0

While creating a userid the password is saved in type md5 in mysql
The below script to change password does not save password in md5 in mysql
and hence user after changing password cannot login
The script also gives password chaged sucessfully but also says you have typed wrong password (the old one)
as users type their password in the form which are not in type md5

is there any solution for this

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
                      "http://www.w3.org/TR/html401/loose.dtd">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <title>Password Change</title>
</head>
<body>
  <h1>Change Password for {USERNAME}</h1>
  {MESSAGE}
  <form method="POST" action="passch.php">
  <table>
    <tr>
          <td>Enter your UserName</td>
      <td><input type="username" size="10" name="username"></td>
      
      <td>Enter your existing password:</td>
      <td><input type="password" size="10" name="password"></td>
    </tr>
    <tr>
      <td>Enter your new password:</td>
      <td><input type="password" size="10" name="newpassword"></td>
    </tr>
    <tr>
      <td>Re-enter your new password:</td>
      <td><input type="password" size="10" name="confirmnewpassword"></td>
    </tr>
  </table>
  <p><input type="submit" value="Update Password">
  </form>
  <p><a href="home.php">Home</a>
  <p><a href="logout.php">Logout</a>
</body>
</html>

passch.php

<?php 

$server="xxxx";
$db_user="xxxx";
$db_pass="xxxx";
$database="xxxx";
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());



$username = $_POST['username']; 
$password = $_POST['password']; 
$newpassword = $_POST['newpassword']; 
$confirmnewpassword = $_POST['confirmnewpassword']; 

$result = mysql_query("SELECT passwd FROM members WHERE login='$username'"); 
if(!$result)  
{  
echo "The username you entered does not exist";  
}  
else  
if($password!= mysql_result($result, 0))  
{  
echo "You entered an incorrect password";  
}  
if($newpassword=$confirmnewpassword)  
    $sql=mysql_query("UPDATE members SET passwd='$newpassword' where login='$username'");  
    if($sql)  
    {  
    echo "Congratulations You have successfully changed your password";  
    } 
else 
{  
echo "The new password and confirm new password fields must be the same";  
}   
?>
3
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by sariraj
0

Solved it Myself

Thanks!

Hi! I was wondering what you did to resolve this? Did you end up using the md5() function to encrypt the password string? I'm not really versed in mysql, but I'm learning what I can. Could you please re-post your code? Thanks!

0

hi Iam also in need of same script. iam getting same problem, can u send the corrected code for md5 problem, thnx in advance

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.