Jump to content

Change Password

I-AM-OBODO

By I-AM-OBODO
in PHP Coding Help

 Share

Recommended Posts

I-AM-OBODO Advanced Member

I-AM-OBODO

Posted
Posted

 

Hi all,

I've been battling with this for a while and I don't know why I'm not getting it right. I want a user to be able to change their password. The problem is that I don't know why its not checking the database for the old password but it just changes the password straight up even when its not the correct old password.

 

Thanks in advance

Here is my code:

 

<?php

if(isset($_POST['submit'])){

$oldpwd = $_POST['oldpwd'];
$newpwd = $_POST['newpwd'];
$newpwd2 = $_POST['newpwd2'];

if($oldpwd == ""){
$err1 = "<font color=red><strong>Current Password Empty</strong></font>";
}
if($newpwd == ""){
$err2 = "<font color=red><strong>New Password Empty</strong></font>";
}
elseif(strlen($_POST['newpwd']) <= 5){
$err3 = "<font color=red><strong>Password Must Be More Than 5 Characters</strong></font>";
}
elseif($newpwd2 == ""){
$err4 = "<font color=red><strong>Confirm Password Empty</strong></font>";
}

elseif($newpwd != $newpwd2){
$err5 = "<font color=red><strong>Password Do Not Match</strong></font>";
}
else{
$checkold = "SELECT password FROM reg_users WHERE username = '$_SESSION[username]' AND password = '".md5($_POST['newpwd'])."'";
$reslt = mysql_query($checkold);

if($reslt){
if(mysql_num_rows($reslt) != 1) {
echo "Unrecognized User or Password";
}else{
$query = "UPDATE reg_users SET password = '".md5($_POST['newpwd'])."' WHERE username = '$_SESSION[username]' ";
$result = mysql_query($query);

$pass_changed = "<font color=blue><strong>Password Changed.</strong></font>";
$wrong = "<font color=red><strong>Something went wrong</strong></font>";

if ($result){
echo $pass_changed;
}
else{
echo $wrong;
} 
}
} 
}	
}

?>

Link to comment
https://forums.phpfreaks.com/topic/273727-change-password/
Share on other sites
dpiearcy Member

dpiearcy

Posted
Posted

That's because you are looking for a row that matches what the new password is.

 

$checkold = "SELECT password FROM reg_users WHERE username = '$_SESSION[username]' AND password = '".md5($_POST['newpwd'])."'";

 

Select password that matches username then deal with your file handling after you have that information. Then you can check to see if the old password matches what you have in the database etc. and deal with the change from that point.

Link to comment
https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408782
Share on other sites
Christian F. Member

Christian F.

Posted
Posted

Alternatively, this site, as it's bit more up-to-date. In addition to that, you can also read this article about secure login systems.

Both of them combined should provide you with all of the information you need to make a proper & secure login system.

Link to comment
https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408841
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.