0

Hii I m using PHP-MySQL to make a class assignment. In this i have made a login control. It was working very fine. But i made an attempt to provide the password changing facility. Since then my project is not logging in. It shows in table the new password but neither with new password nor with od password it logs me on..
Please help me in this..

3
Contributors
5
Replies
6
Views
7 Years
Discussion Span
Last Post by Fbody
0

Provide the code for the login and change password methods.

You probably didn't handle the new password correctly in either your PHP or your SQL (or both). As a result, you didn't store the properly-encrypted version of it in your d-base. I suspect you'll find a hashing error in your change password method if you do a side-by-side comparison.

Edited by Fbody: n/a

0
<?php


if($_POST['Button1']=="Change")
{
change();
}

function Change()
{
$con = mysql_connect("localhost","root","omomom");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("login", $con);
$result = mysql_query("SELECT * FROM password1
WHERE UserName='$_POST[Text1]'");

$row = mysql_fetch_array($result);
if($_POST['Text4']==$row['Password'])
{
 if($_POST['Text5']==$_POST['Text6'])
 {
  mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
  WHERE Username ='$_POST[Text3]'");
  echo"password changed";
 }
else
 {
  echo"passwords don't match";
 }
}
else
{
echo"wrong password";
}

mysql_close($con);

}

if($_POST['Button3']=="Show")
{
show();
}

function show()
{
$con = mysql_connect("localhost","root","omomom");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("login", $con);
$result = mysql_query("SELECT * FROM password1
WHERE UserName='$_POST[Text1]'");

$row = mysql_fetch_array($result);
echo "<table border='1'>
<tr>
<th>Name</th>
<th>Father's Name</th>
</tr>";
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['UserName'] . "</td>";
  echo "<td>" . $row['Password'] . "</td>";
  echo "</tr>";
  }

echo "</table>";
mysql_close($con);
}

?>

Edited by nav33n: Please use [code][/code] tags to wrap your code for easy readability.

0
if($_POST['Text5']==$_POST['Text6'])
{
mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
WHERE Username ='$_POST[Text3]'");
echo"password changed";
}

In the above part of your code, the comparison for username is wrong i guess because here you are comparing WHERE Username ='$_POST[Text3]'" but in the other queries you are doing WHERE UserName='$_POST[Text1]'"

So i think the following will work fine.

mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
WHERE Username ='$_POST[Text1]'");
0

I agree, it seems the OP is referencing the wrong row when you perform your update.

@OP:
Also, I see some serious security flaws:
1. You aren't guarding against SQL Injection attacks. Search the term for solutions, there are several threads on it.

2. It is not advisable to store the raw (plain-text) version of the password in your database. If someone hacks it (which won't be too hard based on what I'm seeing so far), they suddenly have all of your users' passwords. To make matters worse, they will have the password of the administrator and wreak some even more serious havoc with your site.

Edited by Fbody: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.