<input type="text" name="username"/>
Old password:<input type="password" name="oldpass"/><br/>
New password:<input type="password" name="pass1"/><br/>
Confirm New password: <input type="password" name="pass2"/><br/>
<input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" 
onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'">
</form>
</div>
</body>
</html>


post-132987-13482403396965_thumb.jpg

Link to comment
Share on other sites

Here's my take on your code.

<?php
include "connection.php";
session_start();
$msg="";

//We only one solid isset field in the form to trigger validation.
if (isset($_POST['username'])){
    if (empty($_POST['username'])){$msg .= "empty uname <br/>";}
    if (empty($_POST['oldpass'])){$msg .= "empty oldy <br/>";}
    if (empty($_POST['pass1'])){$msg .= "empty pass1 <br/>";}   
    if (empty($_POST['pass2'])){$msg .= "empty pass2 <br/>";}
if(trim($_POST['pass1']) != trim($_POST['pass2'])){ $msg .= "Passwords do not match"; }

if (empty($msg)){
$user = mysql_real_escape_string(trim($_POST['username']));
$oldpass= mysql_real_escape_string(trim($_POST['oldpass']));
$pass1 = mysql_real_escape_string(trim($_POST['pass1']));
$pass2 = mysql_real_escape_string(trim($_POST['pass2']));

//It's much more reliable to update a record based on an id rather than a username, so grab id in query.
$sql="SELECT id FROM user WHERE username='$user' and password='$oldpass'"; 
$result= mysql_query($sql);

if (mysql_num_rows($result)){
$row = mysql_fetch_row($result);
$sql=mysql_query("UPDATE user SET password='$pass2' where id='{$row[0]}'");
$msg .="Congrats you have successfully changed your password.";
}
//Unless you're planning a running seperate checks for username and password, pass general message to user.
else{ $msg .="The Username and Password conbination does not Exist";}
}
} 
  	?>   	
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Change Password</title>
<style type="text/css">
.wrapper{
float:left;
width:350px;
}
.left{
float:left;
text-align:right;
width:50%;
}
.right{
float:right;
width:50%;
}
.full{
float:left;
width:100%;
}
.clear{
clear:both;
}
.error{
color:red;
text-align:center;
}
</style>
</head>
<body>

<form method="post" action="">
<div class="wrapper">
<div class="full error"><?php echo $msg; ?></div><div class="clear"></div>
<div class="left">Username: </div><div class="right"><input type="text" name="username" /></div>
<div class="clear"></div>
<div class="left">Old password: </div><div class="right"><input type="password" name="oldpass" /></div>
<div class="clear"></div>
<div class="left">New password: </div><div class="right"><input type="password" name="pass1" /></div>
<div class="clear"></div>
<div class="left">Confirm New password: </div><div class="right"><input type="password" name="pass2" /></div>
<div class="clear"></div>
<div class="full"><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" 
onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'" />
</div>
</div>
</form>
</body>
</html>

 

Link to comment
Share on other sites

Thank you  Drummin you are a real programmer may god bless u with gr8 life ....u saved my life hehe  :D i cant thank u enough man ..there were some probs here which were very minor n i fixed it myself hehe n it worked like a charm  ;D ;D once again drummin thank u man .

 

 

 

$sql="SELECT id password FROM user WHERE username='$user' and password='$oldpass'";

 

$sql=mysql_query("UPDATE user SET password='$pass2' where id='{$row[0]}' username=''$user");

 

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.