...

View Full Version : Please help on creating change user password code using php and mysql



kingot
09-14-2011, 01:43 PM
Hi,
Please i want to create a page where user can change his or her password.
Now i can't fish out where the problem is now,

The system is that , unless the user can change his password, he need to enter the old password which mush be equal to the one in the database he was using, now how do i check that..

Then the user need to set his password on the new password filed and the same on the comfirm password filed

someone should help and fixed this for me...

I have sit on this code for week now but no sucess..and i'm damm headache now..



<?php
require 'connect.inc.php';
require 'core.inc.php';


//checking to see if the form hass been submitted or cliked
if(isset($_POST['oldpassword']) &&isset($_POST['newpassword']) &&isset($_POST['comfirmpassword'])){
$oldpassword=$_POST['oldpassword'];
$newpassword=$_POST['newpassword'];
$comfirmpassword=$_POST['comfirmpassword'];

//now converting then to md5 encryption
$oldpassword_harsh=md5(strip_tags($oldpassword));
$newpassword_harsh=md5(strip_tags($newpassword));
$comfirmpassword_harsh=md5(strip_tags($comfirmpassword));

if(!empty($oldpassword)&&!empty($newpassword)&&!empty($comfirmpassword)){
//here we can do alot of checks here, the length allowed, uppercase and lowercase,
//strip slashes and more
//but let just frst achieve our mission of changing password first, now we need to run a query
//we need to check if the new password and comfirmpassword do match

if($newpassword_harsh===$comfirmpassword_harsh){
//now after checking to see if the two passwords do match
//we then run our query to get all result from the database
//and if the myslq_num_rows == 1, then the username and password do match
//and we can then reset the password.

$query="SELECT * FROM `users` WHERE `username`='".@mysql_real_escape_string($user_name)."' AND `password`='".@mysql_real_escape_string($password)."'";
$query_run=mysql_query($query);

$mysql_num_rows=mysql_num_rows($query_run);
if($mysql_num_rows==1){

//now we then run a query to update or reset our password
$query="UPDATE `users` SET `password`='".@mysql_real_escape_string($newpassword_harsh)."' WHERE `username`='".@mysql_real_escape_string($user_name)."'";

if($query_run=mysql_query($query)){
echo 'You sucessfully reset your password';
}else{
echo 'There was an error processing your password reset.';
}

}else{

echo 'The password you entered does not exist in our webmaster result.';
}

}else{
echo 'New password and comfirm password do not match';
}

}else{
echo 'All fileds are required';
}
}
?>

<form action="changepassword.php" method="POST">
Old Password:<br>
<input type="password" name="oldpassword"><br><br>
New Password:<br>
<input type="password" name="newpassword"><br><br>
Comfirm New Password:<br>
<input type="password" name="comfirmpassword"><br />
<input type="submit" value="Reset password">
</form>


Thanks
Clement Osei

mlseim
09-14-2011, 02:21 PM
Explain what is NOT working.
Do you get a PHP script error?
One of your own error messages appear?
Nothing happens and no error appears?

We have no way to test it ourselves.


.

kingot
09-14-2011, 02:39 PM
Hi Sir,
Thanks..!!
Actually no error comes..now even using mysql_error() function but no error occurs....but after submitting it the database password remain unchaneg...
my problem now is how do i check to see if the user has really enter his correct old password before entering the new password to reset.

How do i run that query to check please and query to update it
Where do you thing i'm not doing right thats why is not working..try help

Thanks
Clement Ose

mlseim
09-14-2011, 04:22 PM
One thing I see ... but not related to your problem.
Missing an equal sign ...

if($query_run==mysql_query($query)){

====================

This line:

$query="SELECT * FROM `users` WHERE `username`='".@mysql_real_escape_string($user_name)."' AND `password`='".@mysql_real_escape_string($password)."'";
$query_run=mysql_query($query);

Is where you compare the old password to the one in the database?

I would expect the change shown in red ...
and only compare passwords, not username ...

$query="SELECT * FROM `users` WHERE `password`='".@mysql_real_escape_string($oldpassword)."'";
$query_run=mysql_query($query);


.

kingot
09-14-2011, 06:22 PM
Hi sir,
Thanks so much for saving me headache and worry..
Even though that one did not work but with a little bit changes ,now it works..!!

Happy and thank you

Clement Osei

oracleguy
09-14-2011, 06:46 PM
One thing I see ... but not related to your problem.
Missing an equal sign ...

if($query_run==mysql_query($query)){


That was intentional probably since it will check if the query was successful and assign it to the query_run variable. I personally don't like that style of coding, it is cleaner to make them separate statements.



//now converting then to md5 encryption
$oldpassword_harsh=md5(strip_tags($oldpassword));
$newpassword_harsh=md5(strip_tags($newpassword));
$comfirmpassword_harsh=md5(strip_tags($comfirmpassword));

If this is a new website your are writing you really shouldn't be using MD5. As indicated on the page in the PHP manual for this function, MD5 isn't a secure algorithm to use.

Also you wrote 'harsh' when you probably meant 'hash'.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum