Hii I m using PHP-MySQL to make a class assignment. In this i have made a login control. It was working very fine. But i made an attempt to provide the password changing facility. Since then my project is not logging in. It shows in table the new password but neither with new password nor with od password it logs me on..
Please help me in this..
sumit007 0 Newbie Poster
Recommended Answers
Jump to PostProvide the code for the login and change password methods.
You probably didn't handle the new password correctly in either your PHP or your SQL (or both). As a result, you didn't store the properly-encrypted version of it in your d-base. I suspect you'll find a hashing error in …
Jump to PostI agree, it seems the OP is referencing the wrong row when you perform your update.
@OP:
Also, I see some serious security flaws:
1. You aren't guarding against SQL Injection attacks. Search the term for solutions, there are several threads on it.2. It is not advisable …
All 5 Replies
as.bhanuprakash 2 Junior Poster
Code Please.
Fbody 682 Posting Maven Featured Poster
Provide the code for the login and change password methods.
You probably didn't handle the new password correctly in either your PHP or your SQL (or both). As a result, you didn't store the properly-encrypted version of it in your d-base. I suspect you'll find a hashing error in your change password method if you do a side-by-side comparison.
sumit007 0 Newbie Poster
<?php
if($_POST['Button1']=="Change")
{
change();
}
function Change()
{
$con = mysql_connect("localhost","root","omomom");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("login", $con);
$result = mysql_query("SELECT * FROM password1
WHERE UserName='$_POST[Text1]'");
$row = mysql_fetch_array($result);
if($_POST['Text4']==$row['Password'])
{
if($_POST['Text5']==$_POST['Text6'])
{
mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
WHERE Username ='$_POST[Text3]'");
echo"password changed";
}
else
{
echo"passwords don't match";
}
}
else
{
echo"wrong password";
}
mysql_close($con);
}
if($_POST['Button3']=="Show")
{
show();
}
function show()
{
$con = mysql_connect("localhost","root","omomom");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("login", $con);
$result = mysql_query("SELECT * FROM password1
WHERE UserName='$_POST[Text1]'");
$row = mysql_fetch_array($result);
echo "<table border='1'>
<tr>
<th>Name</th>
<th>Father's Name</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['UserName'] . "</td>";
echo "<td>" . $row['Password'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
}
?> as.bhanuprakash 2 Junior Poster
if($_POST['Text5']==$_POST['Text6'])
{
mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
WHERE Username ='$_POST[Text3]'");
echo"password changed";
}In the above part of your code, the comparison for username is wrong i guess because here you are comparing WHERE Username ='$_POST[Text3]'" but in the other queries you are doing WHERE UserName='$_POST[Text1]'"
So i think the following will work fine.
mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
WHERE Username ='$_POST[Text1]'"); Fbody 682 Posting Maven Featured Poster
I agree, it seems the OP is referencing the wrong row when you perform your update.
@OP:
Also, I see some serious security flaws:
1. You aren't guarding against SQL Injection attacks. Search the term for solutions, there are several threads on it.
2. It is not advisable to store the raw (plain-text) version of the password in your database. If someone hacks it (which won't be too hard based on what I'm seeing so far), they suddenly have all of your users' passwords. To make matters worse, they will have the password of the administrator and wreak some even more serious havoc with your site.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.