In MySQL I have "users" table and one user for password and username exist. i need to change this password using basic HTML form. But when press the "Update Password" button every time given print out "The username you entered does not existThe new password and confirm new password fields must be the same". so please provide me complete correct coding for "changepw.php" I will attached both HTML and PHP codes what i have. This password not the MD5. (in addition pls guide me in case of password is MD5 how should be the PHP coding)

changepw.html

<html>
     <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Password Change</title>
     </head>
    <body>
    <h1>Change Password for </h1>

   <form method="POST" action="passch1.php">
    <table>
    <tr>
   <td>Enter your UserName</td>
    <td><input type="username" size="10" name="username"></td>
    <td>Enter your existing password:</td>
    <td><input type="password" size="10" name="password"></td>
    </tr>
  <tr>
    <td>Enter your new password:</td>
    <td><input type="password" size="10" name="newpassword"></td>
    </tr>
    <tr>
   <td>Re-enter your new password:</td>
   <td><input type="password" size="10" name="confirmnewpassword"></td>
    </tr>
    </table>
    <p><input type="submit" value="Update Password">
    </form>
   <p><a href="home.php">Home</a>
   <p><a href="logout.php">Logout</a>
   </body>
    </html>  

changepw.php

<?php
$dbhost = "localhost";
$dbname = "tissam";
$dbuser = "root";
$dbpass = "ranjith";

//Connect to database

$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE login='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where login='$username'");

        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }

      ?>

Recommended Answers

All 5 Replies

maybe the username doesnt really exist... check your database if the username you inputted is already inserted

<td><input type="text" size="10" name="username"></td>


change the above type as text, instead of username.

        <?php
$dbhost = "localhost";
$dbname = "tissam";
$dbuser = "root";
$dbpass = "ranjith";
//Connect to database
$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE login='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where login='$username'");
        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }
      ?>

change code like this

If anyone using this the error is because you got here SELECT password FROM users WHERE login='$username'"); "where login there should be where username cause you need to get username so the ful working code is this, just change your database info:

<?php
$dbhost = "host";
$dbname = "name";
$dbuser = "user";
$dbpass = "pass";
//Connect to database
$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE username='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'");
        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }
      ?>
Member Avatar for diafol

OK, enough on this nonsense. There are plenty of tutes and snippets and stuff on DW on this. No need to resurrect a 5 year old thread.

1) Do not use mysql_* functions
2) Do not use MD5
3) Do not place raw unsanitized input into queries - use prepared statements

I think it's fair to say the posts in this thread are exactly how IT SHOULD NOT be done.

BTW:

if($newpassword=$confirmnewpassword)

Will be interesting! ::rolleyes::

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.