theBrent Posted September 23, 2007 Share Posted September 23, 2007 elo.. i can't seem to find any error in this form that i created.. this form is a change password module.. if u found any error pls tell.. i really need help.. [code=php:0] <?php require_once 'library/config.php'; if(isset($_SESSION['login_user']) && $_SESSION['login_user'] == 'ok'){ $user = $_SESSION['login_name']; $id = $_SESSION['login_id']; $sql = "SELECT * FROM tbl_customer WHERE Username = '$user'"; $result = dbQuery($sql); $message = (isset($_GET['error']) && $_GET['error'] != '') ? $_GET['error'] : ''; ?> <head> </head> <div style="color:red"><?php echo $message; ?></style></div> <form action="modifyprofile2.php" method="post" name="changepass" id="changepass" onsubmit='return formValidator()'> <table style="font-family:arial"> <td align="left">Old Password</td> <td align="left" valign="center"> <input name="txtOldPassword" type="password" class="box" id="txtOldPassword" size="20" maxlength="20"></td> </tr> <tr> <td align="left">New Password</td> <td align="left" valign="center"><input name="txtNewPassword1" type="password" class="box" id="txtNewPassword1" size="20" maxlength="20"><a href="#" class="hintanchor" onMouseover="showhint('Please enter 9-12 characters only', this, event, '150px')">[?]</a></td> </tr> <tr> <td align="left">Repeat New Password</td> <td align="left" valign="center"> <input name="txtNewPassword2" type="password" class="box" id="txtNewPassword2" size="20" maxlength="20"> <small> </small></td> <tr> <input type="hidden" name="user" id='user' value="<?php echo $Username;?>"></td> </tr> <?php echo $user; ?> <td class="accountmenu" colspan="2" align="center"><input type="submit" id="changepass" value="Change Password" onClick="return checkPassword();"></td> <td><input type=button value="Close Window" onClick="javascript:window.close();"/></td> </table> </form> <?php } else { ?> <h1 align="center" style="font-family:arial">PAGE CANNOT BE DISPLAYED. PLEASE REGISTRER OR LOGIN BEFORE ACCESSING THIS PAGE. THANK YOU</h1> <center><img src="header.jpg"/></center> <center><a href="index.php">back to index</a></center> <?php } ?> </body> [/code] here is the query form [code=php:0] <?php require_once 'library/config.php'; $errorMessage = ''; $user = $_POST['user']; $oldPassword = $_POST['txtOldPassword']; $newPassword = $_POST['txtNewPassword1']; $sql = "SELECT Password FROM tbl_customer WHERE Password = md5('$oldPassword')"; $result = dbQuery($sql); if (dbNumRows($result) == 1){ $sql = "UPDATE tbl_customer SET Username = '$user',Password = md5('$newPassword') WHERE Username = '$user'"; $result = dbQuery($sql); $message = "Account Successfully Modified!"; header('Location:changepass.php?error='.urlencode($message)); } else { $message = "Password Incorrect!"; header('Location:changepass.php?error='.urlencode($message)); } return $errorMessage; ?> [/code] help pls! Quote Link to comment Share on other sites More sharing options...
JJohnsenDK Posted September 23, 2007 Share Posted September 23, 2007 find any errors?.. what is the error, does the script print any when you run it? or does the not update your database? what is it you want it to do? Quote Link to comment Share on other sites More sharing options...
theBrent Posted September 23, 2007 Author Share Posted September 23, 2007 it doesnt update.. but it already checks if the old password exist or not... Quote Link to comment Share on other sites More sharing options...
JJohnsenDK Posted September 23, 2007 Share Posted September 23, 2007 try echoing these three variables: echo $user; echo $oldPassword; echo $newPassword; do they all come to the screen? Quote Link to comment Share on other sites More sharing options...
Gamic Posted September 23, 2007 Share Posted September 23, 2007 first of all change $sql = "SELECT Password FROM tbl_customer WHERE Password = md5('$oldPassword')"; to $sql = "SELECT Username FROM tbl_customer WHERE Username='$user' AND Password = md5('$oldPassword');"; I'm assuming that you can have more than one user with the same password. Instead of checking if the password exists *somewhere*, you should check if it exists where you think it exists. In this case under a specific user. If two user's had the same password, in your version, no change would happen because the number of rows returned would have been >1 and not ==1. Which would prevent either of the users changing their passwords, etc etc. $sql = "UPDATE tbl_customer SET Username = '$user',Password = md5('$newPassword') WHERE Username = '$user'"; To $sql="UPDATE tbl_customer SET Password=md5('$newPassword') WHERE Username='$user';"; You could even have just one query. $sql="UPDATE tbl_customer SET Password=md5('$newPassword') WHERE Username='$user' AND Password=md5('$oldPassword');"; This updates the password if the old password and username are correct. Quote Link to comment Share on other sites More sharing options...
theBrent Posted September 23, 2007 Author Share Posted September 23, 2007 thanx!! i never knew i had a lot of errors! forgive cause im still in college doing my senior project! thanx again sir! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.