mostafatalebi Posted November 15, 2012 Share Posted November 15, 2012 Hello everybody. I want ask a php programmer that whether or not my method for changing an already-logged in user is true or not. When the user logs in his username is saved in a $_SESSION. When user clicks on the change password link to be directed toward the edit_password page his/her id is queried using his $_SESSION. an example would be something Like this: ("SELECT id FROM tableName WHERE username=?) then I go on: bind_param(), execute(), bind_result($id), fetch() And then if $id != 0 "UPDATE tableName SET password WHERE id=?) and again like above doing mysqli steps. is my method true? but it doesn't work, it does nothing, neither error nor working. Quote Link to comment https://forums.phpfreaks.com/topic/270736-a-question-about-password-reset/ Share on other sites More sharing options...
Christian F. Posted November 15, 2012 Share Posted November 15, 2012 Show us the code, and we should be able to help. Quote Link to comment https://forums.phpfreaks.com/topic/270736-a-question-about-password-reset/#findComment-1392777 Share on other sites More sharing options...
mostafatalebi Posted November 16, 2012 Author Share Posted November 16, 2012 Here is the password-change code. In the login page a session is saved storing the username. <?php session_start(); mysqli_report(MYSQLI_REPORT_ERROR); // Default Connections include("config/db.php"); include("config/pass_config.php"); // Default Variable $form['old_password'] = "";$form['password'] = ""; $alert['main'] = ""; $alert['old_password'] = "";$alert['password'] = ""; if(isset($_POST['submit']))// this is the main if statement { if($_POST['old_password'] == "" || $_POST['password'] == "") // this if is for form validation { if($_POST['old_password'] == "") { $alert['old_password'] = "Required"; } if($_POST['password'] == "") { $alert['password'] = "Required"; } $alert['main'] = "Please complete the form correctly."; $form['old_password'] = $_POST['old_password']; $form['password'] = $_POST['password']; include("view/password_view.php"); // this renders styled page }// form validation else// this means that all fields are working and now we need to connect the php engine to the database { $form['old_password'] = htmlentities($_POST['old_password']); $form['password'] = htmlentities($_POST['password']); $currentUser = $_SESSION['username']; // this is the if of database connect if ($connect = $db->prepare("SELECT id FROM member WHERE user = ? ")) { $connect->bind_param("s", $_SESSION['username']); $connect->execute(); $connect->bind_result($id); $connect->fetch(); if($id) { $connect->close(); // add session variables $_SESSION['id'] = $id; if($connect = $db->prepare("SELECT pass FROM member WHERE id=?")) { $connect->bind_param("i", $_SESSION['id']); $connect->execute(); $connect->bind_result($password_change); if(md5($form['old_password'] . $comb ) == $password_change) { if($connect = $db->prepare("UPDATE member SET pass = ? WHERE id =?")) { $connect->bind_param("si", md5($form['password'] . $comb),$_SESSION['id']); $connect->execute(); $connect->close(); header("Location: member.php?passwordChanged"); // SUCESSFUL UPDATION of PASSWORD } else { echo $alert['main'] = "Updating password failed."; } } else { echo $alert['main'] = "Retreiving the old password failed."; } } else { echo $alert['main'] = "Password incorrect, or the connection has not been established."; } header("Location: member.php?userLogin"); } else { echo $alert['main'] = "User not found."; } } // this is the else of database connect else { $alert['main'] = "No connection established. Please try in a few minutes."; include ("view/password_view.php"); // this is renders stylistic page } }// this is else form validation } else// this is the main else statement { include("view/password_view.php"); } Quote Link to comment https://forums.phpfreaks.com/topic/270736-a-question-about-password-reset/#findComment-1392802 Share on other sites More sharing options...
mostafatalebi Posted November 16, 2012 Author Share Posted November 16, 2012 Here is the password-change code. In the login page a session is saved storing the username. <?php session_start(); mysqli_report(MYSQLI_REPORT_ERROR); // Default Connections include("config/db.php"); include("config/pass_config.php"); // Default Variable $form['old_password'] = "";$form['password'] = ""; $alert['main'] = ""; $alert['old_password'] = "";$alert['password'] = ""; if(isset($_POST['submit']))// this is the main if statement { if($_POST['old_password'] == "" || $_POST['password'] == "") // this if is for form validation { if($_POST['old_password'] == "") { $alert['old_password'] = "Required"; } if($_POST['password'] == "") { $alert['password'] = "Required"; } $alert['main'] = "Please complete the form correctly."; $form['old_password'] = $_POST['old_password']; $form['password'] = $_POST['password']; include("view/password_view.php"); // this renders styled page }// form validation else// this means that all fields are working and now we need to connect the php engine to the database { $form['old_password'] = htmlentities($_POST['old_password']); $form['password'] = htmlentities($_POST['password']); $currentUser = $_SESSION['username']; // this is the if of database connect if ($connect = $db->prepare("SELECT id FROM member WHERE user = ? ")) { $connect->bind_param("s", $_SESSION['username']); $connect->execute(); $connect->bind_result($id); $connect->fetch(); if($id) { $connect->close(); // add session variables $_SESSION['id'] = $id; if($connect = $db->prepare("SELECT pass FROM member WHERE id=?")) { $connect->bind_param("i", $_SESSION['id']); $connect->execute(); $connect->bind_result($password_change); if(md5($form['old_password'] . $comb ) == $password_change) { if($connect = $db->prepare("UPDATE member SET pass = ? WHERE id =?")) { $connect->bind_param("si", md5($form['password'] . $comb),$_SESSION['id']); $connect->execute(); $connect->close(); header("Location: member.php?passwordChanged"); // SUCESSFUL UPDATION of PASSWORD } else { echo $alert['main'] = "Updating password failed."; } } else { echo $alert['main'] = "Retreiving the old password failed."; } } else { echo $alert['main'] = "Password incorrect, or the connection has not been established."; } header("Location: member.php?userLogin"); } else { echo $alert['main'] = "User not found."; } } // this is the else of database connect else { $alert['main'] = "No connection established. Please try in a few minutes."; include ("view/password_view.php"); // this is renders stylistic page } }// this is else form validation } else// this is the main else statement { include("view/password_view.php"); } Quote Link to comment https://forums.phpfreaks.com/topic/270736-a-question-about-password-reset/#findComment-1392803 Share on other sites More sharing options...
mostafatalebi Posted November 16, 2012 Author Share Posted November 16, 2012 I have done all steps, it goes up to the last step, but erros: Commands out of sync; you can't run this command now Quote Link to comment https://forums.phpfreaks.com/topic/270736-a-question-about-password-reset/#findComment-1392907 Share on other sites More sharing options...
mostafatalebi Posted November 16, 2012 Author Share Posted November 16, 2012 My problem is solved. After hours of testing. thanks anyway. Quote Link to comment https://forums.phpfreaks.com/topic/270736-a-question-about-password-reset/#findComment-1392909 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.