 |  |  |  |  |  |  |  |
Not able to change/update password
 |
•
•
Join Date: Mar 2005
Posts: 15
Reputation: 
Solved Threads: 0
Newbie Poster
I am still a bit of a newb, but am getting the hang of webdev. My problem is in changing/updating a user's password. The good news is that I know I am hitting the mySQL table b/c I am able to see data appended. However, that's also my problem. When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.
I have created the following SQL stmts:
//create sql statement
$oursql="insert into customerinfo (fn,ln,address1,address2,city,state,zip,telephone,email_address,un,pw) ";
$oursql.="values ('$fn','$ln','$add1','$add2','$city','$st','$zip','$ph','$email','$un','$pw')";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
$oursql="update customerinfo set pw = password('$pw')". "Where pw='$pw' and un = '$un' ";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
Do I need to foward any additional code? If so, please let me know.
Thanks
I have created the following SQL stmts:
//create sql statement
$oursql="insert into customerinfo (fn,ln,address1,address2,city,state,zip,telephone,email_address,un,pw) ";
$oursql.="values ('$fn','$ln','$add1','$add2','$city','$st','$zip','$ph','$email','$un','$pw')";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
$oursql="update customerinfo set pw = password('$pw')". "Where pw='$pw' and un = '$un' ";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
Do I need to foward any additional code? If so, please let me know.
Thanks
•
•
Join Date: Mar 2005
Posts: 57
Reputation:
Solved Threads: 2
Junior Poster in Training
I think the problem is in your WHERE claus... you are using WHERE pw='$pw'
at that time $pw contains the actual password... unencrypted ... and PASSWOR('$pw') holds the encrytped password
My sugestions:
FIRST!... dont use PASSWORD... use SHA1 or MD5 since PASSWORD was changed in the different MYSQL versions and if you migrate sooner or later you will have to update all the passwords.
THEN... do not check the password... don't use WHERE pw=something... just use something like UPDATE table SET pw=MD5('$pw') WHERE userid=1
The confirmation of the old password is better to do it with the script...
Hope it helps...
at that time $pw contains the actual password... unencrypted ... and PASSWOR('$pw') holds the encrytped password
My sugestions:
FIRST!... dont use PASSWORD... use SHA1 or MD5 since PASSWORD was changed in the different MYSQL versions and if you migrate sooner or later you will have to update all the passwords.
THEN... do not check the password... don't use WHERE pw=something... just use something like UPDATE table SET pw=MD5('$pw') WHERE userid=1
The confirmation of the old password is better to do it with the script...
Hope it helps...
•
•
Join Date: Mar 2005
Posts: 15
Reputation:
Solved Threads: 0
Newbie Poster
RamiroS,
I used the code and at first, it did not work. In place of '$un', I tried the 1, but I would keep refering to mySQL and saw no changes. When I entered the var '$un', it changed the password, but now it's encrypted. I also tried single quotes around the 1, but that didn't work. Any suggestions? I would like to display the actual password instead of the encrypted one. Thanks again!
//create sql statement
$oursql="update customerinfo set pw=MD5('$pw') where un='$un'";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmt
$myresult = mysql_query($oursql) or die (mysql_error());
I used the code and at first, it did not work. In place of '$un', I tried the 1, but I would keep refering to mySQL and saw no changes. When I entered the var '$un', it changed the password, but now it's encrypted. I also tried single quotes around the 1, but that didn't work. Any suggestions? I would like to display the actual password instead of the encrypted one. Thanks again!
//create sql statement
$oursql="update customerinfo set pw=MD5('$pw') where un='$un'";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmt
$myresult = mysql_query($oursql) or die (mysql_error());
•
•
Join Date: Mar 2005
Posts: 57
Reputation:
Solved Threads: 2
Junior Poster in Training
Ok, the problem is that storing unencrypted passwords is not secure.
When you said I'm asuming that is ok since you are updating using PASSWORD('$pw') and that will create an encryted password.
If you dont want to encrypt simply do not use the PASSWORD() function. The code you submitted should work. But I strongly recommend using encryption and something different to PASSWORD.
When you said
•
•
•
•
When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.
If you dont want to encrypt simply do not use the PASSWORD() function. The code you submitted should work. But I strongly recommend using encryption and something different to PASSWORD.
|
Similar Threads
- Change Password In A Shell Script (Shell Scripting)
- Quick Reference for Linux Commands (Getting Started and Choosing a Distro)
- Help with password update (PHP)
- How do I change my Password (*nix Software)
- shuting down multiple nix boxes (*nix Software)
- Internet Explorer Icons Change (Web Browsers)
Other Threads in the PHP Forum
- Previous Thread: uploaded file origin directory
- Next Thread: Calander
Views: 2759 | Replies: 3
| Thread Tools | Search this Thread |
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for PHP
.htaccess access ajax apache api archive array arrays auto box buttons cakephp cart check checkbox class classes cms code combobox database date development directory display download dropdown dropdownlist drupal dynamic echo email error file files form forms functions header hosting href htaccess html image include insert integration ip java javascript joomla jquery limit link login loop mail menu mlm mod_rewrite multiple mysql order parse password paypal php problem query radio recursion redirect regex remote rows script search select server session sort source sql string structure syntax table tutorial update updates upload url user validation variable video web website wordpress xml
