Jump to content

Change Password function

infinite-monkey

By infinite-monkey
in PHP Coding Help

 Share

Recommended Posts

infinite-monkey Newbie

infinite-monkey

Posted
Posted

Hi there

 

I'm a newbie to all of this so please be gentle!

 

I am starting up my own online business and I am feeling my way through PHP.  I have been doing ok so far but I'm having problems with the "change your password" function.  I change the password, I receive a reactivation email, but when I try to log in with the new password it hasnt changed. 

 

Code I'm using as follows:

 

<?php

// process.php

include 'config.php';

if(isset($_POST['changepassword']))
{

$current = trim($_POST['current']);
$new = trim($_POST['new']);
$confirm = trim($_POST['confirm']);

$pw = md5($current);

$query = mysql_query("SELECT * FROM Users WHERE Password = '$pw' LIMIT 1") or die(mysql_error());

if(mysql_num_rows($query) > 0)
{

	while($row = mysql_fetch_array($query))
	{	

		if ( $_POST['new'] == $_POST['confirm'] )
		{}else{

			echo '<script>alert("Your passwords were not the same, please enter the same password in each field.");</script>';
			echo '<script>history.back(1);</script>';
			exit;

		}

		$password = md5($new);

		$do = mysql_query("UPDATE Users SET Password = '$password' WHERE Password = '$pw' LIMIT 1") or die(mysql_error());
		$dotwo = mysql_query("UPDATE Users SET Activated = 0 WHERE Password = '$password' LIMIT 1") or die(mysql_error());
		$send = mail($row['Email'] , "Password changed" , "Your password has been changed to: ".trim($_POST['new'])."\n\nYou can change it again via the members only panel, but first you must re-activate your account:\nhttp://www.infinite-monkey.co.uk/activate.php?id=".$row['Actkey']."\n\nDo not reply to this email, it is automated. Thanks." , "From: auto@mailer.com");

		if((($do)&&($dotwo)&&($send)))
		{

			echo '<script>alert("Password changed. You will now be logged out and you must re-activate your account, check your email, a confirmation email has been sent.");</script>';
			echo '<script>location.replace("logout.php");</script>';

			exit;

		} else {

			echo '<script>alert("There appears to have been an error in the script. 1 or 2 of 3 things may have happened:\n\n• Your password could have been reset/changed\n• Your account could have been deactivated, see the resend validation email page\n• Your email may not have been sent.\n\nYou will now be logged out, if you are not able to login, reset your password using the form, or resend the validation email to activate your account again.\n\nWe are sorry for the inconvenience.");</script>';
			echo '<script>location.replace("logout.php");</script>';

			exit;

		}

	}

} else {

	echo '<script>alert("Incorrect password.");</script>';
	echo '<script>history.back(1);</script>';
	exit;

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

I would compare to the PW to a Username's PW, not just the first PW that matches.  What if two people have the same PW?

 

Same with the UPDATE, update the Username's row, not by a where clause on the Password.

Link to comment
Share on other sites
BLaZuRE Newbie

BLaZuRE

Posted
Posted

I'm curious, what do you not know how to change and/or what did you try?  I don't see a simpler way than directly giving you the code.  Is this your code or did you grab it from somewhere else?

 

Sorry if this is harsh, but I don't get why you don't get it.

Link to comment
Share on other sites
Zurev Newbie

Zurev

Posted
Posted

How does a user get to this page? If you can verify the users identity, their userID from the database based on however they're logged in, sessions, cookies what have you, then you can update the password in the row pertaining to that specific user.

Link to comment
Share on other sites
infinite-monkey Newbie

infinite-monkey

Posted
  • Author
Posted

Yeah I confess I grabbed the code from a tutorial.  Is that bad?  I'm really trying to understand it as I go, but I also want to get my site up and running as quickly as I can.

 

User gets to this page after they log in.  They are directed to a "members only" area which is a control panel which allows them to change their password.

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

Change your query to search based on both username and pw, not just pw.

Change your update the same way.  Try it and post the code you try and we'll help you.

 

BTW, that sounds like a bad tutorial if that's what they proposed.

Link to comment
Share on other sites
Zurev Newbie

Zurev

Posted
Posted

Yeah I found that tutorial on an MMORPG website, not the best place to find coding tutorials. I would look at the tutorials on this site first, obviously :P, then try tutsplus to be honest, they even have learning PHP from scratch.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.