...

View Full Version : Change password script



bucket
08-27-2009, 05:02 PM
Hi everyone!

I am building a user profile page. My database has been set up. I want to let users to change their pass word in their profile. Can anyone provide a PHP script for doing this? Thanks!

This is the information:
Table Name: members
Columns

+------------+----------+-----------+
| member_id | login | passwd |
+------------+----------+-----------+
| 1 | testing | testing |
+------------------------------------+

Thats the structure.

Basicly I need a form to change the password for the member.

Fumigator
08-27-2009, 05:15 PM
This is a work request and should be moved to that forum.

bucket
08-27-2009, 05:17 PM
Its not tho, its a simple script. :P

Fumigator
08-27-2009, 05:24 PM
Yes, it is simple... and not written yet. Someone may write it for you out of the goodness of their heart, but I call that slavery. This forum is not here for you to get free work out of people, it's here for you to learn how to code PHP. It's annoying to see you begging.

bucket
08-27-2009, 05:27 PM
I currently have this:


<?
session_start();
session_register("session");
//if(!isset($session['userid'])){
//echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>";
//exit;
//}
// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
if (!isset($_POST['password1'])) {
?>
<h2>Change password! <? echo $_SESSION['email_address']; ?></h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<p class="style3"><label for="password1"">New password:</label>
<input type="password" title="Please enter a password" name="password1" size="30"></p>
<p class="style3"><label for="password2">Re-enter Password:</label>
<input type="password" title="Please re-enter password" name="password2" size="30"></p>
<p style="stext-align:left"><label for="submit">&nbsp</label>
<input type="submit" value="Change" class="submit-button"/></p>
</form>
<?php
}
elseif (empty($password1) || empty($password2)) {
echo $empty_fields_message;
}
else {
include 'includes/connection.php';
$db_password1=md5(mysql_real_escape_string($password1));
//Setting flags for checking
$status = "OK";
$msg="";
if ( strlen($password1) < 3 or strlen($password1) > 10 ){
$msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>";
$status= "NOTOK";}
if (strcmp( $password1,$password2 ) !=0){
$msg=$msg."Both passwords do not match<BR>";
$status= "NOTOK";}
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
if(mysql_query("update users set password='$db_password1' where userid='$session[userid]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $password1;
}
}
}

funnymoney
08-27-2009, 05:33 PM
i think this should get you started



$form =
<<<EOF
<form action="" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>
EOF;


if (isset($_POST['chpass'])) {
$sql = ("SELECT passwd FROM members WHERE member_id = '".$_POST['member']."'");
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
$pass = $row['passwd'];
}

if ($_POST['oldpass'] == $pass) {
mysql_query("UPDATE members SET passwd = '".$_POST['newpass']."' where member_id = '".$_POST['member']."'");
}
print_r($_POST);
}
else {
echo $form;
}

bucket
08-27-2009, 05:34 PM
Ok, is that the whole thing or just part of it, also what do the <<<EOF EOF; tags mean?

funnymoney
08-27-2009, 05:44 PM
Ok, is that the whole thing or just part of it, also what do the <<<EOF EOF; tags mean?

i just use them to write HTML a bit simpler.

this script, not tested, is supposed to on $_POST being set first select members password from members table.

then it checks weather that password is same as old password user used, and if that password is the same, it will update member with new password.

i inserted member_id here manually but if you have SESSION where that member ID is set, or any other way you can get current member id you can simply do this to add it to the form




if (!empty($_SESSION['member_id'])) {
$member = $_SESSION['member_id'];
}
else {
$member = FALSE;
}


$form =
<<<EOF
<form action="" method="POST">
<input type="hidden" name="member" value="$member" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>
EOF;


and then in the script you can check weather $member is set


if (isset($_POST['chpass'])) {

if ($_POST['member'] != "FALSE") {
$sql = ("SELECT passwd FROM members WHERE member_id = '".$_POST['member']."'");
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
$pass = $row['passwd'];
}

if ($_POST['oldpass'] == $pass) {
mysql_query("UPDATE members SET passwd = '".$_POST['newpass']."' where member_id = '".$_POST['member']."'");
}
print_r($_POST);
}
}
else {
echo "FALSE MEMBER";
}
else {
echo $form;
}

bucket
08-27-2009, 05:50 PM
Ok.

So the 2 things are:

Form:

<?php
if (!empty($_SESSION['member_id'])) {
$member = $_SESSION['member_id'];
}
else {
$member = FALSE;
}
?>

<form action="" method="POST">
<input type="hidden" name="member" value="$member" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>


The script:


<?php
include 'db.php';

if (isset($_POST['chpass'])) {

if ($_POST['member'] != "FALSE") {
$sql = ("SELECT passwd FROM members WHERE member_id = '".$_POST['member']."'");
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
$pass = $row['passwd'];
}

if ($_POST['oldpass'] == $pass) {
mysql_query("UPDATE members SET passwd = '".$_POST['newpass']."' where member_id = '".$_POST['member']."'");
}
print_r($_POST);
}
}
else {
echo "FALSE MEMBER";
}
else {
echo $form;
}
?>

funnymoney
08-27-2009, 05:53 PM
Ok.

So the 2 things are:

Form:

<?php
if (!empty($_SESSION['member_id'])) {
$member = $_SESSION['member_id'];
}
else {
$member = FALSE;
}
?>

$form =
<<<EOF
<form action="" method="POST">
<input type="hidden" name="member" value="$member" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>
EOF;




no form is like this


<?php
if (!empty($_SESSION['member_id'])) {
$member = $_SESSION['member_id'];
}
else {
$member = FALSE;
}


$form =
<<<EOF
<form action="" method="POST">
<input type="hidden" name="member" value="$member" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>
EOF;
?>

bucket
08-27-2009, 05:57 PM
Ok, and the form goes to what page?

bucket
08-27-2009, 05:58 PM
The form page shows up as a blank page.

funnymoney
08-27-2009, 06:05 PM
The form page shows up as a blank page.

form is just a variable now, you need to echo it in order to see it. i made this script to be just in one page, but if you made it into 2 pages then you need to echo $form variable on page1, and add form action to page2

something like this



<?php
if (!empty($_SESSION['member_id'])) {
$member = $_SESSION['member_id'];
}
else {
$member = FALSE;
}


$form =
<<<EOF
<form action="PAGE2SCRIPT.PHP" method="POST">
<input type="hidden" name="member" value="$member" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>
EOF;

echo $form;
?>


and then in PAGE2SCRIPT.PHP you need to change your if control structure to similar like this....


<?php
include 'db.php';

if (isset($_POST['chpass'])) {

if ($_POST['member'] != "FALSE") {
$sql = ("SELECT passwd FROM members WHERE member_id = '".$_POST['member']."'");
$result = mysql_query($sql);

while ($row = mysql_fetch_assoc($result)) {
$pass = $row['passwd'];
}

if ($_POST['oldpass'] == $pass) {
mysql_query("UPDATE members SET passwd = '".$_POST['newpass']."' where member_id = '".$_POST['member']."'");
}
##THIS IS USED JUST FOR TESTING PURPOSES
##YOU CAN UNCOMMENT IT TO SEE WHAT $POST
##VARS ARE SET
##print_r($_POST);
}
else {
echo "FALSE MEMBER";
}
}
?>

bucket
08-27-2009, 06:18 PM
When I try and change the pass it says:


Notice: Undefined variable: pass in /home/admin/website.com/admin/change-pass2.php on line 18

Line 18 is:

if ($_POST['oldpass'] == $pass) {

bucket
08-27-2009, 06:34 PM
Any luck fixing it?

funnymoney
08-27-2009, 07:02 PM
try this



$pass = "";
while ($row = mysql_fetch_assoc($result)) {
$pass .= $row['passwd'];
}

bucket
08-27-2009, 08:01 PM
It is not changing the password.

There are also no errors.

Phil Jackson
08-27-2009, 08:20 PM
<?php
if (isset($_POST['chpass']))
{
$member = $_POST['member'];
$newPass = $_POST['newpass'];
$result = mysql_query("SELECT * FROM `members` WHERE member_id = '$member'");
if(mysql_num_row($result)!=0))
{
$row = mysql_fetch_array($result);
$pass = $row['passwd'];
if (trim($_POST['oldpass']) == trim($pass))
{
mysql_query("UPDATE `members` SET passwd = '$newPass' where member_id = '$member'");
echo "password changed";
}
else
{
echo "old password incorrect";
}
}
else
{
echo "Could not find memeber";
}
}

?>

<form action="index.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>

bucket
08-27-2009, 08:22 PM
Thanks phil. :)

Also, index.php is not where the password changer is located.

its on passchange.php

So do I change the form action to it/

bucket
08-27-2009, 08:24 PM
The form isnt showing up...

I have no idea why.

Phil Jackson
08-27-2009, 08:28 PM
<?php
if (isset($_POST['chpass']))
{
$member = $_POST['member'];
$newPass = $_POST['newpass'];
$result = mysql_query("SELECT * FROM `members` WHERE member_id = '$member'");
if(mysql_num_row($result)!=0))
{
$row = mysql_fetch_array($result);
$pass = $row['passwd'];
if(strcmp($_POST['oldpass'], $pass) == 0)
{
$newPass = mysql_real_escape_string($newPass);
mysql_query("UPDATE `members` SET passwd = '$newPass' where member_id = '$member'");
echo "password changed";
}
else
{
echo "old password incorrect";
}
}
else
{
echo "Could not find memeber";
}
}

?>

<form action="index.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>


This one

Phil Jackson
08-27-2009, 08:29 PM
the form should show

bucket
08-27-2009, 08:30 PM
Still nothing, this is what I currently have.

I added:
include '../inc/config.php';


<?php

include '../inc/config.php';

if (isset($_POST['chpass']))
{
$member = $_POST['member'];
$newPass = $_POST['newpass'];
$result = mysql_query("SELECT * FROM `members` WHERE member_id = '$member'");
if(mysql_num_row($result)!=0))
{
$row = mysql_fetch_array($result);
$pass = $row['passwd'];
if(strcmp($_POST['oldpass'], $pass) == 0)
{
$newPass = mysql_real_escape_string($newPass);
mysql_query("UPDATE `members` SET passwd = '$newPass' where member_id = '$member'");
echo "password changed";
}
else
{
echo "old password incorrect";
}
}
else
{
echo "Could not find memeber";
}
}

?>

<form action="index.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>

Phil Jackson
08-27-2009, 08:38 PM
<?php
error_reporting(E_ALL);
$cofig = "../inc/config.php";
if(file_exists($config))
{
include($config);
}
else
{
echo "config dir incorrect";
}
echo "this is a test";
if (isset($_POST['chpass']))
{
$member = $_POST['member'];
$newPass = $_POST['newpass'];
$result = mysql_query("SELECT * FROM `members` WHERE member_id = '$member'");
if(mysql_num_row($result)!=0))
{
$row = mysql_fetch_array($result);
$pass = $row['passwd'];
if(strcmp($_POST['oldpass'], $pass) == 0)
{
$newPass = strip_tags(mysql_real_escape_string($newPass));
mysql_query("UPDATE `members` SET passwd = '$newPass' where member_id = '$member'");
echo "password changed";
}
else
{
echo "old password incorrect";
}
}
else
{
echo "Could not find memeber";
}
}

?>

<form action="index.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>

try this one

bucket
08-27-2009, 08:47 PM
Nope nothing. I add that to the page, and load that exact page?

Phil Jackson
08-27-2009, 08:50 PM
Put the above code on one seperate file. ONLY the code above. load it and what happens?

bucket
08-27-2009, 08:51 PM
I load it and a blank page shows up...

Phil Jackson
08-27-2009, 08:54 PM
are you using wamp or straight onto a server? there is no possible way it could be blank...

Phil Jackson
08-27-2009, 08:55 PM
just for safe keeping try this:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<?php
error_reporting(E_ALL);
$cofig = "../inc/config.php";
if(file_exists($config))
{
include($config);
}
else
{
echo "config dir incorrect";
}
echo "this is a test";
if (isset($_POST['chpass']))
{
$member = $_POST['member'];
$newPass = $_POST['newpass'];
$result = mysql_query("SELECT * FROM `members` WHERE member_id = '$member'");
if(mysql_num_row($result)!=0))
{
$row = mysql_fetch_array($result);
$pass = $row['passwd'];
if(strcmp($_POST['oldpass'], $pass) == 0)
{
$newPass = strip_tags(mysql_real_escape_string($newPass));
mysql_query("UPDATE `members` SET passwd = '$newPass' where member_id = '$member'");
echo "password changed";
}
else
{
echo "old password incorrect";
}
}
else
{
echo "Could not find memeber";
}
}

?>

<form action="index.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p><input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>

</body>
</html>

bucket
08-27-2009, 09:02 PM
I am using hosting I own. Its a vps.

Phil Jackson
08-27-2009, 09:03 PM
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<?php
error_reporting(E_ALL);
$config = "../inc/config.php";
if(file_exists($config))
{
include($config);
}
else
{
die("config dir incorrect<br />");
}

if (isset($_POST['chpass']))
{
$member = $_POST['member'];
$newPass = $_POST['newpass'];
$result = mysql_query("SELECT * FROM `members` WHERE member_id = '$member'");
if(mysql_num_rows($result)!=0)
{
$row = mysql_fetch_array($result);
$pass = $row['passwd'];
if(strcmp($_POST['oldpass'], $pass) == 0)
{
$newPass = strip_tags(mysql_real_escape_string($newPass));
mysql_query("UPDATE `members` SET passwd = '$newPass' where member_id = '$member'");
echo "password changed";
}
else
{
echo "old password incorrect";
}
}
else
{
echo "Could not find memeber";
}
}

?>

<form action="index.php" method="POST">
<input type="hidden" name="member" value="1" />
<p>Old password: <input type="password" name="oldpass" /></p>
<p>New Password: <input type="password" name="newpass" /></p>
<inpu type="submit" name="chpass" />
</form>

</body>
</html>

Phil Jackson
08-27-2009, 09:03 PM
I know for sure this one works!!

Phil Jackson
08-27-2009, 09:06 PM
p.s. go into you php.ini file and turn on errors!!

bucket
08-27-2009, 09:07 PM
Ok 1 min, my site is loading very slow for some reason...

bucket
08-27-2009, 09:14 PM
My website is not loading at all now.

Phil Jackson
08-27-2009, 09:19 PM
there is no data consuming code it will just be your host being slow.

bucket
08-27-2009, 09:25 PM
I know. they said they are updating.

Phil Jackson
08-27-2009, 09:26 PM
Ah well, let me know what happens.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum