0

Hi newbee to php mysql
appreciate if anyone can help in change password in sha1
Current mysql table

`users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

Edited by j_limboo: n/a

2
Contributors
4
Replies
6
Views
8 Years
Discussion Span
Last Post by j_limboo
0

which part are you having issues with? The use of sha1() or the sql to change the password?

Post your change password script if you have one

Edited by leviathan185: spelling...

0

Did some changes to the code which i was doing wrong and made it work
its working!

$server="xxxx";
$db_user="xxxx";
$db_pass="xxxx";
$database="xxxx";
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$rs_pwd = mysql_query("select password FROM users where username='$_POST[username]'");
list($old) = mysql_fetch_row($rs_pwd);

	if($old == sha1($_POST['password']))
	{
	$newmd5 = sha1(mysql_real_escape_string($_POST['newpassword']));
	mysql_query("update sumo_users set password='$newmd5' where username='$_POST[username]'");
echo "Password Changed successfully";
	} else
	{
	echo "Password change failed";
	}
	
	
	?>

Edited by j_limboo: n/a

0

you might want to add stripslashes() to the mysql_real_escape_string() because if the password has any special chars in it the stored password will have slashes is it, and the password you are comparing it against will not have the slashes.

you should use:

$newmd5 = sha1(mysql_real_escape_string(stripslashes($_POST['newpassword'])));

Edited by leviathan185: tags

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.