Jump to content

Change pw code (password shows in url) help


VirusDoctor

Recommended Posts

Hi guys, before I get completely shouted at here, i know that if one uses the $_GET method its going to show in the url, I just cant seem to find a way around using it for what I'm trying to do.

 

I have a members.php page, in the page are two columns, options on the left and the content for the options on the right (when the relevant option is chosen). Now $_GET works perfectly for every other option as they are not sensitive data but for the pw change, I dont want the pw to show in the url when submitting. Here is my code, any suggestions or fixes welcome.

 

<?php
session_start();
if (isset($_SESSION[my_loginstatus]))
{
require_once("header.php");
require("std_config.php");?>

<div class="nav">

<?= buildHeading ("Members Area"); ?>
<table class="options" width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="25%" style="border-left: 1px solid #CCCCCC; border-right: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 4px;"><table width="100%" border="0" cellspacing="0" cellpadding="2">
      <tr>
        <td><?php echo ("<div class='notice'>Welcome</div><div class='error'>".$_SESSION['name']." ".$_SESSION['surname']."</div><div class='notice2'><hr> Account Balance: R0.00<hr></div>"); ?> </td>
        </tr>
    </table>
</table>
<br>

<?= buildHeading ("Account Options"); ?>
<table class="options" width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="25%" style="border-left: 1px solid #CCCCCC; border-right: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 4px;"><table width="100%" border="0" cellspacing="0" cellpadding="2">
      <tr>
        <td><a href="members.php?go=pwreset">Reset Password </a></td>
        </tr>
  
  <tr>
        <td>Change Email Address</td>
      	</tr>
      	
      <tr>
        <td>Change Address</td>
        </tr>
      
  <tr>
        <td>Pay Account</td>
        </tr>
        
      <tr>
        <td>Invoice History</td>
        </tr>
        
    
    </table>
      </table>
      <br>
      
<?= buildHeading ("Auction Options"); ?>
<table class="options" width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="25%" style="border-left: 1px solid #CCCCCC; border-right: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 4px;"><table width="100%" border="0" cellspacing="0" cellpadding="2">
      <tr>
        <td title="All auctions you have won.">Auctions Won</td>
        </tr>
  
  <tr>
        <td title="All auctions you're currently winning.">Auctions You're Winning</td>
      	</tr>
      	
      <tr>
        <td title="All items you have sold.">Sold Items</td>
        </tr>
      
  <tr>
        <td title="Items currently on sale from you.">Items You're Selling</td>
        </tr>
        
      <tr>
        <td>Auction History</td>
        </tr>
        
</table>  
    </table>
</div>  

<div class="content"><?= buildHeading ("Values"); ?>
<form method="GET" action="">
<?php 
// If the user selected "reset password" from the left menu.
if ($_GET['go'] == 'pwreset')
{
echo '<table align=center class="align">
		<tr>
			<td>
				<br><br><br><br><br><br><br><br>Are you sure you want to reset your current password? <br><br>
			</td>
	</tr>
		<tr>
			<td><div style="center2">
				<input class="buttons" name="pw_change" type="submit" id="yes" value="Yes">
				<input class="buttons" name="option" type="submit" id="no" value="No"></div>
			</td>
	</tr>

	</table>';
}?></form>

<form method="POST" action="">
<?php 
// If the user selected Yes, they want to reset their password.
if ($_GET['pw_change'])
{
echo '<table align=center class="align">
	<tr>
			<td>
				<br><br><br><br><br><div class=notice>Please enter your new password.</div> <br><br>
		</td>
</tr>
	<table align=center class="regTable3" border="1">
	<tr>
			<td class="bgcolor"> Current Password:
		</td>
			<td class="inputbox">
				<input class="textinput" type = "password" name = "password" size="17">
		</td>
</tr>
	<tr>
			<td class="bgcolor"> New Password:
		</td>
			<td class="inputbox">
				<input class="textinput" type = "password" name = "password" size="17">
		</td>
</tr>
	<tr>		<td class="bgcolor"> Confirm Password:
		</td>
			<td class="inputbox">
				<input class="textinput" type = "password" name = "confirm" size="17">
		</td>
</tr>
	</table>
<br>
	<div class=align>
            <input class="buttons" name="submit" type="submit" id="login" value="Submit">
        </div>

</table>';

} ?></form>

<?php 
// If the user entered a new password and clicked submit.
if ($_GET['submit'])

{
$password = md5($_GET['password']);
$password2 = ($_GET['password']);
$username = $_SESSION['username'];
$check = mysql_query("SELECT password FROM users 
WHERE password='$password' AND username='$username'") or die (mysql_error());
$row = mysql_fetch_assoc($check);

// Check if a users current password is equal to their stored password.
if ($row['password'] != $password)
	{
	echo "<br><br><br><br><br><br><div class=error>Your current password is incorrect.</div>";	
	}
// Check if password and confirmation passwords match.
else if (!$_GET['password'])
	{
	echo "<br><br><br><br><br><br><div class=error>Please enter a password before pressing Submit.</div>";
	}

else if ($_GET['password'] != ($_GET['confirm']))
	{
	echo "<br><br><br><br><br><br><div class=error>Your password and confirmation passwords do not match.</div>";
	}
// If they do match, update the database, tell the user password has changed and log them out.
else
{
	$email = ($_SESSION['email']);
	$query = mysql_query("SELECT actkey FROM users WHERE email = '$email' LIMIT 1") or die(mysql_error());
	$row2 = mysql_fetch_assoc($query);
	$act = $row2['actkey'];
	mysql_query("UPDATE users SET password='$password' WHERE username='$username'") or die (mysql_error());
	mysql_query("UPDATE users SET activated='0' WHERE username='$username'") or die (mysql_error());

	$send = mail($email , "Re-activate your account" , 
		"You recently requested a password change which requires your account to be re-activated.
		\nYour new password is $password2
		\n\nClick the link below to activate your account:
		\nhttp://www.bidders.co.za/activate.php?id=".$act."
		\n\nPlease do not reply, this is an automated mailer.
		\n\nThanks", "FROM: activate@bidders.co.za");
	echo "<br><br><br><br><br><br><div class=error>Your password has been changed and you will automatically be logged out. Please check your email address for instructions on how to re-activate your account</div>";
	session_destroy();
	echo '<meta http-equiv="refresh" content="3;url=logout.php" />';
}
}

?></div>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>

<?php
require("footer.php");
}
else
{
header("Location: login.php");
}
;?>

Link to comment
Share on other sites

Each time I try to POST it, the whole pw change html and code no longer works.

 

The problem is that I have to use $_GET for the link on the left which is:

 

<a href="members.php?go=pwreset">Reset Password </a>

 

Otherwise I have no idea how to tell the code that should be on the right hand side to be triggered to show.

 

The code that shows the pw change form is:

 

<form method="GET" action="">
<?php 
// If the user selected "reset password" from the left menu.
if ($_GET['go'] == 'pwreset')
{
echo '<table align=center class="align">
		<tr>
			<td>
				<br><br><br><br><br><br><br><br>Are you sure you want to reset your current password? <br><br>
			</td>
	</tr>
		<tr>
			<td><div style="center2">
				<input class="buttons" name="pw_change" type="submit" id="yes" value="Yes">
				<input class="buttons" name="option" type="submit" id="no" value="No"></div>
			</td>
	</tr>

	</table>';
}?></form>

 

Using $_POST does nothing.

Link to comment
Share on other sites

Hi, I tried that, but when thats done and you click on the link to show the pw change form, nothing happens.

 

<a href="members.php?go=pwreset">Reset Password [/url]

 

Keep in mind that the link above and the code to change the pw (form) aswell as a few other changes like email etc are also done in the same php file.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.