Problem with a change password script

Timeth · July 22, 2012

Hi there. Im in the process of making a browser based game. Ive sucessfully made a signup, login and logout script. Im now working on a password reset and change password script. The password reset gave me a few difficulties but I managed to solve them. However, the change password one has been driving me mad for hours now. Its probably something pathetic that i'm overlooking but could someone point out any errors please.

<?php

require_once("inc/common.inc.php");
db_connect();
	$login_name = trim(mysql_escape_string((string)$_POST['login_name']));
	db("select * from user_accounts where login_name = '$login_name'");
	$pass = dbr();

	$userPass = $pass['passwd'];
	$oldPassEnc = md5($_POST[oldpass]);
	$newPassEnc = md5($_POST[newpass]);
	$newPassEnc2 = md5($_POST[newpass2]);

			if ($oldPassEnc != $userPass) {
			echo "The old password is not correct!<br><br>";
			echo "<a href=options2.php>Go back</a><br>";
			exit();
			}
			elseif ($newPassEnc != $newPassEnc2) {
			echo "Your new password did not match!<br><br>";
			echo "<a href=options2.php>Go back</a><br>";
			exit();
			}

			elseif ($newPassEnc === $oldPassEnc || $newPassEnc === $userPass) { //make sure it's not the same as the old one.
		  echo "Really. You want your new pass to be the same as your old one? Are you just wasting my bandwith?";
		  echo "<p><a href=options2.php>Go back</a>";
			exit();
		  } 

		  else {

			dbn("update user_accounts set passwd = $newPassEnc where login_name = " . $pass['login_name']);

			echo "<p>Password changed successfully</p>";
			echo "<a href=game_listing.php>Go back to game list</a><br>";
			exit();
			insert_history($pass['login_id'], "Password Changed");
		  } 

include("footer2.php");

?>

the error im getting is "The old password is not correct" so I know that it's something to do with the SQL query and referencing the input for old password, but I just can't spot the mistake. Cheers

Pikachu2000 · July 22, 2012

Do you php have error reporting set up and enabled with the following directives in your php.ini?

error_reporting = -1

display_errors = On

Timeth · July 22, 2012

according to the webspace provider

display_errors = on

error_reporting = no value

Pikachu2000 · July 22, 2012

Add this immediately after your opening <?php tag and see if any errors are generated.

error_reporting(-1);

ini_set('display_errors', 'On');

Timeth · July 22, 2012

none, exactly same as before. Its either not selecting the old password from the db or not reading the inputed old password field

Timeth · July 22, 2012

wait, I was wrong. That is a snippet of code, above that is page layout (header, menu etc) I put your little code at the beggining of the file, nothing changed, then put it midway through where the results are checked and got this:

Notice: Use of undefined constant oldpass - assumed 'oldpass' in /homepages/33/d423643087/htdocs/se/changepass.php on line 112

Notice: Use of undefined constant newpass - assumed 'newpass' in /homepages/33/d423643087/htdocs/se/changepass.php on line 113

Notice: Use of undefined constant newpass2 - assumed 'newpass2' in /homepages/33/d423643087/htdocs/se/changepass.php on line 114

xyph · July 22, 2012

Have you verified the contents (echo, var_dump) of $userPass before checking it against $oldPassEnc? Have you made sure that your query isn't returning 0 rows?

Timeth · July 22, 2012

was:

$userPass = $pass[passwd];
$oldPassEnc = md5($_POST[oldpass]);
$newPassEnc = md5($_POST[newpass]);
$newPassEnc2 = md5($_POST[newpass2]);

changed to:

$userPass = $pass['passwd'];
$oldPassEnc = md5($_POST['oldpass']);
$newPassEnc = md5($_POST['newpass']);
$newPassEnc2 = md5($_POST['newpass2']);

no more undefined constant errors, but still getting old password is not correct when i know 100% the password inputted is the correct password

Timeth · July 22, 2012

thanks xyph, its not returning anything so therefore will always be wrong. Will let you know when its fixed

Pikachu2000 · July 22, 2012

What does your db() function do? Whatever value it's returning isn't assigned to anything.

Timeth · July 22, 2012

Ok, now my query is returning a value, but im still getting an error. The previous issue was a typo on the form input page. However the error i'm now getting is:

ERROR! Unknown column 'Timeth' in 'where clause' BACKTRACE array(2) { [0]=> array(4) { ["file"]=> string(53) "/homepages/33/d423643087/htdocs/se/inc/common.inc.php" ["line"]=> int(132) ["function"]=> string(5) "dbDie" ["args"]=> array(0) { } } [1]=> array(4) { ["file"]=> string(49) "/homepages/33/d423643087/htdocs/se/changepass.php" ["line"]=> int(108) ["function"]=> string(2) "db" ["args"]=> array(1) { [0]=> &string(53) "select * from user_accounts where login_name = Timeth" } } }

Timeth · July 22, 2012

and pika, my db() function is:

function db($string)
{
global $db_func_query, $database_link;
$db_func_query = mysql_query($string, $database_link) or dbDie();
}

xyph · July 22, 2012

You need to quote strings in MySQL queries.

Timeth · July 22, 2012

yep, all sorted now. Been a very long day... thanks for help guys

Sign In

Problem with a change password script

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information