...

View Full Version : Changing Password with MySQL and PHP



lankanmon
04-12-2011, 08:35 PM
Hi everyone... I was working on a user system and i have gotten the registration and login systems to work fine (using PHP and MySQL Database).

But when I am attempting to make a Change Password handler, it keeps failing to do so.

This is what I have:



include "dbConfig.php";

// Create query
$q1 = "SELECT * FROM `users` "
."WHERE `id`='".$_SESSION["valid_id"]."' ";

$result = mysql_query($q1) or die(mysql_error());
$row = mysql_fetch_array($result);


$new_pass = "UPDATE `users`"
."SET password='PASSWORD('".$_POST["new_pass"].")'"
."WHERE username='".$_SESSION["valid_user"]."'";

$resulta = mysql_query($new_pass) or die(mysql_error());


*Extracted from larger script.

Please keep in mind that they your must already be logged in, that's why it is getting "valid_user" and "valid_id" from the session.

also my database has bultiple tables, but the table that contains the content needed is called "users" and within it, there are fields called: "id" "username" password" and "email".

All i want it to do is to replace the old password with the new password that the user has provided.

bullant
04-13-2011, 12:05 AM
$new_pass = "UPDATE `users`"
."SET password='PASSWORD('".$_POST["new_pass"].")'"
."WHERE username='".$_SESSION["valid_user"]."'";

//display the actual query being run

echo $new_pass; die();

What is the output from the above echo?

lankanmon
04-13-2011, 04:13 AM
[PHP]
What is the output from the above echo?

I was using:



if ( !mysql_insert_id() ) {
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
echo "<h2>Your password change was successful!</h2>";
Header("Location: index.php");
}

The Error i get is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test123)'WHERE username=''' at line 1

bullant
04-13-2011, 04:29 AM
That code and error msg is not the output to


echo $new_pass;

I asked for in my previous post, so I'm not sure I can help anymore.

oracleguy
04-13-2011, 05:34 AM
$new_pass = "UPDATE `users`"
."SET password='PASSWORD('".$_POST["new_pass"].")'"
."WHERE username='".$_SESSION["valid_user"]."'";

//display the actual query being run

echo $new_pass; die();

Look at the closing parenthesis for the password function, you have the closing quote after the parenthesis instead of before. That is where your syntax error is coming from. And you need a space before the 'WHERE'.

Furthermore you really shouldn't be using that function to hash your passwords. MySQL themselves say you shouldn't use it in your own applications (http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_password). Those queries can be logged causing your passwords to be available in the clear. You should really be using SHA256 to hash your passwords instead.

bullant
04-13-2011, 05:42 AM
Since you're quoting my post and not the op's are you talking to me or the op?

I know what the error is in this case. I was showing the op how I go about debugging a query when I'm not sure what is going on.

If he/she echoed out the query, the error should be obvious.

oracleguy
04-13-2011, 05:19 PM
Since you're quoting my post and not the op's are you talking to me or the op?

I know what the error is in this case. I was showing the op how I go about debugging a query when I'm not sure what is going on.

If he/she echoed out the query, the error should be obvious.
Sorry I meant to quote the OP's post.

lankanmon
04-13-2011, 09:14 PM
I have this now:



$crypt_pass = SHA1($_POST["new_pass"]);


echo $crypt_pass;

if(mysql_query("update users set password='$crypt_pass' where id='$_SESSION[valid_id]'")){
echo "<font face='Verdana' size='2' ><center>Thanks! <br> Your password changed successfully.</font></center>";
}else{
echo "<font face='Verdana' size='2' color=red><center>Sorry!<br>Failed to change password Contact Site Admin</font></center>";
}


But it is still not changing the password on the database... What am I doing wrong?

BTW. I changed the system to SHA1 (my server does not support SHA2). - Including the registration and login systems. But only the change password system is failing to work.

I appreciate any and all help!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum