tqla Posted June 5, 2007 Share Posted June 5, 2007 Hi, I am working on a Change Password script. It actually does work in that it changes the password but it's not handling the else's and if's properly. It's supposed to not update if the $newpassword and $confirmnewpassword variables do not match, but it goes ahead and updates anyway even if they don't. What's more, the Congratulations message appears all the time whether it updates or not. <?php session_start(); require_once('Connections/Auth.php'); $connection = mysql_connect($hostname_Auth, $username_Auth, $password_Auth) or die ("Couldn't connect to server."); $db = mysql_select_db($database_Auth, $connection) or die ("Couldn't select database."); $password = $_POST['password']; $newpassword = $_POST['newpassword']; $confirmnewpassword = $_POST['confirmnewpassword']; $result = mysql_query("SELECT password FROM Member WHERE loginName='{$_SESSION['MM_Username']}'"); if(!$result) { echo "The username you entered does not exist"; } elseif($password!= mysql_result($result, 0)) { echo "You entered an incorrect password"; } if($newpassword=$confirmnewpassword) $sql=mysql_query("UPDATE Member SET password='$newpassword' where loginName='{$_SESSION['MM_Username']}'"); if($sql) { echo "Congratulations You have successfully changed your password"; } else { echo "The new password and confirm new password fields must be the same"; } ?> Quote Link to comment Share on other sites More sharing options...
MemphiS Posted June 5, 2007 Share Posted June 5, 2007 if($newpassword==$confirmnewpassword){ == (Equals) Quote Link to comment Share on other sites More sharing options...
tqla Posted June 5, 2007 Author Share Posted June 5, 2007 That's so funny. In my book it says that is one of the most common mistakes! Thanks MemphiS. Can you help me with the rest of it? Is echos the Congrats text no matter what. !?! Quote Link to comment Share on other sites More sharing options...
MemphiS Posted June 5, 2007 Share Posted June 5, 2007 <?php session_start(); require_once('Connections/Auth.php'); $connection = mysql_connect($hostname_Auth, $username_Auth, $password_Auth) or die ("Couldn't connect to server."); $db = mysql_select_db($database_Auth, $connection) or die ("Couldn't select database."); $password = addslashes($_POST['password']); // addslashes(); slash '," $newpassword = addslashes($_POST['newpassword']); $confirmnewpassword = addslashes($_POST['confirmnewpassword']); $result = mysql_query("SELECT `password` FROM `Member` WHERE `loginName` = '{$_SESSION['MM_Username']}'"); if(!$result){ echo "The username you entered does not exist"; }elseif ((!ctype_alnum($password)) || (!ctype_alnum($newpassword)) || (!ctype_alnum($confirmnewpassword))){ echo("Invalid password."); // ctype_alnum(); checks for letters,numbers }elseif($password != mysql_result($result, 0)){ echo("Current password was incorrect. Please retry."); }elseif($newpassword == $confirmnewpassword){ $sql=mysql_query("UPDATE Member SET password='$newpassword' where loginName='{$_SESSION['MM_Username']}'"); echo "Congratulations You have successfully changed your password"; }else{ echo "The new password and confirm new password fields must be the same"; } ?> Quote Link to comment Share on other sites More sharing options...
tqla Posted June 5, 2007 Author Share Posted June 5, 2007 Works great. Thank you so darn much MemphiS. Everyday i learn a little more. (I hope to be as good at this as you someday!) I hope this bit of code helps somebody else too! Long live php!! (sorry so overzealous, just happy about this that's all) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.