Hey everyone,

Sorry if it seems as if I have posted something similar to this but I don't believe I have had this error before..well not really an error but anyway..so I have a change password form and I process it using php. Well, it goes through the process of saying my password has been changed but it doesn't update the password in my local database..which it should..do..is there something wrong with my code that I am missing?




$user = (isset($_SESSION{'username'}));

if ($user)
 //user is logged in
		//check fields
		$oldpassword = ($_POST['oldpassword']);
		$newpassword = ($_POST['newpassword']);
		$repeatnewpassword = ($_POST['repeatnewpassword']);
		// check password against db
		//connect to db
		$connect = mysql_connect("*******","*******","*******") or die("Could not connect to db!");
		mysql_select_db("*******") or die("Could not select database!");
		$queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query did not work!");
		$row = mysql_fetch_assoc($queryget);
		$oldpassword = $row['password'];
		//check passwords
		if ($oldpassword==$oldpassword)
				// check two new passwords
				if ($newpassword==$repeatnewpassword)
						//change password in db
						$querychange = mysql_query("
						UPDATE users SET password='$_POST[newpassword]' WHERE username='$user'
						die("Your password has been changed. <a href='login.php'>Return</a> to the main page!");
						die("New passwords do not match!");
				die("Old password does not match!");
				<form action='changepassword.php' method='POST'>
					Old Password: <input type='text' name='oldpassword'><br />
					New Password: <input type='password' name='newpassword'><br />
					Repeat new Password: <input type='password' name='repeatnewpassword'><br />
					<input type='submit' name='submit' value='Change Password'> 

	die("You must be logged in to change your password! Click <a href='login.php'>here</a> to log in!")

Member Avatar



$user = (isset($_SESSION{'username'}));

return 'true' instead of the username itself?

@ardav yes you are right, should I just check to see if the user info is set by using this then?:

$username = isset($_POST['username']);

never mind, I fixed the issue! thanks for the help!