0
<body class="bg-dark"> <div class="container"> <div class="card card-login mx-auto mt-5"> <div class="card-header">Change Password</div> <div class="card-body"> <form method="post" action="change-password.php"> <div class="form-group"> <label for="username">Username</label> <input class="form-control" id="username" type="text" name="username" aria-describedby="nameHelp" placeholder="Enter username" required> </div> <div class="form-group"> <label for="New Password">New Password</label> <input class="form-control" id="newpass" type="text" name="newpass" placeholder="Enter new password" required> </div> <div class="form-group"> <label for="Confirm Password">Confirm Password</label> <input class="form-control" id="confpass" type="text" name="confpass" placeholder="Enter confirm password" required> </div> <div class="form-group"> <div class="form-check"> <label class="form-check-label"> <input class="form-check-input" type="checkbox"> Remember Password</label> </div> </div> <div class="form-group"> <button type="submit" name="submit" class="btn">Submit</button> <br> </div> </form> <div class="text-center"> <a class="d-block small mt-3" href="login.php">Login</a> </div> </div> </div> </div> <?php 

$con=mysqli_connect("localhost","root","","goods_management_system") or die(mysqli_error());
$db=mysqli_select_db($con, 'goods_management_system' ) or die(mysqli_error());

if(isset($_POST['submit'])){
  $username=$_POST['username'];
  $newpass = $_POST['newpass'];
  $confpass = $_POST['confpass'];

  $query = "SELECT username FROM user_details WHERE username='$username'";
  $run = mysqli_query($con, $query);
  $row = mysqli_fetch_row($run);

  if($row['username']==$username)// UNDEFINED. WHY IS THAT SO ?
  {
    if($newpass == confpass)
    {
      $update_query = "UPDATE user_details SET password='$newpass' WHERE username='$username'";

      if($update_query)
      {
        echo "<script>alert('Password change successfully')</script>";
      }
      else
      {
        "<script>alert('Password change failed')</script>";
      }
    }
    else 
    {
      echo "<script>alert('password doesnt match')</script>";
    }
  }
}
?>

Edited by Subashan

5
Contributors
4
Replies
42
Views
2 Months
Discussion Span
Last Post by afaaro
0

Try changing line #11 to:

 $query = "SELECT username FROM user_details WHERE username='"+$username+"'";

Edited by xrj

1

DO NOT use this code. You are wide open to SQL injection. Use a prepared statement or at least clean your input variables (POST). See the tutorial here: https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php and see items: #2 and #11.

The item $row['username'] does not exist - two most likely reasons:

1) Your table does not contain a column (field) called 'username' - check the spelling.
2) You have an empty resultset (no records match) - which mysqli_fetch_row() returns as NULL.

You should include error checking in your routine.

Edited by alan.davies

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.