Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Regular Coder
    Join Date
    Feb 2011
    Posts
    114
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Please help on creating change user password code using php and mysql

    Hi,
    Please i want to create a page where user can change his or her password.
    Now i can't fish out where the problem is now,

    The system is that , unless the user can change his password, he need to enter the old password which mush be equal to the one in the database he was using, now how do i check that..

    Then the user need to set his password on the new password filed and the same on the comfirm password filed

    someone should help and fixed this for me...

    I have sit on this code for week now but no sucess..and i'm damm headache now..


    Code:
    <?php
    require 'connect.inc.php';
    require 'core.inc.php';
    
    
    //checking to see if the form hass been submitted or cliked
    if(isset($_POST['oldpassword']) &&isset($_POST['newpassword']) &&isset($_POST['comfirmpassword'])){
      $oldpassword=$_POST['oldpassword'];
     $newpassword=$_POST['newpassword'];
      $comfirmpassword=$_POST['comfirmpassword'];
       
       //now converting then to md5 encryption
       $oldpassword_harsh=md5(strip_tags($oldpassword));
       $newpassword_harsh=md5(strip_tags($newpassword));
       $comfirmpassword_harsh=md5(strip_tags($comfirmpassword));
       
      if(!empty($oldpassword)&&!empty($newpassword)&&!empty($comfirmpassword)){
        //here we can do alot of checks here, the length allowed, uppercase and lowercase,
    	//strip slashes and more
    	//but let just frst achieve our mission of changing password first, now we need to run a query
    	//we need to check if the new password and comfirmpassword do match
    	
    	if($newpassword_harsh===$comfirmpassword_harsh){
    	   //now after checking to see if the two passwords do match
    	   //we then run our query to get all result from the database
    	   //and if the myslq_num_rows == 1, then the username and password do match
    	   //and we can then reset the password.
    	   
    	   $query="SELECT * FROM `users` WHERE `username`='".@mysql_real_escape_string($user_name)."' AND `password`='".@mysql_real_escape_string($password)."'"; 
    	   $query_run=mysql_query($query);
    	   
    	   $mysql_num_rows=mysql_num_rows($query_run);
    	   if($mysql_num_rows==1){
    	   
    	    //now we then run a query to update or reset our password
    		$query="UPDATE `users` SET `password`='".@mysql_real_escape_string($newpassword_harsh)."' WHERE `username`='".@mysql_real_escape_string($user_name)."'";
    	    
    		 if($query_run=mysql_query($query)){
    		   echo 'You sucessfully reset your password';
    		 }else{
    		  echo 'There was an error processing your password reset.';
    		 }
    	   
    	   }else{
    	   
    	   echo 'The password you entered does not exist in our webmaster result.';
    	   }
    	   
    	}else{
    	echo 'New password and comfirm password do not match';
    	}
    	
      }else{
      echo 'All fileds are required';
      }
    }
    ?>
    
    <form action="changepassword.php" method="POST">
      Old Password:<br>
        <input type="password" name="oldpassword"><br><br>
        New Password:<br>
         <input type="password" name="newpassword"><br><br>
         Comfirm New Password:<br>
         <input type="password" name="comfirmpassword"><br />
         <input type="submit" value="Reset password">
    </form>
    Thanks
    Clement Osei
    Last edited by oracleguy; 09-14-2011 at 06:47 PM. Reason: fixed code tags

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,492
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    Explain what is NOT working.
    Do you get a PHP script error?
    One of your own error messages appear?
    Nothing happens and no error appears?

    We have no way to test it ourselves.


    .

  • Users who have thanked mlseim for this post:

    kingot (09-14-2011)

  • #3
    Regular Coder
    Join Date
    Feb 2011
    Posts
    114
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hi Sir,
    Thanks..!!
    Actually no error comes..now even using mysql_error() function but no error occurs....but after submitting it the database password remain unchaneg...
    my problem now is how do i check to see if the user has really enter his correct old password before entering the new password to reset.

    How do i run that query to check please and query to update it
    Where do you thing i'm not doing right thats why is not working..try help

    Thanks
    Clement Ose
    Last edited by kingot; 09-14-2011 at 02:56 PM. Reason: i foregt to point something on my post

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,492
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    One thing I see ... but not related to your problem.
    Missing an equal sign ...

    if($query_run==mysql_query($query)){

    ====================

    This line:

    $query="SELECT * FROM `users` WHERE `username`='".@mysql_real_escape_string($user_name)."' AND `password`='".@mysql_real_escape_string($password)."'";
    $query_run=mysql_query($query);

    Is where you compare the old password to the one in the database?

    I would expect the change shown in red ...
    and only compare passwords, not username ...

    $query="SELECT * FROM `users` WHERE `password`='".@mysql_real_escape_string($oldpassword)."'";
    $query_run=mysql_query($query);


    .
    Last edited by mlseim; 09-14-2011 at 04:25 PM.

  • #5
    Regular Coder
    Join Date
    Feb 2011
    Posts
    114
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hi sir,
    Thanks so much for saving me headache and worry..
    Even though that one did not work but with a little bit changes ,now it works..!!

    Happy and thank you

    Clement Osei

  • #6
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Quote Originally Posted by mlseim View Post
    One thing I see ... but not related to your problem.
    Missing an equal sign ...

    if($query_run==mysql_query($query)){
    That was intentional probably since it will check if the query was successful and assign it to the query_run variable. I personally don't like that style of coding, it is cleaner to make them separate statements.

    Code:
    //now converting then to md5 encryption
    $oldpassword_harsh=md5(strip_tags($oldpassword));
    $newpassword_harsh=md5(strip_tags($newpassword));
    $comfirmpassword_harsh=md5(strip_tags($comfirmpassword));
    If this is a new website your are writing you really shouldn't be using MD5. As indicated on the page in the PHP manual for this function, MD5 isn't a secure algorithm to use.

    Also you wrote 'harsh' when you probably meant 'hash'.
    OracleGuy


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •