...

View Full Version : change password code



naveendk.55
11-17-2011, 03:48 PM
Hi,

I'm trying to change the password after logging in to web site. Following is the code that change the password. However, the password is not changing in the table. Please let me know if I'm making any error in below code.

Thanks.






<?php

$password=mysql_real_escape_string($_POST['newpassword']);
$password2=mysql_real_escape_string($_POST['confirmnewpassword']);


if ( strlen($password) < 5 or strlen($password) > 12 ){
echo "Password must be more than 5 char legth and maximum 12 char lenght<BR>";
}

if ( $password <> $password2 ){
echo "Both passwords are not matching";
}

if($password == $password2){
if(mysql_query("update users set password='$password' where empid='$_SESSION[login]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password every 2 monthsfor better security</font></center>";
}
}

markspark100
11-17-2011, 04:34 PM
Try putting an else after your query:



if(mysql_query("update users set password='$password' where empid='$_SESSION[login]'")){
echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password every 2 monthsfor better security</center></font>";
}
else{
echo mysql_error();
}


You also need to change your ifs to else if otherwise even if your password is shorther than 5 or longer than 12, as long as $password and $password2 match the query will take place.

Mark

naveendk.55
11-17-2011, 04:41 PM
I tried that and the password is not getting changed in database.

However, I got the message that I Put in code.


"Thanks
Your password changed successfully. Please keep changing your password every 2 monthsfor better security".

naveendk.55
11-17-2011, 06:14 PM
any other options to change the password. If any one have their own simple change password code, then post it here..plz.

Truffle
11-17-2011, 06:20 PM
i think your $_SESSION variable is wrong

$_SESSION[login] should have quotes around 'login'



"update users set password='$password' where empid='{$_SESSION['login']}'"

naveendk.55
11-18-2011, 09:16 AM
I tried that also but not working.

naveendk.55
11-18-2011, 02:14 PM
When I echo the session variable, it only printed one digit. My user id is a 10 digit code.

Any one confirm if I'm making any error while creating the session.. Thank you.




<?php session_start(); ?>
<?php include_once("includes/connections.php"); ?>
<?php include_once("functions/funphp.php"); ?>
<?php

if (isset($_POST['password']) && isset($_POST['login'])) // if the password is set then the form has been submitted on login.php page
{

$login = mysql_real_escape_string($_POST['login']);
$password = mysql_real_escape_string($_POST['password']);
$qstr = "SELECT * from users where empid='$login' and password ='$password'";

$result = mysql_query($qstr);
$_SESSION['login']=$login['login'];
$_SESSION['username'] = $username['username'];
if (mysql_num_rows($result)==1)
{

redirect("home.php");
}
else
{
echo "<font color=#000000><b>Invalid User Name or Password. <a href=index.php> Click here</a> to go back to the login screen </a></Center></font>";

}
mysql_close();
}
?>

Truffle
11-18-2011, 02:48 PM
$_SESSION['login']=$login['login'];


This is wrong because $login is not an array. It should simply just be holding a string value that was in $_POST['login']. So it should be like this



$_SESSION['login'] = $login;


Although ideally you should just forget about $login altogether and set $_SESSION['login'] like this


$_SESSION['login'] = mysql_real_escape_string($_POST['login']);



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum