|
PHP - Change Password... Doesnt Seem To Work, Just Resets Password
Hello PhP Freaks forum
In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe Similar TutorialsHello I have this script that I have been getting support on on other forums and I would really love some help. What this script does is reset your password to a randomly generated one, but for security it asks you a secret question that you have to answer correctly, for it to generate a random password, update that password into the database table and then email you it. Everything works, like the security question part, finding the email works, and sending the email works. But the only part that doesnt work is the updating the table with the randomly generated password. Here is the code. <?php function checkUNEmail($uname,$email) { global $mySQL; $userID = 'X'; $error = array('status'=>false,'userID'=>0); if (isset($email) && trim($email) != '') { //email was entered if ($SQL = $mySQL->prepare("SELECT `ID` FROM `users` WHERE `Email` = ? LIMIT 1")) { $SQL->bind_param('s',trim($email)); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->bind_result($userID); $SQL->fetch(); $SQL->close(); if ($numRows >= 1) return array('status'=>true,'userID'=>$userID); } else { return $error; } } elseif (isset($uname) && trim($uname) != '') { //username was entered if ($SQL = $mySQL->prepare("SELECT `ID` FROM users WHERE Username = ? LIMIT 1")) { $SQL->bind_param('s',trim($uname)); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->bind_result($userID); $SQL->fetch(); $SQL->close(); if ($numRows >= 1) return array('status'=>true,'userID'=>$userID); } else { return $error; } } else { //nothing was entered; return $error; } } function getSecurityQuestion($userID) { global $mySQL; $questions = array(); $questions[0] = "What is your mother's maiden name?"; $questions[1] = "What city were you born in?"; $questions[2] = "What is your favorite color?"; $questions[3] = "What year did you graduate from High School?"; $questions[4] = "What was the name of your first boyfriend/girlfriend?"; $questions[5] = "What is your favorite model of car?"; if ($SQL = $mySQL->prepare("SELECT `secQ` FROM `users` WHERE `ID` = ? LIMIT 1")) { $SQL->bind_param('i',$userID); $SQL->execute(); $SQL->store_result(); $SQL->bind_result($secQ); $SQL->fetch(); $SQL->close(); return $questions[$secQ]; } else { return false; } } function checkSecAnswer($userID,$answer) { global $mySQL; if ($SQL = $mySQL->prepare("SELECT `Username` FROM `users` WHERE `ID` = ? AND LOWER(`secA`) = ? LIMIT 1")) { $answer = strtolower($answer); $SQL->bind_param('is',$userID,$answer); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->close(); if ($numRows >= 1) { return true; } } else { return false; } } function sendPasswordEmail($userID) { global $mySQL; changePassword($userID); if ($SQL = $mySQL->prepare("SELECT `Username`,`Email`,`Password` FROM `users` WHERE `ID` = ? LIMIT 1")) { $SQL->bind_param('i',$userID); $SQL->execute(); $SQL->store_result(); $SQL->bind_result($uname,$email,$password); $SQL->fetch(); $SQL->close(); $message = "Dear $uname,\r\n"; $message .= "Here is your requested lost password for your account at our site:\r\n"; $message .= "-----------------------\r\n"; $message .= "$password\r\n"; $message .= "-----------------------\r\n"; $message .= "Our login page: <a href=\"login.php\">http://www.oursite.com/login.php</a>\r\n\r\n"; $message .= "Thanks,\r\n"; $message .= "-- Our site team"; $headers .= "From: Our Site <webmaster@oursite.com> \n"; $headers .= "To-Sender: \n"; $headers .= "X-Mailer: PHP\n"; // mailer $headers .= "Reply-To: webmaster@oursite.com\n"; // Reply address $headers .= "Return-Path: webmaster@oursite.com\n"; //Return Path for errors $headers .= "Content-Type: text/html; charset=iso-8859-1"; //Enc-type $subject = "Your Lost Password"; @mail($email,$subject,$message,$headers); return str_replace("\r\n","<br/ >",$message); } } function genRandomString() { $length = 10; $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $string = ''; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } function changePassword($userID){ global $mySQL; $password = genRandomString(); $SQL = $mySQL->prepare('UPDATE `users` SET `Password`="'.$password.'" WHERE `ID`="?" LIMIT 1'); $SQL->bind_param('s',$password); $SQL->bind_param('i',$userID); $SQL->execute(); return $password; } ?> The last 2 functions in the code are where the passwords are supposed to get changed and updated in the table, but it doesn't work... Can anyone help me out please This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ hi i've been asked to create a change password form for a friends band website, and ive come up with this code (below) and im having trouble to get it to work, i have the Database connecting, (i am able to log users in), also im not sure if my IF statements are set up correctly. When i go to change password, it looks as if the page is just refreshing its self with no errors coming up. any help would be very appreciated Thanks in advance <?php session_start(); require("db_connect.php"); $username = $_POST['uname']; $password = $_POST['pword']; $npass = $_POST['nPass']; $cnpass = $_POST['cnPass']; $sql = "SELECT * FROM login_details WHERE username='$username' AND password='$password'"; $results = mysql_query($sql, $connect); $numofrows = mysql_num_rows($results); if ($numofrows == 0) { if ($npass == $cnpass) { $sql = "UPDATE login_details SET password='$npass' WHERE username='$username'"; header("Location: secure_page.php"); die(); } else { $_SESSION['error2']= "Passwords Do Not Match"; header("Location: change_pass.php"); die(); } } else { $_SESSION['error1']= "Icorrect Username Or Password"; header("Location: change_pass.php"); die(); } ?> Hi, I'm trying to change the password after logging in to web site. Following is the code that change the password. However, the password is not changing in the table. Please let me know if I'm making any error in below code. Thanks. Code: [Select] <?php $password=mysql_real_escape_string($_POST['newpassword']); $password2=mysql_real_escape_string($_POST['confirmnewpassword']); if ( strlen($password) < 5 or strlen($password) > 12 ){ echo "Password must be more than 5 char legth and maximum 12 char lenght<BR>"; } if ( $password <> $password2 ){ echo "Both passwords are not matching"; } if($password == $password2){ if(mysql_query("update users set password='$password' where empid='$_SESSION[login]'")){ echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password every 2 monthsfor better security</font></center>"; } } Hi there I'm a newbie to all of this so please be gentle! I am starting up my own online business and I am feeling my way through PHP. I have been doing ok so far but I'm having problems with the "change your password" function. I change the password, I receive a reactivation email, but when I try to log in with the new password it hasnt changed. Code I'm using as follows: <?php // process.php include 'config.php'; if(isset($_POST['changepassword'])) { $current = trim($_POST['current']); $new = trim($_POST['new']); $confirm = trim($_POST['confirm']); $pw = md5($current); $query = mysql_query("SELECT * FROM Users WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); if(mysql_num_rows($query) > 0) { while($row = mysql_fetch_array($query)) { if ( $_POST['new'] == $_POST['confirm'] ) {}else{ echo '<script>alert("Your passwords were not the same, please enter the same password in each field.");</script>'; echo '<script>history.back(1);</script>'; exit; } $password = md5($new); $do = mysql_query("UPDATE Users SET Password = '$password' WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); $dotwo = mysql_query("UPDATE Users SET Activated = 0 WHERE Password = '$password' LIMIT 1") or die(mysql_error()); $send = mail($row['Email'] , "Password changed" , "Your password has been changed to: ".trim($_POST['new'])."\n\nYou can change it again via the members only panel, but first you must re-activate your account:\nhttp://www.infinite-monkey.co.uk/activate.php?id=".$row['Actkey']."\n\nDo not reply to this email, it is automated. Thanks." , "From: auto@mailer.com"); if((($do)&&($dotwo)&&($send))) { echo '<script>alert("Password changed. You will now be logged out and you must re-activate your account, check your email, a confirmation email has been sent.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } else { echo '<script>alert("There appears to have been an error in the script. 1 or 2 of 3 things may have happened:\n\n• Your password could have been reset/changed\n• Your account could have been deactivated, see the resend validation email page\n• Your email may not have been sent.\n\nYou will now be logged out, if you are not able to login, reset your password using the form, or resend the validation email to activate your account again.\n\nWe are sorry for the inconvenience.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } } } else { echo '<script>alert("Incorrect password.");</script>'; echo '<script>history.back(1);</script>'; exit; Hello, I've got the following code, who doesn't change the password on the database: <?php include "connect.php"; session_start(); session_register("session"); $new_password = $_POST['new_password']; $new_password_again = $_POST['new_password_again']; if(!isset($session['connection_status'])) { echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit;} ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Change Password</title> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.ketchup.js"></script> <script type="text/javascript" src="js/jquery.ketchup.messages.js"></script> <script type="text/javascript" src="js/jquery.ketchup.validations.basic.js"></script> <script language="javascript" type="text/javascript" src="niceforms.js"></script> <link rel="stylesheet" type="text/css" media="all" href="niceforms-default.css" /> <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ketchup.css" /> </head> <body> <div id="container"> <fieldset> <legend>Change Password</legend> <p>Please enter your new password below</p> <form method="post" action="change_password.php" name="changepassword" id="changepassword"class="niceform" > <dl> <dt><label for="new_password">New Password:</label><br /></dt> <dd><input type="password" name="new_password" id="new_password" class= "validate(required, rangelength(4,30))" /></dd> </dl> <dl> <dt><label for="new_password_again">Password (again):</label><br /></dt> <dd><input type="password" name="new_password_again" id="new_password_again" class= "validate(required, match(#new_password))" /></dd> </dl> <dl> <dt> <dd><input type="submit" name="change_password" id="change_password" value="Change Password" /> <input type="reset" name="reset" id="reset" value="Reset" /></dd> </dt> </dl> </form> </fieldset> </div> <?php if (empty($_POST['new_password']) && empty($_POST['new_password_again'])) { ?> <div id="container"> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>" name="loginform" id="loginform" class="niceform" > <fieldset> <legend>Error</legend> <p>Please go back and complete all the fields in the form</p> <p>Click <a href="index.php">here</a> to try again.</p> </fieldset> </form> </div> <?php } else { $db_new_password=md5(mysql_real_escape_string($new_password)); $status = "OK"; $msg=""; if ( strlen($new_password) < 3 or strlen($new_password) > 10 ) { $msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>"; $status= "NOTOK"; } if (strcmp( $new_password,$new_password_again ) !=0) { $msg=$msg."Both passwords do not match<BR>"; $status= "NOTOK"; } if($status<>"OK") { echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>"; } else { if(mysql_query("update users set password='$db_new_password' where userid='$session[userid]'")) { echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $new_password ; } } } ?> <script type = "text/javascript"> $(document).ready(function() { $('#changepassword').ketchup(); }); </script> </body> </html> Hey all. I am new to this forum and to PHP as a whole. I though I would try to make a login system using php and mysql. The login and register forms work great but I cannot seem to fully figure out how to let a user change their password. My code partially works. When the user types the correct old password and when the two new password forms confirm, the password changes and the database is updated and the user is taken to a page that tells him that his password was successfully changed. However, the problem is when the old password he types is different than the one in the database, the page that states password successfully changed also appears but the password is not changed in the database. The problem is thus with the SELECT statement. Can anyone please help me find whats wrong. It has been tormenting for a few hours now. Thank you in advance. . I used md5 encryption for the passwords. Here is the section of code that comes after the script makes sure that none of the forms are empty and that the passwords confirm . //Create SELECT query to verify that the old password is correct $qry="SELECT * FROM members WHERE login='" . $_SESSION['SESS_USERNAME'] . "' AND passwd='".md5($_POST['opassword'])."'"; $result = mysql_query($qry); if($result) { //Create UPDATE query to replace old password with new password $updatepasswd="Update members set passwd='".md5($_POST['npassword'])."' where login='" . $_SESSION['SESS_USERNAME'] . "' AND passwd='".md5($_POST['opassword'])."'"; $update = mysql_query($updatepasswd); //Check whether the query was successful or not if($update) { header("location: changepasswordsuccess.php"); exit(); } else { die("Query failed"); } } else { header("location: passwordchange-failed.php"); } Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code : <?php session_start(); include "connection.php"; //include_once('header1.php'); $msg=""; if($_SERVER['REQUEST_METHOD']=='POST' && empty($_POST['username']) || empty($_POST['password']) || empty($_POST['newpass']) || empty($_POST['newpassconfirm']) ) { $msg="empty fields"; } { $user=$_POST['username']; $pass=$_POST['password']; $newpass=$_POST['newpass']; $confirmpass=$_POST['newpassconfirm']; $result=mysql_query("SELECT password FROM user WHERE username='$user'"); if(!$result) { $msg="The Username You Entered Does not Exist"; } elseif($pass!= mysql_result($result,0)) { echo $msg="You Entered An Incorrect Password"; } if($newpass != $confirmpass) { $msg = "Passwords do not match"; } elseif($newpass=$confirmpass) $sql=mysql_query("update user set password='$newpass' where username ='$user'"); if($sql) { echo "Congrats you have successfully changed your password."; } header('refresh:3 databases.php'); } { ?> <html> <body> <?php echo $msg ; ?> <form class="changepass" action="changepass.php" method="POST"><P> <table><tr><td> Enter ur username :</td> <td> <input type="text" name="username" /></td></tr> <tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr> <tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr> <tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr> <tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr> </table> </form> </body> </html> <?php }?> I'm trying to let the users change their password, but everytime I try.. it just changes the password to what they type in whether or not the password they currently have is right or not.. x_x I have the password set as an MD5 so I'm guessing I have to select the password from the database as an MD5, but I don't know how to do that.. <?php include("logincheck.php"); $newpass = $_POST['newpass']; $username = $_SESSION['username']; $password = $_POST['password']; ?> <?php include_once("header.php"); ?> Welcome to your settings. This is where you can manage everything on your account! <br><br>----------<b>Change Password</b>---------- <form action="<?php echo $_SERVER['SCRIPT_NAME']?>" method="post"> <?php $type = "text"; echo " <p>Type your current password:<br> <input size='25' name='password' type='$type'></input></p> <p>Type your new password:<br> <input size='25' name='newpass' type='$type'></input></p> <p>Verification:<br> <img src='randomimage.php'><br> <input name='txtNumber' type='text' id='txtNumber' value=''> <br>"; ?> <input type="submit" name="changepass" value="submit" /> </form> <?php if (@$_POST['changepass']) { include("haha.php"); $cxn = mysqli_connect($dbhost,$dbuser,$dbpassword,$dbdatabase); $sql = "SELECT `password` FROM `Member` WHERE `username`='$username'"; $result = mysqli_query($cxn,$sql) or die("Query died: password"); if($result = $password) //password matches { $number = $_POST['txtNumber']; if (md5($number) == $_SESSION['image_random_value']) { $sql = "UPDATE Member SET password = md5('$newpass') WHERE username = '$username'"; mysqli_query($cxn,$sql) or die("Query died: update"); }}} ?> <?php include_once("footer.php"); ?> hi folks I have a problem with the code to change the password, it shows the message all time when I send the form: old password dont match! <?php session_start(); $user = $_SESSION['first_name']; if ($user) { //user is logged in if ($_POST['submit']) { //check fields $oldpassword = md5($_POST['oldpassword']); $newpassword = md5($_POST['newpassword']); $repeatnewpassword = md5($_POST['repeatnewpassword']); //check password against db //connect db $connect = mysql_connect("*******","****","****") or die(""); mysql_select_db("****") or die(""); $queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query didnt work !!!"); $row = mysql_fetch_assoc($queryget); $oldpassworddb = $row['password']; //check password if ($oldpassword==$oldpassworddb) { //check to new password if ($newpassword==$repeatnewpassword) { //success //change password in db $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die (""); session_destroy(); die("YOUR PASSWORD HAS BEEN CHANGED.<a href='login_form.html'>RETURN</a> TO THE LOGIN PAGE"); } else die("new password dont match"); } else die("old password dont match"); } else { echo" <form action='changepassword.php' method='POST'> Old password: <input type='text' name='oldpassword'><br/> New password: <input type='password' name='newpassword'><br/> Repeat new password: <input type='password' name='repeatnewpassword'><br/> <input type='submit' name='submit' value='change password'> </form>"; } } else echo("YOU MUST BE LOGGED IN!!!!.<br><a href='login_form.html'>RETURN</a> TO THE LOGIN PAGE"); ?> please help thanks! Hi there, I've set up a basic password change that sends an email to the client when they change their password. The email notify's the client that their password has been changed and what the password is. The current problem I'm receiving is that when the user changes their password the message confirms that an email has been sent however, the email never arrives. The original email only arrives when the client changes their password again and they receive their first password change not their new password change. Can you help?? my code is below: Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password="*******"; // Mysql password $db_name="testpwreset"; // Database name //Connect to server and select database. $con=mysql_connect("$host", "$username", "$password"); mysql_connect("$host", "$username", "$password") or die("cannot connect to server"); mysql_select_db("$db_name") or die("cannot select DB"); // value sent from form $email_to=$_POST['email_to']; $old_password=$_POST['old_password']; $new_password=$_POST['new_password']; $new_password2=$_POST['new_password2']; if ($new_password != $new_password2) {die("Your passwords do not match");} // table name $tbl_name=members; mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'"); // retrieve password from table where e-mail = $email_to(*****@gmail.com) $sql="SELECT password FROM $tbl_name WHERE email='$email_to' AND password = '$old_password'"; $result=mysql_query($sql); // if found this e-mail address, row must be 1 row // keep value in variable name "$count" $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $asdf=mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'"); $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email_to; // Your subject $subject="Your Tafe FTP Password"; // From $header="from: your name \<your email\>"; // Your message $messages= "Your password for login to the Orange Tafe IT Ftp Server is: $your_password \r\n"; // send email $sentmail = mail($to,$subject,$messages,$header); } // else if $count not equal 1 else { echo "Cannot find your email in our database"; } // if your email succesfully sent if($sentmail){ echo "Your Password Has Been Sent To Your Email Address."; } else { echo "Cannot send password to your e-mail address"; } ?> Hi folks! Upon registering, my register script runs an md5 hash on the password. My problem is when the user wants to change passwords. currently I have a very simple profile, and when they edit it, it doesn't rehash the password- it simply replaces the entire hashed old password with the plain, new password. Any way I could get the script to rehash the password? editprofile.php <?php include('config.php'); include('header.php'); if($_SESSION['id']=="") { header("Location: YouMustLogInNotice.html"); } if(isset($_POST['btnedit'])){ $callname = $_POST['callname']; $email = $_POST['email']; $password = $_POST['password']; $sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); $user = $userfinal; echo "<td align=center> <div id=box> <table width='100%'> <tr> <td><h2>Edit profile</h2> <form method='post'> <table><tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr> <tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr> <tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> <tr><th>Registered:</th><td>".$row['registered']."</td></tr> <tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr> </table><br /> <input type='submit' name='btnedit' value='update' class=button /> </form></div></td> </tr> </table> </td></tr> </table>"; ?> <?php include('footer.php'); ?> hello everyone, i try to make a registration script and change password script with PIN as security code, registration script was working perfect, but change password script didn't work. here i give a full code for you to review. here link to file Test.7z I hope someone can help and give me information what i'am missing. Hi I have the code below when users firget their password, they fill forrgot password form and an email will be sent to them which directs them to a page where (code below) they can reset their password. When i fill the form I get the msg it says password has been changed however it wont change it in database. I have checked the code, current entries in database etc but still it wont change the password. Can u please what im doing wrong? <?php include 'global.php'; $account_reference = $_GET['code']; echo "$account_reference"; if (isset($_POST['resetpassword']) && $_POST['resetpassword']) { $email = addslashes(strip_tags($_POST['email'])); $username = addslashes(strip_tags($_POST['username'])); $password = addslashes(strip_tags($_POST['password'])); $newpasswordnomd = addslashes(strip_tags($_POST['newpassword'])); $repasswordnomd = addslashes(strip_tags($_POST['repassword'])); $code = addslashes(strip_tags($_POST['code'])); $getdata=mysql_query("SELECT * FROM users WHERE username='$username' AND email='$email' AND code='$code'"); while($row = mysql_fetch_array($getdata)) { $got_username=$row['username']; $got_email=$row['email']; $got_ref=$row['code']; $got_pass=$row['password']; } $newpassword = md5($newpasswordnomd); $repassword = md5($repasswordnomd); if($password==$got_pass) { if ($email==$got_email) { if ($username==$got_username) { if($newpassword==$repassword) { $resetpass=mysql_query("UPDATE users SET password='$repassword' WHERE email=='$email' AND username=='$username'"); echo "Your Password has been reset"; } else {echo "Your New Password and Repeat Password do not match";} } else {echo "Your Username does not match our records";} } else {echo "Your Email does not match our records";} } } ?> <form action='' method='POST' enctype='multipart/form-data'> <input type="hidden" name='code' value="<?php echo "$account_reference";?>"><p /> Email: <br/> <input type="email" name='email'><p /> Username: <br/> <input type='text' name='username'><p /> Password: <br/> <input type='text' name='password'><p /> New Password: <br/> <input type='text' name='newpassword'><p /> Repeat New Password: <br/> <input type='text' name='repassword'><p /> <input type='submit' name='resetpassword' value='Update'> Hi guys I have this code, where it gets clicked from an email and then compares the tmp password etc and updates the new password in md5 format. I have been trying to find the issue why it doesnt update the password but i couldn't can u help me to find out why? Please note all the db field names are correct in the code below. thanks in advance <?php include ("include/global.php"); include ("include/function.php"); $code = $_GET['code']; if (!$code){ Header("Location: forgotpassword.php"); } else { if (isset($_POST['reset']) && $_POST['reset']) { $myemail=$row['email']; $mycurrentpass=$row['currentpass']; $mynewpass=$row['newpassword']; $myrepass=$row['repassword']; // $getcurrentinfo=mysql_query("SELECT email,password FROM users WHERE email='$myemail'"); while($row = mysql_fetch_array($getcurrentinfo)) { $currentemail=$row['email']; $currentpass=$row['password']; } // $newpassword = md5($mynewpass); $repeatpassword = md5($myrepass); if($myemail==$currentemail&& $currentpass==$mycurrentpass) { if($newpassword==$repeatpassword) { $updatepass=mysql_query("UPDATE users SET password='$newpassword' WHERE email='$myemail'"); } else {echo "Information provided are not correct, please try again with correct information";} } else {echo "Information provided are not correct, please try again with correct information";} } } ?> <html> <head> <script type="text/javascript" src="/js/jquery.js"></script> <script type="text/javascript" src="/js/jquery.validate.js"></script> <script type="text/javascript" src="/js/jquery.pstrength-min.1.2.js"></script> <script type="text/javascript"> $(function() { $('.password').pstrength(); }); $(document).ready(function(){ $("#form").validate({ rules: { email: { required: true, email: true } } }); }); </script> </head> <body> <fieldset> <form action='' method='POST' id='form'> <p>Enter Your Email: </p> <p> <input type='text' name='email' class="required"></td> <p>Enter Your Temporary Password: </p> <p> <input type='text' name='currentpass' class="required"></td> <p>Enter Your New Password: </p> <p> <input type='text' name='newpassword' class="password"></td> <p>Repeat Your New Password: </p> <p> <input type='text' name='repassword' class="required"></td> </table> </p> <p> <input type='submit' name='reset' value='Submit' id='form'> </form> </fieldset> </body> </html> I am having some trouble getting this to pull the password correctly from the database. I believe the problem is from the password being in md5 format. I am not sure how to fix the issue. Much thanks Code: [Select] <?php //signin.php include 'connect.php'; include 'header.php'; echo '<h3>Sign in</h3><br />'; //first, check if the user is already signed in. If that is the case, there is no need to display this page if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true) { echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.'; } else { if($_SERVER['REQUEST_METHOD'] != 'POST') { /*the form hasn't been posted yet, display it note that the action="" will cause the form to post to the same page it is on */ echo '<form method="post" action=""> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password"><br /> <input type="submit" value="Sign in" /> </form>'; } else { /* so, the form has been posted, we'll process the data in three steps: 1. Check the data 2. Let the user refill the wrong fields (if necessary) 3. Varify if the data is correct and return the correct response */ $errors = array(); /* declare the array for later use */ if(!isset($_POST['username'])) { $errors[] = 'The username field must not be empty.'; } if(!isset($_POST['password'])) { $errors[] = 'The password field must not be empty.'; } if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ { echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />'; echo '<ul>'; foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ { echo '<li>' . $value . '</li>'; /* this generates a nice error list */ } echo '</ul>'; } else { //the form has been posted without errors, so save it //notice the use of mysql_real_escape_string, keep everything safe! //also notice the sha1 function which hashes the password $sql = "SELECT userid, username, userlevel FROM users WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . sha1($_POST['password']) . "'"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Something went wrong while signing in. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed, there are 2 possibilities //1. the query returned data, the user can be signed in //2. the query returned an empty result set, the credentials were wrong if(mysql_num_rows($result) == 0) { echo 'You have supplied a wrong user/password combination. Please try again.'; } else { //set the $_SESSION['signed_in'] variable to TRUE $_SESSION['signed_in'] = true; //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages while($row = mysql_fetch_assoc($result)) { $_SESSION['userid'] = $row['userid']; $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; } echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.'; } } } } } include 'footer.php'; ?> Hi all, I am trying to make a 'forgot password' script. The passwords in the database are md5 encrypted. Is there a way to reverse this md5 password and send the forgotten password in its orginal for to the user through email? Thanks. <?PHP include("cxn.php"); $sql = "SELECT password FROM Members WHERE email='$_POST[email]'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query"); $num = mysqli_num_rows($result); if ($num >0) // Email Address Found { $password = md5($_POST['password']); // Trying to take the md5 off the password here. $to = "$_POST[email]"; $subj = "Password for website.co.uk"; $mess = "Your password for www.website.co.uk is: \n $_POST['password'] \n Please login with your email address and this password. Thank you."; $mailsend = mail($to,$subj,$mess,$headers); $update= "An email containing your password has been sent to". $_POST['email']."."; include("signin-redirect.php"); } else // Email Address Not Found { $registrationerror = "The email address '$_POST[email]' is already registered!"; include("signin-redirect.php"); } ?> Hello everyone! I'm Abraham and I'm new here. I'm looking for a little help on making a password generator that can make passwords like this s7D9f3 - y2W4j6 - x1N5q8. I made one before but I lost the script can't seem to find it or remember how I did. |
|||||||