Jump to content

Recommended Posts

Hey,

 

Im working on a change password.php.

 

I want the user to have to type in there original password then there new password, followed by the confirmed new password.

 

I have pretty much written the code to do this however the password which is stored in the database is encryped using PASSWORD ('$password') at registration. This means that when I attempt to match the password in the database with the current password they do not match.

 

How can I do this? I assume it must be something to do with how the current password is retrieved from the database so here is my code to retrieve the password from the database:

 

$password = mysql_query("SELECT password FROM users WHERE user_id = '$uid'")
OR DIE(mysql_error());
$row = mysql_fetch_assoc($password);
$password = $row['password'];

 

I displayed the contents of what each variable contained to check and this is what I was given:

Passowrd in DB: 37e455b94f62fb0d

Current password to match password in DB: comps10

Typed in new password: hello

Confirmation of password typed in: hello

 

Cheers

Link to comment
https://forums.phpfreaks.com/topic/76221-solved-change-passwordphp/
Share on other sites

The query you have give me gives a result of Resource id #9 which wont work for this situation?

 

When the user types in the current password to see if the password matches that in the DB it is not encrypted as it never enters the DB its just a variable used to check whether the 2 match.

 

Im getting confused about this now, I have the rest of the code in place to check they all match, I just cant get the current password to match what is the in the database!

 

Cheers

 

 

Why do people use PASSWORD instead of md5 or sha1?

 

What will you do if your DB crashes or they move you to a different sql server?

 

I use it because I have only been doing PHP for 1 week and that is just what I saw from the book I was learning from. Not everyone is a professional.

 

Elliot

<?php
if (isset($_POST['submit2'])) {

$oldpassword = escape_data($_POST['oldpassword']);
$newpassword = escape_data($_POST['newpassword']);
$confirmnew = escape_data($_POST['confirmnew']);

$password = mysql_query("SELECT password FROM users WHERE user_id = '$uid' and password = PASSWORD('$password')")
OR DIE(mysql_error());

if ($oldpassword == $password) {
if ($newpassword == $confirmnew) {
$update = "UPDATE users SET password='$confirmnew' where user_id='$uid'" or die(mysql_error());
mysql_query($update) or die(mysql_error());
echo '<h3>Password Changed!</h3>';
} else {
echo '<h3>New password and confirmed password to not match</h3>';
}
} else {
echo '<h3>Current passwords do not match</h3>';
}
}
?>

 

Thanks

try this

 

<?php
if (isset($_POST['submit2'])) {
$oldpassword = escape_data($_POST['oldpassword']);
$newpassword = escape_data($_POST['newpassword']);
$confirmnew = escape_data($_POST['confirmnew']);
//WHERE is $uid comming from ?
$password = mysql_query("SELECT password FROM users WHERE user_id = '$uid' and password = 'PASSWORD('$password')'")
OR DIE(mysql_error());

if(mysql_num_rows($password)>0)
{
	if ($newpassword == $confirmnew)
	{
		$update = "UPDATE users SET password = 'PASSWORD('$password')' where user_id='$uid'" or die(mysql_error());
		mysql_query($update) or die(mysql_error());
		echo '<h3>Password Changed!</h3>';
	} else {
		echo '<h3>New password and confirmed password to not match</h3>';
	}
} else {
	echo '<h3>Current passwords do not match</h3>';
}
}
?>

 

EDIT: quick fix

 

WHERE is $uid comming from ?

 

 

$uid is a function which get the details for the user logged in.

 

An error occured in script c:\program files\easyphp1-8\www\html\personal.php on line 170: Undefined variable: password

 

Line 170:

$password = mysql_query("SELECT password FROM users WHERE user_id = '$uid' and password = PASSWORD('$password')")

$uid is a function which get the details for the user logged in.

 

What.. $uid is NOT a function!

 

where is it set?

 

<?php
if (isset($_POST['submit2'])) {
$oldpassword = escape_data($_POST['oldpassword']);
$newpassword = escape_data($_POST['newpassword']);
$confirmnew = escape_data($_POST['confirmnew']);
//WHERE is $uid comming from ?
$password = mysql_query("SELECT password FROM users WHERE user_id = '$uid' and password = 'PASSWORD('$confirmnew')'")
OR DIE(mysql_error());

if(mysql_num_rows($password)>0)
{
	if ($newpassword == $confirmnew)
	{
		$update = "UPDATE users SET password = 'PASSWORD('$newpassword')' where user_id='$uid'" or die(mysql_error());
		mysql_query($update) or die(mysql_error());
		echo '<h3>Password Changed!</h3>';
	} else {
		echo '<h3>New password and confirmed password to not match</h3>';
	}
} else {
	echo '<h3>Current passwords do not match</h3>';
}
}
?>

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.