Ad:

PHP Discussion Thread
Unsolved
Views: 3110

Dec 19th, 2005

Not able to change/update password

Expand Post »

I am still a bit of a newb, but am getting the hang of webdev. My problem is in changing/updating a user's password. The good news is that I know I am hitting the mySQL table b/c I am able to see data appended. However, that's also my problem. When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.

I have created the following SQL stmts:

//create sql statement
$oursql="insert into customerinfo (fn,ln,address1,address2,city,state,zip,telephone,email_address,un,pw) ";
$oursql.="values ('$fn','$ln','$add1','$add2','$city','$st','$zip','$ph','$email','$un','$pw')";
//echo $oursql;
//die;

//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());

$oursql="update customerinfo set pw = password('$pw')". "Where pw='$pw' and un = '$un' ";
"flush privileges";
//echo $oursql;
//die;

//Execute SQL stmnt
$myresult = mysql_query($oursql) or die (mysql_error());

Do I need to foward any additional code? If so, please let me know.

Thanks

Similar Threads

Change Password In A Shell Script in Shell Scripting
Quick Reference for Linux Commands in Getting Started and Choosing a Distro
Help with password update in PHP
How do I change my Password in Linux Applications and Software
shuting down multiple nix boxes in Linux Applications and Software

venetian_jigsaw

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

15 posts
since Mar 2005

Permalink

Dec 20th, 2005

Re: Not able to change/update password

I think the problem is in your WHERE claus... you are using WHERE pw='$pw'

at that time $pw contains the actual password... unencrypted ... and PASSWOR('$pw') holds the encrytped password

My sugestions:

FIRST!... dont use PASSWORD... use SHA1 or MD5 since PASSWORD was changed in the different MYSQL versions and if you migrate sooner or later you will have to update all the passwords.

THEN... do not check the password... don't use WHERE pw=something... just use something like UPDATE table SET pw=MD5('$pw') WHERE userid=1

The confirmation of the old password is better to do it with the script...

Hope it helps...

RamiroS

Reputation Points: 10

Solved Threads: 2

Junior Poster in Training

Offline

57 posts
since Mar 2005

Permalink

Dec 20th, 2005

Re: Not able to change/update password

RamiroS,

I used the code and at first, it did not work. In place of '$un', I tried the 1, but I would keep refering to mySQL and saw no changes. When I entered the var '$un', it changed the password, but now it's encrypted. I also tried single quotes around the 1, but that didn't work. Any suggestions? I would like to display the actual password instead of the encrypted one. Thanks again!

//create sql statement
$oursql="update customerinfo set pw=MD5('$pw') where un='$un'";
"flush privileges";
//echo $oursql;
//die;

//Execute SQL stmt
$myresult = mysql_query($oursql) or die (mysql_error());

venetian_jigsaw

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

15 posts
since Mar 2005

Permalink

Dec 22nd, 2005

Re: Not able to change/update password

Ok, the problem is that storing unencrypted passwords is not secure.

When you said

Quote ...

When I try and update the password for Username: jdoe, a number displays in the table field 'pw'.

I'm asuming that is ok since you are updating using PASSWORD('$pw') and that will create an encryted password.

If you dont want to encrypt simply do not use the PASSWORD() function. The code you submitted should work. But I strongly recommend using encryption and something different to PASSWORD.

RamiroS

Reputation Points: 10

Solved Threads: 2

Junior Poster in Training

Offline

57 posts
since Mar 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: uploaded file origin directory

Next Thread in PHP Forum Timeline: Calander

DaniWeb Message

Cancel Changes

User Name
Password