0

Hi all,

This is my chage password script. This works ONLY if all the data fields entered correctly. Otherwise it gives several error messages. (Ex:incorrect username, incorrect pw etc)

users (user_id, first_name,last_name, email, phone_number, user_type, username, password)

<?php
session_start();

$connection=mysql_connect("localhost","root","");
$db=mysql_select_db("bank",$connection);

	
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword);	

$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else
if(md5($password)!=mysql_result($result,0))
{
echo "You entered an incorrect password";
}

if($newpassword==$confirmnewpassword) 
    $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}   
?>
5
Contributors
11
Replies
13
Views
6 Years
Discussion Span
Last Post by viktor.jiracek.5
0

This is my chage password script. This works ONLY if all the data fields entered correctly. Otherwise it gives several error messages. (Ex:incorrect username, incorrect pw etc)

Yes, the fields should not be null, if you enter nothing , then the query will result nothing,so the problem occurs.
Please clearly explain your requirement.

0

@Shanthi C;

This works ONLY if all the data fields entered correctly. Otherwise it gives several error messages. (Ex:incorrect username, incorrect pw etc)

I mean if i enter correct username, correct existing password, correct new password and correct confirm password. NOT just filling fields.

My problem is if i enter wrong existing password and try to enter a new password then also the coding works. That should be avoided. It should give only an error message.

0

changed if ladder

<?php
session_start();

$connection=mysql_connect("localhost","root","");
$db=mysql_select_db("bank",$connection);

	
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword);	

$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else
if(md5($password)!=mysql_result($result,0))
{
echo "You entered an incorrect password";
}
else
{
 

if($newpassword==$confirmnewpassword) 
    $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}   

}//i have added this brace //
?>

Edited by urtrivedi: n/a

0

Thanks, Incorrect password works..:-)

But still generate error messages in following cases.

If user enters two different passwords in new password and confirm new password fields there should be an error message "The new password and confirm new password fields must be the same". But it says,

Notice: Undefined variable: sql in C:\wamp\www\MySite\php files\check_password.php on line 30

If user enters an incorrect username the following error message occurs.

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 4 in C:\wamp\www\MySite\php files\check_password.php on line 21
Call Stack

0

This is little simplified.

<?php
session_start();

$connection=mysql_connect("localhost","root","");
$db=mysql_select_db("bank",$connection);

	
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword);	

$result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");
if(mysql_result($result,0)=1) //there must be one combination of user/pass
{
	if($newpassword==$confirmnewpassword) 
	{
	    $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
	    if($sql) 
	    { 
	   	 	echo "Congratulations You have successfully changed your password"; 
	    }
	}
	else
	{ 
		echo "The new password and confirm new password fields must be the same"; 
	}   
}
else
{ 
	echo "Invalid Username/Password"; 
} 


?>
0

It says,

Fatal error: Can't use function return value in write context in C:\wamp\www\MySite\php files\check_password.php on line 16

0

Thanks a lot urtrivedi..Now everything works fine..:-)

I want to know one more thing. Is it possible to display these echo messages in the same page where user enters details..

0

Then how could i change my script to fulfill the above requirement?

0

I am working on this code as well and I am having trouble. It doesn't work and it seems to just refresh the page when I submit the right information. I would appreciate any help. Thanks!

<html>
    <head>
        <title>Change Password</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
<?php
$connection=mysql_connect('localhost','root','') or die (mysql_error());
$db=mysql_select_db('databasehere',$connection) or die (mysql_error());

$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword); 
$result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");
if(mysql_result($result,0)==1) //there must be one combination of user/pass
{
    if($newpassword==$confirmnewpassword) 
    {
        $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
        if($sql) 
        { 
            echo "Congratulations! You have successfully changed your password"; 
        }
    }
    else
    { 
        echo "The new password and confirm new password fields must be the same"; 
    }   
}
else
{ 
    echo "Invalid Username/Password"; 
} 
?>

<form action="changepassword.php" method="post">
<div id="border">
<table cellpadding="2" cellspacing="0" border="0">
    <tr>
        <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
    </tr>
    <tr>
        <td>Username:</td>
        <td><input type="text" name="username" /></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type="password" name="password" /></td>
    </tr>
    <tr>
        <td>New Password:</td>
        <td><input type="password" name="newpassword" /></td>
    </tr>
    <tr>
        <td>Confirm New Password:</td>
        <td><input type="password" name="confirmnewpassword" /></td>
    </tr>
    <tr>
        <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
</div>
</form>
    </body>
</html>
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.