User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Code Snippets
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 426,336 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,386 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 1659 | Replies: 3
Reply
Join Date: Mar 2005
Posts: 15
Reputation: venetian_jigsaw is an unknown quantity at this point 
Rep Power: 4
Solved Threads: 0
venetian_jigsaw venetian_jigsaw is offline Offline
Newbie Poster

Question Not able to change/update password

  #1  
Dec 19th, 2005
I am still a bit of a newb, but am getting the hang of webdev. My problem is in changing/updating a user's password. The good news is that I know I am hitting the mySQL table b/c I am able to see data appended. However, that's also my problem. When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.

I have created the following SQL stmts:

//create sql statement
$oursql="insert into customerinfo (fn,ln,address1,address2,city,state,zip,telephone,email_address,un,pw) ";
$oursql.="values ('$fn','$ln','$add1','$add2','$city','$st','$zip','$ph','$email','$un','$pw')";
//echo $oursql;
//die;

//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());

$oursql="update customerinfo set pw = password('$pw')". "Where pw='$pw' and un = '$un' ";
"flush privileges";
//echo $oursql;
//die;

//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());

Do I need to foward any additional code? If so, please let me know.

Thanks
AddThis Social Bookmark Button
Reply With Quote  
Join Date: Mar 2005
Location: Costa Rica
Posts: 46
Reputation: RamiroS is an unknown quantity at this point 
Rep Power: 4
Solved Threads: 0
RamiroS's Avatar
RamiroS RamiroS is offline Offline
Light Poster

Re: Not able to change/update password

  #2  
Dec 20th, 2005
I think the problem is in your WHERE claus... you are using WHERE pw='$pw'

at that time $pw contains the actual password... unencrypted ... and PASSWOR('$pw') holds the encrytped password

My sugestions:

FIRST!... dont use PASSWORD... use SHA1 or MD5 since PASSWORD was changed in the different MYSQL versions and if you migrate sooner or later you will have to update all the passwords.

THEN... do not check the password... don't use WHERE pw=something... just use something like UPDATE table SET pw=MD5('$pw') WHERE userid=1

The confirmation of the old password is better to do it with the script...

Hope it helps...
LOTRO Tips - Lord of the Rings Online Tips & Tricks
Reply With Quote  
Join Date: Mar 2005
Posts: 15
Reputation: venetian_jigsaw is an unknown quantity at this point 
Rep Power: 4
Solved Threads: 0
venetian_jigsaw venetian_jigsaw is offline Offline
Newbie Poster

Re: Not able to change/update password

  #3  
Dec 20th, 2005
RamiroS,

I used the code and at first, it did not work. In place of '$un', I tried the 1, but I would keep refering to mySQL and saw no changes. When I entered the var '$un', it changed the password, but now it's encrypted. I also tried single quotes around the 1, but that didn't work. Any suggestions? I would like to display the actual password instead of the encrypted one. Thanks again!

//create sql statement
$oursql="update customerinfo set pw=MD5('$pw') where un='$un'";
"flush privileges";
//echo $oursql;
//die;

//Execute SQL stmt
$myresult = mysql_query($oursql) or die (mysql_error());
Reply With Quote  
Join Date: Mar 2005
Location: Costa Rica
Posts: 46
Reputation: RamiroS is an unknown quantity at this point 
Rep Power: 4
Solved Threads: 0
RamiroS's Avatar
RamiroS RamiroS is offline Offline
Light Poster

Re: Not able to change/update password

  #4  
Dec 22nd, 2005
Ok, the problem is that storing unencrypted passwords is not secure.

When you said
When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.
I'm asuming that is ok since you are updating using PASSWORD('$pw') and that will create an encryted password.

If you dont want to encrypt simply do not use the PASSWORD() function. The code you submitted should work. But I strongly recommend using encryption and something different to PASSWORD.
LOTRO Tips - Lord of the Rings Online Tips & Tricks
Reply With Quote  
Reply

Only community members can participate in forum threads. You must register or log in to contribute.

Register
DaniWeb PHP Marketplace
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 

Thread Tools Display Modes
Linear Mode Linear Mode

blog competition crack daniweb gentoo linux microsoft windows news password php playstation ps3 security skype spam vista updates voip web windows update windows vista
Similar Threads
Other Threads in the PHP Forum

Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 11:36 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC