 |  |  |  |  |  |  |  |
Not able to change/update password
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Mar 2005
Posts: 15
Reputation: 
Solved Threads: 0
Newbie Poster
I am still a bit of a newb, but am getting the hang of webdev. My problem is in changing/updating a user's password. The good news is that I know I am hitting the mySQL table b/c I am able to see data appended. However, that's also my problem. When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.
I have created the following SQL stmts:
//create sql statement
$oursql="insert into customerinfo (fn,ln,address1,address2,city,state,zip,telephone,email_address,un,pw) ";
$oursql.="values ('$fn','$ln','$add1','$add2','$city','$st','$zip','$ph','$email','$un','$pw')";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
$oursql="update customerinfo set pw = password('$pw')". "Where pw='$pw' and un = '$un' ";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
Do I need to foward any additional code? If so, please let me know.
Thanks
I have created the following SQL stmts:
//create sql statement
$oursql="insert into customerinfo (fn,ln,address1,address2,city,state,zip,telephone,email_address,un,pw) ";
$oursql.="values ('$fn','$ln','$add1','$add2','$city','$st','$zip','$ph','$email','$un','$pw')";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
$oursql="update customerinfo set pw = password('$pw')". "Where pw='$pw' and un = '$un' ";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());
Do I need to foward any additional code? If so, please let me know.
Thanks
I think the problem is in your WHERE claus... you are using WHERE pw='$pw'
at that time $pw contains the actual password... unencrypted ... and PASSWOR('$pw') holds the encrytped password
My sugestions:
FIRST!... dont use PASSWORD... use SHA1 or MD5 since PASSWORD was changed in the different MYSQL versions and if you migrate sooner or later you will have to update all the passwords.
THEN... do not check the password... don't use WHERE pw=something... just use something like UPDATE table SET pw=MD5('$pw') WHERE userid=1
The confirmation of the old password is better to do it with the script...
Hope it helps...
at that time $pw contains the actual password... unencrypted ... and PASSWOR('$pw') holds the encrytped password
My sugestions:
FIRST!... dont use PASSWORD... use SHA1 or MD5 since PASSWORD was changed in the different MYSQL versions and if you migrate sooner or later you will have to update all the passwords.
THEN... do not check the password... don't use WHERE pw=something... just use something like UPDATE table SET pw=MD5('$pw') WHERE userid=1
The confirmation of the old password is better to do it with the script...
Hope it helps...
•
•
Join Date: Mar 2005
Posts: 15
Reputation:
Solved Threads: 0
Newbie Poster
RamiroS,
I used the code and at first, it did not work. In place of '$un', I tried the 1, but I would keep refering to mySQL and saw no changes. When I entered the var '$un', it changed the password, but now it's encrypted. I also tried single quotes around the 1, but that didn't work. Any suggestions? I would like to display the actual password instead of the encrypted one. Thanks again!
//create sql statement
$oursql="update customerinfo set pw=MD5('$pw') where un='$un'";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmt
$myresult = mysql_query($oursql) or die (mysql_error());
I used the code and at first, it did not work. In place of '$un', I tried the 1, but I would keep refering to mySQL and saw no changes. When I entered the var '$un', it changed the password, but now it's encrypted. I also tried single quotes around the 1, but that didn't work. Any suggestions? I would like to display the actual password instead of the encrypted one. Thanks again!
//create sql statement
$oursql="update customerinfo set pw=MD5('$pw') where un='$un'";
"flush privileges";
//echo $oursql;
//die;
//Execute SQL stmt
$myresult = mysql_query($oursql) or die (mysql_error());
Ok, the problem is that storing unencrypted passwords is not secure.
When you said I'm asuming that is ok since you are updating using PASSWORD('$pw') and that will create an encryted password.
If you dont want to encrypt simply do not use the PASSWORD() function. The code you submitted should work. But I strongly recommend using encryption and something different to PASSWORD.
When you said
•
•
•
•
When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.
If you dont want to encrypt simply do not use the PASSWORD() function. The code you submitted should work. But I strongly recommend using encryption and something different to PASSWORD.
|
Similar Threads
- Change Password In A Shell Script (Shell Scripting)
- Quick Reference for Linux Commands (Getting Started and Choosing a Distro)
- Help with password update (PHP)
- How do I change my Password (*nix Software)
- shuting down multiple nix boxes (*nix Software)
- Internet Explorer Icons Change (Web Browsers)
Other Threads in the PHP Forum
- Previous Thread: uploaded file origin directory
- Next Thread: Calander
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
apache api array basic beginner binary body broken cakephp class cms code computing confirm cron curl customizableitems database date date/time delete display dynamic echo email error file filter folder form forms forum function functions gc_maxlifetime google headmethod href htaccess html iframe image include ip javascript joomla limit link list login malfunction memmory memory menu mlm msqli_multi_query multiple mycodeisbad mysql navigation oop parameter parsing paypal pdf php phpmysql play query question random recourse recursion regex root script search select seo server sessions snippet source space sql static system table thesishelp trouble tutorial update upload url variable video web webdesign xml youtube