Password changer

[textbox]

Can anyone tell me what is wrong with this?!

 

form

<form action="changepasswordck.php" method="post">
Old Password: <input type="password" name="password" id="password" size="20"><br />
New Password: <input type="password" name="pass1" id="pass1" size="20"><br />
New Password (again): <input type="password" name="pass2" id="pass2" size="20"><br />
<input type="submit" value="Update Account" name="submit"></form>

 

script

<?php

$username = $_SESSION['username'];
$password = md5($_POST['password']);
$pass1 = $_POST['pass1'];
include("global/db.php");
// start with passwords
if (($password) AND ($pass1) AND ($_POST['pass2'])) {
// check if the authentication is right
    if ($password != $_SESSION['password']) {
        $error = " your current password is incorrect.</p>";
    } else {
// otherwise, check if new passwords match
        if ($pass1 != $_POST['pass2']) {
            $error = " your new password selections don't match.</p>";
        } else {
// otherwise, check if the password's legit
            $legit = ereg("^[a-zA-Z0-9]{4,15}$", $pass1);
            if (!$legit) {
                $error = " your new password selections match, but aren't an appropriate length/form.</p>";
            } else {
// authentication, match, legit, put the new pass in
			$password = md5 ($pass1);
                mysql_query("UPDATE users SET password='$password' WHERE username='$username'") or die(mysql_error());
                $cpass = "<li>your password</li>";
                $_SESSION['password'] = $password;
            }
        }
    }
}
if (($pass)) {
    echo "<p>The following things have been changed:</p><ul>";
    if ($cpass) {
        echo $cpass;
    }
    echo "</ul><br />To return to your profile, <a href=\"login_success.php\">click here</a>.</p>";
}
if ($error) {
    echo "<p>Your password could not be changed because".$error;
} elseif ((!$cpass) AND (!$error)) {
    echo "None of your account settings were changed.";
}
?>

 

It was working.....then, nothing!!

[per1os]

You need session_start() at the very top of the page to use sessions.

[textbox]

Thanks Frost, I had those bits in but didnt include them in my sample. Sorry about that.

 

The code below works now, but does not echo out any success message?!

 

include "include/session.php";
session_start();
header("Cache-control: private");
if (!$_SESSION['username']) {
    echo "You're not logged in!";
    include("login.php");
    exit();
}

session_start();

$username = $_SESSION['username'];
$password = md5($_POST['password']);
$pass1 = $_POST['pass1'];
include("global/db.php");
// start with passwords
if (($password) AND ($pass1) AND ($_POST['pass2'])) {
// check if the authentication is right
    if ($password != $_SESSION['password']) {
        $error = " your current password is incorrect.</p>";
    } else {
// otherwise, check if new passwords match
        if ($pass1 != $_POST['pass2']) {
            $error = " your new password selections don't match.</p>";
        } else {
// otherwise, check if the password's legit
            $legit = ereg("^[a-zA-Z0-9]{4,15}$", $pass1);
            if (!$legit) {
                $error = " your new password selections match, but aren't an appropriate length/form.</p>";
            } else {
// authentication, match, legit, put the new pass in
			$password = md5 ($pass1);
                mysql_query("UPDATE users SET password='$password' WHERE username='$username'") or die(mysql_error());
                $cpass = "<li>your password</li>";
                $_SESSION['password'] = $password;
            }
        }
    }
}
if (($pass)) {
    echo "<p>The following things have been changed:</p><ul>";
    if ($cpass) {
        echo $cpass;
    }
    echo "</ul><br />To return to your profile, <a href=\"login_success.php\">click here</a>.</p>";
}
if ($error) {
    echo "<p>Your password could not be changed because".$error;
} elseif ((!$cpass) AND (!$error)) {
    echo "None of your account settings were changed.";
}
?>