I-AM-OBODO Posted January 28, 2013 Share Posted January 28, 2013 Hi all, I've been battling with this for a while and I don't know why I'm not getting it right. I want a user to be able to change their password. The problem is that I don't know why its not checking the database for the old password but it just changes the password straight up even when its not the correct old password. Thanks in advance Here is my code: <?php if(isset($_POST['submit'])){ $oldpwd = $_POST['oldpwd']; $newpwd = $_POST['newpwd']; $newpwd2 = $_POST['newpwd2']; if($oldpwd == ""){ $err1 = "<font color=red><strong>Current Password Empty</strong></font>"; } if($newpwd == ""){ $err2 = "<font color=red><strong>New Password Empty</strong></font>"; } elseif(strlen($_POST['newpwd']) <= 5){ $err3 = "<font color=red><strong>Password Must Be More Than 5 Characters</strong></font>"; } elseif($newpwd2 == ""){ $err4 = "<font color=red><strong>Confirm Password Empty</strong></font>"; } elseif($newpwd != $newpwd2){ $err5 = "<font color=red><strong>Password Do Not Match</strong></font>"; } else{ $checkold = "SELECT password FROM reg_users WHERE username = '$_SESSION[username]' AND password = '".md5($_POST['newpwd'])."'"; $reslt = mysql_query($checkold); if($reslt){ if(mysql_num_rows($reslt) != 1) { echo "Unrecognized User or Password"; }else{ $query = "UPDATE reg_users SET password = '".md5($_POST['newpwd'])."' WHERE username = '$_SESSION[username]' "; $result = mysql_query($query); $pass_changed = "<font color=blue><strong>Password Changed.</strong></font>"; $wrong = "<font color=red><strong>Something went wrong</strong></font>"; if ($result){ echo $pass_changed; } else{ echo $wrong; } } } } } ?> Link to comment https://forums.phpfreaks.com/topic/273727-change-password/ Share on other sites More sharing options...
dpiearcy Posted January 28, 2013 Share Posted January 28, 2013 echo $reslt and what do you get? Link to comment https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408773 Share on other sites More sharing options...
I-AM-OBODO Posted January 28, 2013 Author Share Posted January 28, 2013 echo @reslt didn't echo anything. Link to comment https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408781 Share on other sites More sharing options...
dpiearcy Posted January 28, 2013 Share Posted January 28, 2013 That's because you are looking for a row that matches what the new password is. $checkold = "SELECT password FROM reg_users WHERE username = '$_SESSION[username]' AND password = '".md5($_POST['newpwd'])."'"; Select password that matches username then deal with your file handling after you have that information. Then you can check to see if the old password matches what you have in the database etc. and deal with the change from that point. Link to comment https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408782 Share on other sites More sharing options...
dpiearcy Posted January 28, 2013 Share Posted January 28, 2013 You might also want to read this. http://php.net/manual/en/faq.passwords.php Concerning your use of md5 for password hashing. Link to comment https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408784 Share on other sites More sharing options...
Christian F. Posted January 28, 2013 Share Posted January 28, 2013 Alternatively, this site, as it's bit more up-to-date. In addition to that, you can also read this article about secure login systems. Both of them combined should provide you with all of the information you need to make a proper & secure login system. Link to comment https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408841 Share on other sites More sharing options...
I-AM-OBODO Posted January 29, 2013 Author Share Posted January 29, 2013 Thanks @dpiearcy. I found that I was actually checking for new password instead of the old one. It ought to select from where old instead of select from where new. Oversight! thanks Link to comment https://forums.phpfreaks.com/topic/273727-change-password/#findComment-1408896 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.