[SOLVED] Change password woes.

tqla · June 5, 2007

Hi, I am working on a Change Password script. It actually does work in that it changes the password but it's not handling the else's and if's properly. It's supposed to not update if the $newpassword and $confirmnewpassword variables do not match, but it goes ahead and updates anyway even if they don't. What's more, the Congratulations message appears all the time whether it updates or not.

<?php 

session_start();

require_once('Connections/Auth.php'); 
$connection = mysql_connect($hostname_Auth, $username_Auth, $password_Auth) 
or die ("Couldn't connect to server.");
$db = mysql_select_db($database_Auth, $connection)
or die ("Couldn't select database.");   

$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM Member WHERE loginName='{$_SESSION['MM_Username']}'");
if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
elseif($password!= mysql_result($result, 0)) 
{ 
echo "You entered an incorrect password"; 
} 
if($newpassword=$confirmnewpassword) 
    $sql=mysql_query("UPDATE Member SET password='$newpassword' where loginName='{$_SESSION['MM_Username']}'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>

MemphiS · June 5, 2007

if($newpassword==$confirmnewpassword){

== (Equals)

tqla · June 5, 2007

That's so funny. In my book it says that is one of the most common mistakes!

Thanks MemphiS.

Can you help me with the rest of it? Is echos the Congrats text no matter what. !?!

MemphiS · June 5, 2007

<?php 
session_start();
require_once('Connections/Auth.php'); 
$connection = mysql_connect($hostname_Auth, $username_Auth, $password_Auth) or die ("Couldn't connect to server.");
$db = mysql_select_db($database_Auth, $connection) or die ("Couldn't select database.");   

$password = addslashes($_POST['password']); // addslashes(); slash ',"
$newpassword = addslashes($_POST['newpassword']);
$confirmnewpassword = addslashes($_POST['confirmnewpassword']);

$result = mysql_query("SELECT `password` FROM `Member` WHERE `loginName` = '{$_SESSION['MM_Username']}'");

if(!$result){ 
echo "The username you entered does not exist"; 
}elseif ((!ctype_alnum($password)) || (!ctype_alnum($newpassword)) || (!ctype_alnum($confirmnewpassword))){
echo("Invalid password."); // ctype_alnum(); checks for letters,numbers 
}elseif($password != mysql_result($result, 0)){
echo("Current password was incorrect. Please retry.");
}elseif($newpassword == $confirmnewpassword){ 
$sql=mysql_query("UPDATE Member SET password='$newpassword' where loginName='{$_SESSION['MM_Username']}'"); 
echo "Congratulations You have successfully changed your password"; 
}else{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>

tqla · June 5, 2007

Works great.

Thank you so darn much MemphiS.

Everyday i learn a little more. (I hope to be as good at this as you someday!)

I hope this bit of code helps somebody else too!

Long live php!! (sorry so overzealous, just happy about this that's all)

Sign In

[SOLVED] Change password woes.

Recommended Posts

tqla

Link to comment

Share on other sites

MemphiS

Link to comment

Share on other sites

tqla

Link to comment

Share on other sites

MemphiS

Link to comment

Share on other sites

tqla

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information