Jump to content

Change Password Script


Adthegreat

Recommended Posts

Hey,
I'm making a page for my users to change their passwords, you fill out a form where you type in your email, old pass new password and confirm your new password.

My PHP Code is
[code]
<?php
session_start();
include ("mysqlconnect.php");
if ($_POST[submitted] != 'TRUE')
   {
    header ("Location: profile.php");
   }

if ($_POST[password] || $_POST[password1] || $_POST[email] == "")
    {
    $sql = "SELECT email AND password FROM Member WHERE username = '{$_SESSION[username]}'";
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result,MYSQL_NUM);
    if($row[0] == $_POST[email] && $row[1] == $_POST[password])
        {
        if( $_POST[password1] == $_POST[password2])
             {
             $newpass = md5($row[1]);
             $sql2 = "UPDATE Member SET password = $newpass WHERE username = '{$_SESSION[username]}'";
             $result2 = mysql_query($sql2);
             if(mysql_affected_row() == 1)
                 {
                  //if it ran okay
                  echo "Your password has been updated.";

                 }
             else
                 {
                  //if it did not run okay
                  echo "Your password could not be updated, please contact an admin.";
                  }
          echo "Your passwords did not match";
      }
    echo"Could not find the email or password in the database";
   }
  echo"Please fill in all the fields";
}
?>
[/code]

And unfortunatley when i go to this page, it is just white. No error messages or anything! I have checked that all $_POST variables all going through to the page okay, so it must be something else that is making it not work. The thing that is getting me is that it isnt showing any error messages just not appearing.

Thanks in Advance.
Link to comment
Share on other sites

Well i've done that and it is still a white screen.

[code]
<?php
session_start();
include ("mysqlconnect.php");

if ($_POST[submitted] != 'TRUE')
   {
    header ("Location: profile.php");
   }

if ($_POST[password] || $_POST[password1] || $_POST[email] = "")
{
header ("location : profile.php");
}
else{
    $sql = "SELECT email AND password FROM Member WHERE username = '{$_SESSION[username]}'";
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result,MYSQL_NUM);
    if($row[0] == $_POST[email] && $row[1] == $_POST[password])
        {
        if( $_POST[password1] == $_POST[password2])
             {
             $newpass = md5($row[1]);
             $sql2 = "UPDATE Member SET password = $newpass WHERE username = '{$_SESSION[username]}'";
             $result2 = mysql_query($sql2);
             if(mysql_affected_row() == 1)
                 {
                  //if it ran okay
                  echo "Your password has been updated.";

                 }
             else
                 {
                  //if it did not run okay
                  echo "Your password could not be updated, please contact an admin.
                  }
          echo "Your passwords did not match";
      }
    echo"Could not find the email or password in the database";
   }
  
}
?>
[/code]
Link to comment
Share on other sites

You also have several errors, like you should put quotes within post arrays, $_POST[[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--]password[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--]] and misspelling of mysql_affected_row[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]s[!--colorc--][/span][!--/colorc--]
You also seem to be updating the users profile with a new md5 version of the already stored password, isn't it the two posted matching passwords that is supposed to be the users new password?

i've tried to help you out with this snippet, test it and see what u get
[code]

<?php
session_start();
include ("mysqlconnect.php");

if(isset($_POST['submitted']))
{
if(!empty($_SESSION['username']) || !empty($_POST['password']) || !empty($_POST['password1']) ||  !empty($_POST['password2']) || !empty($_POST['email']))
{
if($_POST['password1'] == $_POST['password2'])
{
$username = htmlspecialchars($_SESSION['username']);
foreach( $_POST as $key => $value )
{
${$key} = htmlspecialchars($value);
}
$md_pass = md5($password);
$sql = mysql_query("SELECT email FROM Member WHERE password = '$md_pass' AND username = '$username' AND email = '$email'");
if(mysql_num_rows($sql<>1))
{
// unique user row not found
// old password or email is probably incorrect since the
// session username is most lightly to be correct when the
// user has made it to this page in the first place ???
echo "You have entered some incorrect data and cannot change your password";
}
else
{
$new_md_pass = md5($password1);
$sql2 = mysql_query("UPDATE Member SET password = '$new_md_pass' WHERE password = '$md_pass' AND username = '$username' AND email = '$email'");
if(mysql_affected_rows() == 1)
{
// if password was changed
echo "Your password has been updated.";
}
else
{
// password was not changed either due to query failure OR user has entered the same password as the one stored
echo "Your password was NOT changed.";
}
}
}
else
{
echo "Your new passwords did not match";
}
}
else
{
echo "You need to fill in all fields";
}
}
else
{
header ("location : profile.php");
exit();
}
?>

[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.