fri3ndly Posted January 3, 2008 Share Posted January 3, 2008 Hello all, im fairly new to php and a mysql beginner. I have created a login system for users that will contain their own downloads page, however I am trying to implement a change password screen. So far I have come up with the following, but I always get 'Error, query failed' and the password is not updated: FORM: <div id="password"> <form name="password" method="post" action="<?php echo $PHP_SELF; ?>"> <p>Current Password: <label> <br/> <input name="currentpass" type="password" id="currentpass" size="10" maxlength="15"> </label> </p> <p>New Password: <label> <br/> <input name="newpass" type="password" id="newpass" size="10" maxlength="15"> </label> </p> <p>Confirm New Password: <label> <br/> <input name="confirmnewpass" type="password" id="confirmnewpass" size="10" maxlength="15"> </label> </p> <p> <label> <input type="submit" name="submit" value="Submit"> </label> </p> </form> </div> SCRIPT: <?php // retrieve the session information $u = $_SESSION['username']; $uid = $_SESSION['loginid']; // Post variables $currentpass = $_POST['currentpass']; $newpass = $_POST['newpass']; $confirmnewpass = $_POST['confirmnewpass']; $submit = $_POST['submit']; //This code runs if the form has been submitted if (isset($submit)) { //This makes sure they did not leave any fields blank if (!$currentpass | !$newpass | !$confirmnewpass) { echo'<p>You did not complete all of the required fields.</p>'; error==1; } // checks database password $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // checks entered password $currentpass = md5(strip_tags($currentpass)); // compares passwords if ($passcheck != $currentpass) { echo '<p>Incorrect password.</p>'; $error==1; } // this makes sure both passwords entered match if ($confirmnewpass != $newpass) { echo'<p>Your new passwords did not match.</p>'; $error==1; } // here we encrypt the password and add slashes if needed $newpass = md5(strip_tags($newpass)); if (!get_magic_quotes_gpc()) { $newpass = addslashes($newpass); } // now we insert it into the database //$query = "UPDATE login SET password = PASSWORD('$newpass')". "WHERE user = '$u'"; $query = "UPDATE login SET password = '$newpass' WHERE user = '$u'"; echo "$newpass"; mysql_query($query) or die('Error, query failed'); $error==0; // now we let them know if their password change was succesful if ($error==0){ echo "<p>Your Password has been changed.</p>"; } }else{ echo 'There was an error whilst changing your password'; } ?> It is not working and I cannot figure out why. The script also produces multiple messages which I need to sort out. Can somebody lead me in the right direction as to making sure each section is complete before mysql looks at the next, and tell me what is wrong? Thanks Quote Link to comment Share on other sites More sharing options...
awpti Posted January 3, 2008 Share Posted January 3, 2008 Well, what's the content of $_SESSION['username']? <?php // retrieve the session information echo $_SESSION['username']; ?> Post the errors, too. Not enough info here. I'm assuming at this point. Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 Add this to the end of the msql to get the sql error or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 Well, what's the content of $_SESSION['username']? <?php // retrieve the session information echo $_SESSION['username']; ?> This simply checks to see the session has started and check their username, in this case 'admin' Post the errors, too. Not enough info here. I'm assuming at this point. The error is 'Unknown column 'user' in 'where clause' - lol ignore me I am such an idiot, i was checking for 'user' instead of 'username' Thanks for telling me how to output the error Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 The script now works, but my problem is validation. Please can someone show me how I can make this script only show 'Your password has been updated' if it has been updated. At the moment you will see at the bottom of the script it compares the entered password to the database password, but this method only works if you refresh the page as the script has already run, adn from then on it shows it on every page.... <?php // retrieve the session information $u = $_SESSION['username']; $uid = $_SESSION['loginid']; // Post variables $currentpass = $_POST['currentpass']; $newpass = $_POST['newpass']; $confirmnewpass = $_POST['confirmnewpass']; $submit = $_POST['submit']; //This code runs if the form has been submitted if (isset($submit)) { $errors=0; //This makes sure they did not leave any fields blank if (!$currentpass | !$newpass | !$confirmnewpass) { $errors=1; echo'<p>You did not complete all of the required fields.</p>'; } // checks database password $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // checks entered password $currentpass = md5(strip_tags($currentpass)); // compares passwords if ($passcheck != $currentpass) { $errors=1; echo '<p>- Incorrect password.</p>'; } // this makes sure both passwords entered match if ($confirmnewpass != $newpass) { $errors=1; echo'<p>- Your new passwords did not match.</p>'; } // here we encrypt the password and add slashes if needed $newpass = md5(strip_tags($newpass)); if (!get_magic_quotes_gpc()) { $newpass = addslashes($newpass); } // now we insert it into the database $query = "UPDATE login SET password = '$newpass' WHERE username = '$u'"; mysql_query($query) or die(mysql_error()); // re-check database password to see if the update has taken place $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // now we let them know if their password change was succesful if ($passcheck==$newpass){ echo "<p>Your Password has been changed.</p>"; }else{ echo "There was an error whilst changing your password"; } } ?> Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 You need to name your queries differently. Try this <?php // retrieve the session information $u = $_SESSION['username']; $uid = $_SESSION['loginid']; // Post variables $currentpass = $_POST['currentpass']; $newpass = $_POST['newpass']; $confirmnewpass = $_POST['confirmnewpass']; $submit = $_POST['submit']; //This code runs if the form has been submitted if (isset($submit)) { $errors=0; //This makes sure they did not leave any fields blank if (!$currentpass | !$newpass | !$confirmnewpass) { $errors=1; echo'<p>You did not complete all of the required fields.</p>'; } // checks database password $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // checks entered password $currentpass = md5(strip_tags($currentpass)); // compares passwords if ($passcheck != $currentpass) { $errors=1; echo '<p>- Incorrect password.</p>'; } // this makes sure both passwords entered match if ($confirmnewpass != $newpass) { $errors=1; echo'<p>- Your new passwords did not match.</p>'; } // here we encrypt the password and add slashes if needed $newpass = md5(strip_tags($newpass)); if (!get_magic_quotes_gpc()) { $newpass = addslashes($newpass); } // now we insert it into the database $query = "UPDATE login SET password = '$newpass' WHERE username = '$u'"; mysql_query($query) or die(mysql_error()); // re-check database password to see if the update has taken place $passcheck1 = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck1 = $row['password']; // now we let them know if their password change was succesful if ($passcheck1==$newpass){ echo "<p>Your Password has been changed.</p>"; }else{ echo "There was an error whilst changing your password"; } } ?> Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 Thanks, though I got the following error: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\wamp\www\Login_System2\changepass.php on line 83 There was an error whilst changing your password Quote Link to comment Share on other sites More sharing options...
rajivgonsalves Posted January 3, 2008 Share Posted January 3, 2008 this if (!$currentpass | !$newpass | !$confirmnewpass) { should be if (empty($currentpass) || empty($newpass) || empty($confirmnewpass)) { thats number 1 looking at the other code... Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 whats on line 83? Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 whats on line 83? $row = mysql_fetch_assoc( $passcheck ); Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 change to $row = mysql_fetch_assoc($passcheck1); Remeber we renamed the query Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 I did think that may have been the problem. OK, no error now, but 'Password changed' is still shown when a new password has not been entered. Would it be easier if I send the files to you? Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 well that is correct. If the user submits the form even with a blank password everything will be changed. Your code is saying if submit is pressent run all this code. if (isset($submit)) { $errors=0; Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 this should work <?php // retrieve the session information $u = $_SESSION['username']; $uid = $_SESSION['loginid']; // Post variables $currentpass = $_POST['currentpass']; $newpass = $_POST['newpass']; $confirmnewpass = $_POST['confirmnewpass']; $submit = $_POST['submit']; //This code runs if the form has been submitted if (isset($submit)) { $errors=0; //This makes sure they did not leave any fields blank if (!$currentpass | !$newpass | !$confirmnewpass) { $errors=1; echo'<p>You did not complete all of the required fields.</p>'; } // checks database password $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // checks entered password $currentpass = md5(strip_tags($currentpass)); // compares passwords if ($passcheck == $currentpass) { $errors=1; echo '<p>- Incorrect password.</p>'; } // this makes sure both passwords entered match if ($confirmnewpass != $newpass) { $errors=1; echo'<p>- Your new passwords did not match.</p>'; } // here we encrypt the password and add slashes if needed $newpass = md5(strip_tags($newpass)); if (!get_magic_quotes_gpc()) { $newpass = addslashes($newpass); } // now we insert it into the database $query = "UPDATE login SET password = '$newpass' WHERE username = '$u'"; mysql_query($query) or die(mysql_error()); // re-check database password to see if the update has taken place $passcheck1 = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck1 ); $passcheck1 = $row['password']; // now we let them know if their password change was succesful if ($passcheck1==$newpass){ echo "<p>Your Password has been changed.</p>"; }else{ echo "There was an error whilst changing your password"; } } ?> Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 The errors=0 doesnt actually mean anything as it is not requested in the result, forgot I left it in there. ------------------------------------------------------------------------------------------- Thanks, now it says '- Incorrect password' and 'Your password has been updated'. It also updates the password. Sorry to be a pain!! Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 was my mistake. This should do the trick <?php // retrieve the session information $u = $_SESSION['username']; $uid = $_SESSION['loginid']; // Post variables $currentpass = $_POST['currentpass']; $newpass = $_POST['newpass']; $confirmnewpass = $_POST['confirmnewpass']; $submit = $_POST['submit']; //This code runs if the form has been submitted if (isset($submit)) { $errors=0; // checks entered password $currentpass = md5(strip_tags($currentpass)); // compares passwords if ($passcheck == $currentpass) { $errors=1; echo '<p>- Incorrect password.</p>'; } else { //This makes sure they did not leave any fields blank if (!$currentpass | !$newpass | !$confirmnewpass) { $errors=1; echo'<p>You did not complete all of the required fields.</p>'; } // checks database password $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // this makes sure both passwords entered match if ($confirmnewpass != $newpass) { $errors=1; echo'<p>- Your new passwords did not match.</p>'; } // here we encrypt the password and add slashes if needed $newpass = md5(strip_tags($newpass)); if (!get_magic_quotes_gpc()) { $newpass = addslashes($newpass); } // now we insert it into the database $query = "UPDATE login SET password = '$newpass' WHERE username = '$u'"; mysql_query($query) or die(mysql_error()); // re-check database password to see if the update has taken place $passcheck1 = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck1 ); $passcheck1 = $row['password']; // now we let them know if their password change was succesful if ($passcheck1==$newpass){ echo "<p>Your Password has been changed.</p>"; }else{ echo "There was an error whilst changing your password"; } } } ?> Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 Ah thats good, thanks....theres one last problem though Iv just noticed.... The Password is still being updated even if the password and confirm password are different.... Please correct this for me you legend! Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 <?php // retrieve the session information $u = $_SESSION['username']; $uid = $_SESSION['loginid']; // Post variables $currentpass = $_POST['currentpass']; $newpass = $_POST['newpass']; $confirmnewpass = $_POST['confirmnewpass']; $submit = $_POST['submit']; //This code runs if the form has been submitted if (isset($submit)) { $errors=0; // checks entered password $currentpass = md5(strip_tags($currentpass)); // compares passwords if ($passcheck == $currentpass) { $errors=1; echo '<p>- Incorrect password.</p>'; } else { //This makes sure they did not leave any fields blank if (!$currentpass | !$newpass | !$confirmnewpass) { $errors=1; echo'<p>You did not complete all of the required fields.</p>'; } // checks database password $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // this makes sure both passwords entered match if ($confirmnewpass == $newpass) { $errors=1; echo'<p>- Your new passwords did not match.</p>'; // here we encrypt the password and add slashes if needed $newpass = md5(strip_tags($newpass)); if (!get_magic_quotes_gpc()) { $newpass = addslashes($newpass); } // now we insert it into the database $query = "UPDATE login SET password = '$newpass' WHERE username = '$u'"; mysql_query($query) or die(mysql_error()); // re-check database password to see if the update has taken place $passcheck1 = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck1 ); $passcheck1 = $row['password']; // now we let them know if their password change was succesful if ($passcheck1==$newpass){ echo "<p>Your Password has been changed.</p>"; } } else{ echo "There was an error whilst changing your password"; } } } ?> Hopefully that will work. I am at uni and can't test the code Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 Oh right, I really appreciate your help I get this when the password DO match and the password is updated: - Your new passwords did not match. Your Password has been changed. Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 <?php // retrieve the session information $u = $_SESSION['username']; $uid = $_SESSION['loginid']; // Post variables $currentpass = $_POST['currentpass']; $newpass = $_POST['newpass']; $confirmnewpass = $_POST['confirmnewpass']; $submit = $_POST['submit']; //This code runs if the form has been submitted if (isset($submit)) { $errors=0; // checks entered password $currentpass = md5(strip_tags($currentpass)); // compares passwords if ($passcheck == $currentpass) { $errors=1; echo '<p>- Incorrect password.</p>'; } else { //This makes sure they did not leave any fields blank if (!$currentpass | !$newpass | !$confirmnewpass) { $errors=1; echo'<p>You did not complete all of the required fields.</p>'; } // checks database password $passcheck = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck ); $passcheck = $row['password']; // this makes sure both passwords entered match if ($confirmnewpass == $newpass) { // here we encrypt the password and add slashes if needed $newpass = md5(strip_tags($newpass)); if (!get_magic_quotes_gpc()) { $newpass = addslashes($newpass); } // now we insert it into the database $query = "UPDATE login SET password = '$newpass' WHERE username = '$u'"; mysql_query($query) or die(mysql_error()); // re-check database password to see if the update has taken place $passcheck1 = mysql_query("SELECT password FROM login WHERE username='$u'") or die(mysql_error()); $row = mysql_fetch_assoc( $passcheck1 ); $passcheck1 = $row['password']; // now we let them know if their password change was succesful if ($passcheck1==$newpass){ echo "<p>Your Password has been changed.</p>"; } } else{ echo "There was an error whilst changing your password"; $errors=1; } } } ?> Quote Link to comment Share on other sites More sharing options...
fri3ndly Posted January 3, 2008 Author Share Posted January 3, 2008 Sorted, Thanks Quote Link to comment Share on other sites More sharing options...
adam291086 Posted January 3, 2008 Share Posted January 3, 2008 one last thing. You are setting $error = 1 when there is a problem. You aren't refereing to this variable at any point in the code you have shown me. Therefore you can remove it. Unless you are refering to it later on in the script Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.