Jump to content


Photo

Change Password Script


  • Please log in to reply
5 replies to this topic

#1 Adthegreat

Adthegreat
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 13 May 2006 - 07:48 PM

Hey,
I'm making a page for my users to change their passwords, you fill out a form where you type in your email, old pass new password and confirm your new password.

My PHP Code is
<?php
session_start();
include ("mysqlconnect.php");
if ($_POST[submitted] != 'TRUE')
   {
    header ("Location: profile.php");
   }

if ($_POST[password] || $_POST[password1] || $_POST[email] == "")
    {
    $sql = "SELECT email AND password FROM Member WHERE username = '{$_SESSION[username]}'";
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result,MYSQL_NUM);
    if($row[0] == $_POST[email] && $row[1] == $_POST[password])
        {
        if( $_POST[password1] == $_POST[password2])
             {
             $newpass = md5($row[1]);
             $sql2 = "UPDATE Member SET password = $newpass WHERE username = '{$_SESSION[username]}'";
             $result2 = mysql_query($sql2);
             if(mysql_affected_row() == 1)
                 {
                  //if it ran okay
                  echo "Your password has been updated.";

                 }
             else
                 {
                  //if it did not run okay
                  echo "Your password could not be updated, please contact an admin.";
                  }
          echo "Your passwords did not match";
      }
    echo"Could not find the email or password in the database";
   }
  echo"Please fill in all the fields";
}
?> 

And unfortunatley when i go to this page, it is just white. No error messages or anything! I have checked that all $_POST variables all going through to the page okay, so it must be something else that is making it not work. The thing that is getting me is that it isnt showing any error messages just not appearing.

Thanks in Advance.

#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 13 May 2006 - 08:00 PM

if ($_POST[password] || $_POST[password1] || $_POST[email] == "")
{

you have your script set to only do what it's supposed to do if they are equal to nothing. i think maybe you meant != ""
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 Adthegreat

Adthegreat
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 13 May 2006 - 08:10 PM

Well i've done that and it is still a white screen.

<?php
session_start();
include ("mysqlconnect.php");

if ($_POST[submitted] != 'TRUE')
   {
    header ("Location: profile.php");
   }

if ($_POST[password] || $_POST[password1] || $_POST[email] = "")
{
header ("location : profile.php");
}
 else{
    $sql = "SELECT email AND password FROM Member WHERE username = '{$_SESSION[username]}'";
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result,MYSQL_NUM);
    if($row[0] == $_POST[email] && $row[1] == $_POST[password])
        {
        if( $_POST[password1] == $_POST[password2])
             {
             $newpass = md5($row[1]);
             $sql2 = "UPDATE Member SET password = $newpass WHERE username = '{$_SESSION[username]}'";
             $result2 = mysql_query($sql2);
             if(mysql_affected_row() == 1)
                 {
                  //if it ran okay
                  echo "Your password has been updated.";

                 }
             else
                 {
                  //if it did not run okay
                  echo "Your password could not be updated, please contact an admin.
                  }
          echo "Your passwords did not match";
      }
    echo"Could not find the email or password in the database";
   }
  
}
?>


#4 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 13 May 2006 - 08:16 PM

no, all you did was change == to =

you need to change it to !=
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#5 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 14 May 2006 - 05:12 AM

You also have several errors, like you should put quotes within post arrays, $_POST[[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--]password[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--]] and misspelling of mysql_affected_row[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]s[!--colorc--][/span][!--/colorc--]
You also seem to be updating the users profile with a new md5 version of the already stored password, isn't it the two posted matching passwords that is supposed to be the users new password?

i've tried to help you out with this snippet, test it and see what u get

<?php
session_start();
include ("mysqlconnect.php");

if(isset($_POST['submitted']))
{
if(!empty($_SESSION['username']) || !empty($_POST['password']) || !empty($_POST['password1']) ||  !empty($_POST['password2']) || !empty($_POST['email']))
{
if($_POST['password1'] == $_POST['password2'])
{
$username = htmlspecialchars($_SESSION['username']);
foreach( $_POST as $key => $value )
{
 ${$key} = htmlspecialchars($value);
}
$md_pass = md5($password);
$sql = mysql_query("SELECT email FROM Member WHERE password = '$md_pass' AND username = '$username' AND email = '$email'");
if(mysql_num_rows($sql<>1))
{
// unique user row not found
// old password or email is probably incorrect since the
// session username is most lightly to be correct when the
// user has made it to this page in the first place ???
echo "You have entered some incorrect data and cannot change your password";
}
else
{
$new_md_pass = md5($password1);
$sql2 = mysql_query("UPDATE Member SET password = '$new_md_pass' WHERE password = '$md_pass' AND username = '$username' AND email = '$email'");
if(mysql_affected_rows() == 1)
{
// if password was changed
echo "Your password has been updated.";
}
else
{
// password was not changed either due to query failure OR user has entered the same password as the one stored
echo "Your password was NOT changed.";
}
}
}
else
{
echo "Your new passwords did not match";
}
}
else
{
echo "You need to fill in all fields";
}
}
else
{
header ("location : profile.php");
exit();
}
?>



#6 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 14 May 2006 - 05:29 AM

putting quotes around the post array key is not technically a requirement but should always be practiced because it could lead to problems under certain circumstances.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users