0

Hello Everyone, I have a problem with the change password box, code is working and when i submit the form its showing "Record updated successfully" but when i check the database i find its old password in database .
May anyone help me please..
Thanks in advence.

<?php
require_once("checklogin.php");
include ("../include/connect_db.php");
?>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content="">
    <meta name="author" content="">
    <title></title>


  </head>

  <body>

        <form action="change_pass.php" method="POST">
            Current Password: <input type="password" class="form-control" name="password" />
            New Password: <input type="password" name="newpassword" class="form-control" />
            Retype New Password: <input type="password" name="confirmnewpassword" class="form-control" />
                                 <input type="submit" name="submit" value="Submit" class="btn btn-default" />
        </form>  
        <?php
            if (isset($_POST['submit'])) {
                $password = $_POST['password'];
                $newpassword = $_POST['newpassword'];
                $confirmnewpassword = $_POST['confirmnewpassword'];
                $user_ad = $_SESSION['user'];

                $sql = "SELECT password FROM user WHERE username='$$user_ad'";
                $result = $conn->query($sql);

                if ($result->num_rows > 0) {
                    while($row = $result->fetch_assoc()) {
                    $oldpassword = $row['password'];
                    }                       
                    if ($password==$oldpassword) 
                        {                           
                            if($newpassword==$confirmnewpassword) {
                            $sql = "UPDATE user SET password='$password' WHERE username='$user_ad'";
                                if ($conn->query($sql) === TRUE) {
                                    echo "Record Updated Seccessfully";
                                    session_destroy();                              
                                } 
                                else {
                                    echo "Error updating record: ";
                                }
                            }
                            else {
                                echo "Retype Password doesn't match";
                            }
                        }
                        else {
                            echo "Current Password doesn't match";
                        }
                    }
                    else {
                        echo "Password Update failed";
                    }
                }

            ?>


</body>
</html>

Edited by shabbir04

2
Contributors
4
Replies
23
Views
1 Year
Discussion Span
Last Post by shabbir04
0

Line 32, you have double $$?

PS: This is a BAD idea saving password in PLAIN TEXT in your database... Also, it is a VERY BAD idea to allow SQL injection attack.

Edited by Taywin

0

thanks for your kind information..

at line 32 it was a mistake. but same result

0

Try to check if all your variables retrieved from the page exist? Also, output something when not found result in else to make sure that the user is found? That would give you more insight of what's going on in your script.

PS: Just saw that you are using $_SESSION but I don't see that you start a session???

PSS: Line 43, you could simply use if($conn->query($sql)) instead of attempting to compare it with TRUE.

PSS: Are you certain that all records have different username (case-insensitive)?

Edited by Taywin

0

OK i got the mistake.. at line 42 i used SET password='$password'. it will be SET password='$newpassword'..

Anyway thanks for your help...

Edited by shabbir04

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.