Change password script. echo result same page

tim967 · 05-03-2011, 09:10 AM

Hi, i've got a changepassword script and i'm trying to get it to say password changed or incorrect password on the same page. But currently any errors open in a new blank page and if it is successful it shows nothing. here is my code, i hope someone can help.

PHP Code:


			
<?php

session_start();

include ('../scripts/dbinfo.php');

$myusername = $_SESSION['myusername'];

// username and password sent from form 

$oldpassword=md5($_POST['oldpass']);;

$newpassword1=md5($_POST['newpass1']);

$newpassword2=md5($_POST['newpass2']);

// To protect MySQL injection (more detail about MySQL injection)



$sql="SELECT * FROM users WHERE username='$myusername' and password='$oldpassword'";

$result = mysql_query($sql);

$row = mysql_fetch_array($result);

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row





if ($count==1 && $newpassword1 == $newpassword2)

    {

    $changethepassword="UPDATE `users` SET `password`='$newpassword1' WHERE `username`='$myusername'";

    mysql_query($changethepassword);

    header("location: ../index.php?cmd=changepass");

    echo "Password Changed";

    }

        elseif($myusername=="")                        //check if user session is empty

            {

            echo "Not logged in";

            include 'login.php';

            }

        elseif($count==0)                           // check if password is correct

            {

            echo "Incorrect password";

            include 'changepass.php';

            }

        elseif ($newpassword1 != $newpassword2)              //check if both password fields match

            { 

            echo "passwords did not match";

            include 'changepass.php';

            }

        else                                 // if both are incorrect 

            {

            echo "Pasword incorrect and passwords did not match";

            include 'changepass.php'; 

            }    



echo "<br/>";    

?>

tomharto · 05-03-2011, 09:23 AM

I might be wrong but i think everything after the header relink wont be executed because the page changes. If you want the text to display on the changepass.php page id put a something like header("Location: ../index.php?cmd=changepass&error=not_logged_in"); and have code on the changepass page to interpret the error section. Or you could set a variable $_SESSION['error'] = "Oops, it appears your not logged in!"; and echo that so people cant see the &error=xxx part

tim967 · 05-03-2011, 10:42 AM

Quote:

Originally Posted by tomharto

I might be wrong but i think everything after the header relink wont be executed because the page changes. If you want the text to display on the changepass.php page id put a something like header("Location: ../index.php?cmd=changepass&error=not_logged_in"); and have code on the changepass page to interpret the error section. Or you could set a variable $_SESSION['error'] = "Oops, it appears your not logged in!"; and echo that so people cant see the &error=xxx part

Ok thanks,

Bit of a noob at php to be honest. Would you be able to tell me what i would need to put in the changepass.php?

This is whats currently in it:

PHP Code:


			
<? 

echo "<b>Change User Password</b></p>

<form name=\"form1\" method=\"post\" action=\"../includes/pass_process.php\">

Old Password:<input name=\"oldpass\" type=\"password\" id=\"oldpass\"><br />

New Password: <input name=\"newpass1\" type=\"password\" id=\"newpass1\"><br />

Repeat password:<input name=\"newpass2\" type=\"password\" id=\"newpass2\"><br />

<input type=\"submit\" name=\"Submit\" value=\"Change Password\">

</form>";

?>

tomharto · 05-03-2011, 06:23 PM

Probably something like

PHP Code:


			
if ($_SESSION['error'] === "This") {
echo "That";
}elseif ($_SESSION['error'] === "This2") {
echo "That2";
}

to echo out the error messages. Make sure theres session_start(); at the beginning.