0

In MySQL I have "users" table and one user for password and username exist. i need to change this password using basic HTML form. But when press the "Update Password" button every time given print out "The username you entered does not existThe new password and confirm new password fields must be the same". so please provide me complete correct coding for "changepw.php" I will attached both HTML and PHP codes what i have. This password not the MD5. (in addition pls guide me in case of password is MD5 how should be the PHP coding)

changepw.html

<html>
     <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Password Change</title>
     </head>
    <body>
    <h1>Change Password for </h1>

   <form method="POST" action="passch1.php">
    <table>
    <tr>
   <td>Enter your UserName</td>
    <td><input type="username" size="10" name="username"></td>
    <td>Enter your existing password:</td>
    <td><input type="password" size="10" name="password"></td>
    </tr>
  <tr>
    <td>Enter your new password:</td>
    <td><input type="password" size="10" name="newpassword"></td>
    </tr>
    <tr>
   <td>Re-enter your new password:</td>
   <td><input type="password" size="10" name="confirmnewpassword"></td>
    </tr>
    </table>
    <p><input type="submit" value="Update Password">
    </form>
   <p><a href="home.php">Home</a>
   <p><a href="logout.php">Logout</a>
   </body>
    </html>  

changepw.php

<?php
$dbhost = "localhost";
$dbname = "tissam";
$dbuser = "root";
$dbpass = "ranjith";

//Connect to database

$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE login='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where login='$username'");

        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }

      ?>

Edited by Reverend Jim: Fixed formatting

6
Contributors
5
Replies
44
Views
7 Years
Discussion Span
Last Post by diafol
0
        <?php
$dbhost = "localhost";
$dbname = "tissam";
$dbuser = "root";
$dbpass = "ranjith";
//Connect to database
$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE login='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where login='$username'");
        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }
      ?>

change code like this

Edited by nice jone: rewritten

0

If anyone using this the error is because you got here SELECT password FROM users WHERE login='$username'"); "where login there should be where username cause you need to get username so the ful working code is this, just change your database info:

<?php
$dbhost = "host";
$dbname = "name";
$dbuser = "user";
$dbpass = "pass";
//Connect to database
$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE username='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'");
        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }
      ?>
1

OK, enough on this nonsense. There are plenty of tutes and snippets and stuff on DW on this. No need to resurrect a 5 year old thread.

1) Do not use mysql_* functions
2) Do not use MD5
3) Do not place raw unsanitized input into queries - use prepared statements

I think it's fair to say the posts in this thread are exactly how IT SHOULD NOT be done.

BTW:

if($newpassword=$confirmnewpassword)

Will be interesting! ::rolleyes::

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.