Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Feb 2011
    Posts
    34
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Changing Password with MySQL and PHP

    Hi everyone... I was working on a user system and i have gotten the registration and login systems to work fine (using PHP and MySQL Database).

    But when I am attempting to make a Change Password handler, it keeps failing to do so.

    This is what I have:

    PHP Code:
    include "dbConfig.php";

    // Create query
    $q1 "SELECT * FROM `users` "
      
    ."WHERE `id`='".$_SESSION["valid_id"]."' ";
      
    $result mysql_query($q1) or die(mysql_error());
    $row mysql_fetch_array($result);


    $new_pass "UPDATE `users`"
    ."SET password='PASSWORD('".$_POST["new_pass"].")'"
    ."WHERE username='".$_SESSION["valid_user"]."'";

    $resulta mysql_query($new_pass) or die(mysql_error()); 
    *Extracted from larger script.

    Please keep in mind that they your must already be logged in, that's why it is getting "valid_user" and "valid_id" from the session.

    also my database has bultiple tables, but the table that contains the content needed is called "users" and within it, there are fields called: "id" "username" password" and "email".

    All i want it to do is to replace the old password with the new password that the user has provided.

  • #2
    Banned
    Join Date
    Feb 2011
    Posts
    2,699
    Thanks
    13
    Thanked 395 Times in 395 Posts
    PHP Code:
    $new_pass "UPDATE `users`"
    ."SET password='PASSWORD('".$_POST["new_pass"].")'"
    ."WHERE username='".$_SESSION["valid_user"]."'";

    //display the actual query being run

    echo $new_pass; die(); 
    What is the output from the above echo?

  • #3
    New Coder
    Join Date
    Feb 2011
    Posts
    34
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by bullant View Post
    [PHP]
    What is the output from the above echo?
    I was using:


    PHP Code:
     if ( !mysql_insert_id() ) {
      die(
    "Error: User not added to database.");
      }
     else
      {
      
    // Redirect to thank you page.
      
    echo "<h2>Your password change was successful!</h2>";
     
    Header("Location: index.php");
      } 
    The Error i get is:

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test123)'WHERE username=''' at line 1
    Last edited by lankanmon; 04-13-2011 at 04:27 AM.

  • #4
    Banned
    Join Date
    Feb 2011
    Posts
    2,699
    Thanks
    13
    Thanked 395 Times in 395 Posts
    That code and error msg is not the output to

    PHP Code:
    echo $new_pass
    I asked for in my previous post, so I'm not sure I can help anymore.

  • #5
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    PHP Code:
    $new_pass "UPDATE `users`"
    ."SET password='PASSWORD('".$_POST["new_pass"].")'"
    ."WHERE username='".$_SESSION["valid_user"]."'";

    //display the actual query being run

    echo $new_pass; die(); 
    Look at the closing parenthesis for the password function, you have the closing quote after the parenthesis instead of before. That is where your syntax error is coming from. And you need a space before the 'WHERE'.

    Furthermore you really shouldn't be using that function to hash your passwords. MySQL themselves say you shouldn't use it in your own applications. Those queries can be logged causing your passwords to be available in the clear. You should really be using SHA256 to hash your passwords instead.
    Last edited by oracleguy; 04-13-2011 at 05:20 PM. Reason: fixed quote
    OracleGuy

  • Users who have thanked oracleguy for this post:

    lankanmon (04-15-2011)

  • #6
    Banned
    Join Date
    Feb 2011
    Posts
    2,699
    Thanks
    13
    Thanked 395 Times in 395 Posts
    Since you're quoting my post and not the op's are you talking to me or the op?

    I know what the error is in this case. I was showing the op how I go about debugging a query when I'm not sure what is going on.

    If he/she echoed out the query, the error should be obvious.

  • #7
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by bullant View Post
    Since you're quoting my post and not the op's are you talking to me or the op?

    I know what the error is in this case. I was showing the op how I go about debugging a query when I'm not sure what is going on.

    If he/she echoed out the query, the error should be obvious.
    Sorry I meant to quote the OP's post.
    OracleGuy

  • #8
    New Coder
    Join Date
    Feb 2011
    Posts
    34
    Thanks
    5
    Thanked 0 Times in 0 Posts
    I have this now:

    PHP Code:
    $crypt_pass SHA1($_POST["new_pass"]);


    echo 
    $crypt_pass;

    if(
    mysql_query("update users set password='$crypt_pass' where id='$_SESSION[valid_id]'")){
        echo 
    "<font face='Verdana' size='2' ><center>Thanks! <br> Your password changed successfully.</font></center>";
    }else{
        echo 
    "<font face='Verdana' size='2' color=red><center>Sorry!<br>Failed to change password Contact Site Admin</font></center>";

    But it is still not changing the password on the database... What am I doing wrong?

    BTW. I changed the system to SHA1 (my server does not support SHA2). - Including the registration and login systems. But only the change password system is failing to work.

    I appreciate any and all help!
    Last edited by lankanmon; 04-14-2011 at 01:47 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •