Jump to content

Need some help with code for "Change Password"

FoxRocks

By FoxRocks
in PHP Coding Help

 Share

Recommended Posts

FoxRocks Member

FoxRocks

Posted
Posted

Hello,

 

Thank you for your interest in my problem. I tried searching for help on this topic, but I kept getting an error saying I wasn't allowed to search (really???).

 

Anyways, I'm trying to make a form for changing a password that checks to see if the old password is a match with the username in the database. Here is my code:

 

		// checks if the old password is correct
		if (!get_magic_quotes_gpc()) 
	{
		$_POST['oldpass'] = addslashes($_POST['oldpass']);
	$_POST['username'] = addslashes($_POST['username']);
		}
	$usercheck = $_POST['username'];
	$passcheck = $_POST['oldpass'];
 	$result = mysql_query("SELECT password FROM admin WHERE username='$usercheck' AND password='$passcheck'")
	or die(mysql_error());
	$check = mysql_fetch_array($result);

	//if the password does not match it gives an error
	if ($check != $_POST['oldpass']) 
	{
	die("<p style=\"margin:75px 0px 0px 150px;\">Sorry, the password for " . $_POST['username'] . " does not match the one you entered.<br> You will now be redirected back to the Admin page.</p>");
	}

 

I've been trying to get it to work this way so I can make sure it's not the encryption screwing me up. I manually entered a user and non encrypted password into the db for testing.

 

I've tried this a few different ways. On the "create" admin form I have it so it encrypts it in md5 before entering into the db, so at one point I had this:

 

		// checks if the old password is correct
		if (!get_magic_quotes_gpc()) 
	{
		$_POST['oldpass'] = addslashes($_POST['oldpass']);
	$_POST['username'] = addslashes($_POST['username']);
		}
	$usercheck = $_POST['username'];
	$passcheck = ($_POST['oldpass'] = md5($_POST['oldpass']));
 	$result = mysql_query("SELECT password FROM admin WHERE username='$usercheck' AND password='$passcheck'")
	or die(mysql_error());
	$check = mysql_fetch_array($result);

	//if the password does not match it gives an error
	if ($check != $passcheck) 
	{
	die("<p style=\"margin:75px 0px 0px 150px;\">Sorry, the password for " . $_POST['username'] . " does not match the one you entered.<br> You will now be redirected back to the Admin page.</p>");
	}

 

I also tried this...

 

// checks if the old password is correct
		if (!get_magic_quotes_gpc()) 
	{
		$_POST['oldpass'] = addslashes($_POST['oldpass']);
	$_POST['username'] = addslashes($_POST['username']);
		}
	$usercheck = $_POST['username'];
	$_POST['oldpass'] = md5($_POST['oldpass']);
                $passcheck = $_POST['oldpass'];
 	$result = mysql_query("SELECT password FROM admin WHERE username='$usercheck' AND password='$passcheck'")
	or die(mysql_error());
	$check = mysql_fetch_array($result);

	//if the password does not match it gives an error
	if ($check != $passcheck) 
	{
	die("<p style=\"margin:75px 0px 0px 150px;\">Sorry, the password for " . $_POST['username'] . " does not match the one you entered.<br> You will now be redirected back to the Admin page.</p>");
	}

 

Here is the entire code for the page:

 

<?php 
	//This makes sure they did not leave any fields blank

 	if (!$_POST['username'] | !$_POST['oldpass'] | !$_POST['pass'] | !$_POST['pass2']) 
 	{
	die("<p style=\"margin:75px 0px 0px 150px;\">You did not complete all of the required fields.<br> You will now be redirected back to the Admin page.</p>");
		}

		// checks if the username is in use
		if (!get_magic_quotes_gpc()) 
	{
		$_POST['username'] = addslashes($_POST['username']);
		}
	$usercheck = $_POST['username'];
 	$result = mysql_query("SELECT username FROM admin WHERE username='$usercheck'") 
	or die(mysql_error());
 	$check = mysql_num_rows($result);

	//if the name does not exist it gives an error
	if ($check == 0) 
	{
	die("<p style=\"margin:75px 0px 0px 150px;\">Sorry, the username <strong>\"" . $_POST['username'] . "\"</strong> is not listed as an admin.<br> You will now be redirected back to the Admin page.</p>");
	}

	//this makes sure both new passwords entered match
	if ($_POST['pass'] != $_POST['pass2']) 
	{
	die("<p style=\"margin:75px 0px 0px 150px;\">Sorry, the new passwords you entered did not match.<br> You will now be redirected back to the Admin page.</p>");
	}

		// checks if the old password is correct
		if (!get_magic_quotes_gpc()) 
	{
		$_POST['oldpass'] = addslashes($_POST['oldpass']);
	$_POST['username'] = addslashes($_POST['username']);
		}
	$usercheck = $_POST['username'];
	$passcheck = $_POST['oldpass'];
 	$result = mysql_query("SELECT password FROM admin WHERE username='$usercheck' AND password='$passcheck'")
	or die(mysql_error());
	$check = mysql_fetch_array($result);

	//if the password does not match it gives an error
	if ($check != $_POST['oldpass']) 
	{
	die("<p style=\"margin:75px 0px 0px 150px;\">Sorry, the password for " . $_POST['username'] . " does not match the one you entered.<br> You will now be redirected back to the Admin page.</p>");
	}

	// here we encrypt the password and add slashes if needed
	$_POST['pass'] = md5($_POST['pass']);

	if (!get_magic_quotes_gpc()) 
	{
	$_POST['pass'] = addslashes($_POST['pass']);
	}

	// now we insert it into the database
	$newpass = $_POST['pass'];
	$user	= $_POST['username'];
	mysql_query("UPDATE admin SET password='$newpass' WHERE username='$user'");
	$result = mysql_query("SELECT password FROM admin WHERE username='$user'");
	$success = mysql_fetch_array($result);
		if ($success == $newpass)
		{
		echo "<div id=\"login\">";
		echo "<h1 style=\"color:#000000;\">Complete</h1>";
		echo "<p>You have successfully changed" . $_POST['username'] . "'s password to" . $_POST['pass'] . ".</p>";
		echo "<p>You will now be redirected back to the Admin page.</p>";
		echo "</div><!--close login-->";
		}
		else
		{
		die(mysql_error());
		}

?>

 

Everything else seems to work, it sees when the user is or isn't in the db, it sees when the new passwords don't match, but it always produces the error "Sorry, the password for 'username" does not match the one you entered. You will now be redirected back to the Admin page."

 

 

I would appreciate any help or hints as to what I'm doing wrong.

 

Thanks :)

~FOX~

 

Link to comment
Share on other sites
FoxRocks Member

FoxRocks

Posted
  • Author
Posted

Fixed it :)

 

Here is the new code:

 

		// checks if the old password is correct
		if (!get_magic_quotes_gpc()) 
	{
		$_POST['oldpass'] = addslashes($_POST['oldpass']);
	$_POST['username'] = addslashes($_POST['username']);
		}
	$_POST['oldpass'] = md5($_POST['oldpass']);
	$usercheck = $_POST['username'];
	$passcheck = $_POST['oldpass'];
 	$result = mysql_query("SELECT password FROM admin WHERE username='$usercheck' AND password='$passcheck'")
	or die(mysql_error());
	$check = mysql_fetch_array($result);

	//if the password does not match it gives an error
	if ($check['password'] != $passcheck) 
	{
	die("<p style=\"margin:75px 0px 0px 150px;\">Sorry, the password for " . $_POST['username'] . " does not match the one you entered.<br> You will now be redirected back to the Admin page.</p>");
	}

 

This code now has the encryption included, but regardless of that, the problem was that I forgot to add the ['password'] part to where the if statement brings up $check. So before I had:

 

if ($check != $passcheck)

 

and now I have:

 

if ($check['password'] != $passcheck)

 

I'm super happy I found this, hopefully this will help someone down the road and not just end up being a useless post ;)

 

Cheers,

~FOX~

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.