Member Avatar for sumit007

Hii I m using PHP-MySQL to make a class assignment. In this i have made a login control. It was working very fine. But i made an attempt to provide the password changing facility. Since then my project is not logging in. It shows in table the new password but neither with new password nor with od password it logs me on..
Please help me in this..

  • 3 Contributors
  • 5 Replies
  • 96 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by Fbody

Recommended Answers

All 5 Replies

Member Avatar for Fbody

Provide the code for the login and change password methods.

You probably didn't handle the new password correctly in either your PHP or your SQL (or both). As a result, you didn't store the properly-encrypted version of it in your d-base. I suspect you'll find a hashing error in your change password method if you do a side-by-side comparison.

Edited by Fbody because: n/a
Member Avatar for sumit007 
<?php


if($_POST['Button1']=="Change")
{
change();
}

function Change()
{
$con = mysql_connect("localhost","root","omomom");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("login", $con);
$result = mysql_query("SELECT * FROM password1
WHERE UserName='$_POST[Text1]'");

$row = mysql_fetch_array($result);
if($_POST['Text4']==$row['Password'])
{
 if($_POST['Text5']==$_POST['Text6'])
 {
  mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
  WHERE Username ='$_POST[Text3]'");
  echo"password changed";
 }
else
 {
  echo"passwords don't match";
 }
}
else
{
echo"wrong password";
}

mysql_close($con);

}

if($_POST['Button3']=="Show")
{
show();
}

function show()
{
$con = mysql_connect("localhost","root","omomom");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("login", $con);
$result = mysql_query("SELECT * FROM password1
WHERE UserName='$_POST[Text1]'");

$row = mysql_fetch_array($result);
echo "<table border='1'>
<tr>
<th>Name</th>
<th>Father's Name</th>
</tr>";
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['UserName'] . "</td>";
  echo "<td>" . $row['Password'] . "</td>";
  echo "</tr>";
  }

echo "</table>";
mysql_close($con);
}

?>
Edited by nav33n because: Please use [code][/code] tags to wrap your code for easy readability.
Member Avatar for as.bhanuprakash 
if($_POST['Text5']==$_POST['Text6'])
{
mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
WHERE Username ='$_POST[Text3]'");
echo"password changed";
}

In the above part of your code, the comparison for username is wrong i guess because here you are comparing WHERE Username ='$_POST[Text3]'" but in the other queries you are doing WHERE UserName='$_POST[Text1]'"

So i think the following will work fine.

mysql_query("UPDATE password1 SET Password = '$_POST[Text5]'
WHERE Username ='$_POST[Text1]'");
Member Avatar for Fbody

I agree, it seems the OP is referencing the wrong row when you perform your update.

@OP:
Also, I see some serious security flaws:
1. You aren't guarding against SQL Injection attacks. Search the term for solutions, there are several threads on it.

2. It is not advisable to store the raw (plain-text) version of the password in your database. If someone hacks it (which won't be too hard based on what I'm seeing so far), they suddenly have all of your users' passwords. To make matters worse, they will have the password of the administrator and wreak some even more serious havoc with your site.

Edited by Fbody because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.