Newbee in php
Below is my table and script, I know it should change the password
I am using a registration application
the password is saved in this manner
I could not make out if this is a md5.
I echoed the php, the password i type in the form, it shows different.
now you must be thinking i typed the wrong password
I can login to the web application with the password but using the same password i cannot change
Please advice

`users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)

$host="localhost";          // Host name 
$username="root";        // Mysql username 
$password="brijpuja1"; // Mysql password 
$db_name="newsumo";  // Database name 
$tbl_name="users";     // Table name 


$encry_oldpass=md5($oldpass);          //encrypting old password
echo "$encry_oldpass";

/*  Test OK
echo $username;
echo "<br />";
echo $oldpass;
echo "<br />";
echo $encry_oldpass;
echo "<br />";
die();   */


$result=mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$encry_oldpass'");

      $encry_conpass=md5($conpass);//encrypting confirm password

      $result2=mysql_query("UPDATE $tbl_name SET password='$encry_conpass' WHERE username='$username' and password='$encry_oldpass'");
      echo "Password Chamged Successfully"; 
      //header("location:...............");	  // redirect to login page

      echo"Password Change Fails";	 
      //header("location:...............");	  // redirect to password change page

Edited by j_limboo: n/a

8 Years
Discussion Span
Last Post by j_limboo

This section is commented out:

$host="localhost"; // Host name
$username="root"; // Mysql username
$password="brijpuja1"; // Mysql password
$db_name="newsumo"; // Database name
$tbl_name="users"; // Table name

$encry_oldpass=md5($oldpass); //encrypting old password
echo "$encry_oldpass";

But I think you need it to connect to the database and retrieve the details from the form. You should also validate all $_POST variables.

Also, you set $username to "root", then overwrite it with $_POST["username"]. You need to make sure they are different variables.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.