Change password... Doesnt seem to work, just resets password

[nexuzkid]

Hello PhP Freaks forum

In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing.

 

Here is the code below.

 

<?php

if(isset($_SESSION['username']))

{

$username = $_SESSION['username'];

$lastname = $_SESSION['lastname'];

$firstname = $_SESSION['firstname'];

$email = $_SESSION['email'];

 

echo "

 

<h4>Options for:</h4>   $username

<br />

<br />

First name:   $firstname

 

<br />Last name:   $lastname

 

<br /><br /><h3>Want to change your password:</h3><br />

 

<form action='?do=option' method='post'>

 

Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br />

<br />

New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br />

<br />

Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br />

 

<center></div><input type='submit' value='Submit'/></center></form>";

 

 

}else{

echo 'Please login to view your options!';

}

 

$password = $_REQUEST['password'];

$pass_conf = $_REQUEST['newpass'];

$email = $_REQUEST['passconf'];

 

$connect = mysql_connect("Host", "User", "Password");

if(!$connect){

die(mysql_error());

}

 

//Selecting database

$select_db = mysql_select_db("My Database", $connect);

if(!$select_db){

die(mysql_error());

}

 

//Find if entered data is correct

 

$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

$row = mysql_fetch_array($result);

$id = $row['id'];

 

 

mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")

 

?>

 

And i do know that i dont have a

 

if(Empty($newpass)){

Die(Please fill out the new password)                                                 

}

 

Or any security on the others, but the problem just seems that it resets the password into nothing

 

Hope i can get this fixed

 

Best Regards

 

William Pfaffe

[blacknight]

mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'")

insted of $user sjouldent it be $username?

[nexuzkid]

Nice spotted, but just tried it and it still resets the password into nothing. Thanks for reminding me of that spelling fail tho

[kicken]

Nice spotted, but just tried it and it still resets the password into nothing. Thanks for reminding me of that spelling fail tho

 

$newpass is also undefined, so essentially your setting it to an empty string.  You probably want $pass_conf.

[nexuzkid]

just tried that but, password table just keeps resetting into nothing. It just leaves the password empty

[nexuzkid]

Oops sorry fellas, forgot to leave username instead of users it works now. Thanks for the help!

 

I knew i could come here and it would be solved

 

Best regards

 

William Pfafe

[blacknight]

gotta watch the name of your var's

 

$pass_conf = $_REQUEST['newpass'];

$email = $_REQUEST['passconf'];

should be

$pass_new = $_REQUEST['newpass'];

$pass_conf = $_REQUEST['passconf'];

 

or add in

if (isset($pass_conf) && $pass_conf !='' && isset($pass_new) && $pass_new !='')
{
if ($pass_conf == $pass_new)
{
$newpass = md5($pass_conf)
}
else
{
echo 'your passwords no not match';
}
}
else
{
echo ' one or more of your passwords are blank';
}

 

this is long code but it make sure the passwords are set lol

[nexuzkid]

Ok, thanks mate for the help. Imma head to bed , been staying up for replies.