|
PHP - Password Change, Php Email Problem
Hi there,
I've set up a basic password change that sends an email to the client when they change their password. The email notify's the client that their password has been changed and what the password is. The current problem I'm receiving is that when the user changes their password the message confirms that an email has been sent however, the email never arrives. The original email only arrives when the client changes their password again and they receive their first password change not their new password change. Can you help?? my code is below: Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password="*******"; // Mysql password $db_name="testpwreset"; // Database name //Connect to server and select database. $con=mysql_connect("$host", "$username", "$password"); mysql_connect("$host", "$username", "$password") or die("cannot connect to server"); mysql_select_db("$db_name") or die("cannot select DB"); // value sent from form $email_to=$_POST['email_to']; $old_password=$_POST['old_password']; $new_password=$_POST['new_password']; $new_password2=$_POST['new_password2']; if ($new_password != $new_password2) {die("Your passwords do not match");} // table name $tbl_name=members; mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'"); // retrieve password from table where e-mail = $email_to(*****@gmail.com) $sql="SELECT password FROM $tbl_name WHERE email='$email_to' AND password = '$old_password'"; $result=mysql_query($sql); // if found this e-mail address, row must be 1 row // keep value in variable name "$count" $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $asdf=mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'"); $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email_to; // Your subject $subject="Your Tafe FTP Password"; // From $header="from: your name \<your email\>"; // Your message $messages= "Your password for login to the Orange Tafe IT Ftp Server is: $your_password \r\n"; // send email $sentmail = mail($to,$subject,$messages,$header); } // else if $count not equal 1 else { echo "Cannot find your email in our database"; } // if your email succesfully sent if($sentmail){ echo "Your Password Has Been Sent To Your Email Address."; } else { echo "Cannot send password to your e-mail address"; } ?> Similar TutorialsHello, I've got the following code, who doesn't change the password on the database: <?php include "connect.php"; session_start(); session_register("session"); $new_password = $_POST['new_password']; $new_password_again = $_POST['new_password_again']; if(!isset($session['connection_status'])) { echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit;} ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Change Password</title> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.ketchup.js"></script> <script type="text/javascript" src="js/jquery.ketchup.messages.js"></script> <script type="text/javascript" src="js/jquery.ketchup.validations.basic.js"></script> <script language="javascript" type="text/javascript" src="niceforms.js"></script> <link rel="stylesheet" type="text/css" media="all" href="niceforms-default.css" /> <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ketchup.css" /> </head> <body> <div id="container"> <fieldset> <legend>Change Password</legend> <p>Please enter your new password below</p> <form method="post" action="change_password.php" name="changepassword" id="changepassword"class="niceform" > <dl> <dt><label for="new_password">New Password:</label><br /></dt> <dd><input type="password" name="new_password" id="new_password" class= "validate(required, rangelength(4,30))" /></dd> </dl> <dl> <dt><label for="new_password_again">Password (again):</label><br /></dt> <dd><input type="password" name="new_password_again" id="new_password_again" class= "validate(required, match(#new_password))" /></dd> </dl> <dl> <dt> <dd><input type="submit" name="change_password" id="change_password" value="Change Password" /> <input type="reset" name="reset" id="reset" value="Reset" /></dd> </dt> </dl> </form> </fieldset> </div> <?php if (empty($_POST['new_password']) && empty($_POST['new_password_again'])) { ?> <div id="container"> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>" name="loginform" id="loginform" class="niceform" > <fieldset> <legend>Error</legend> <p>Please go back and complete all the fields in the form</p> <p>Click <a href="index.php">here</a> to try again.</p> </fieldset> </form> </div> <?php } else { $db_new_password=md5(mysql_real_escape_string($new_password)); $status = "OK"; $msg=""; if ( strlen($new_password) < 3 or strlen($new_password) > 10 ) { $msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>"; $status= "NOTOK"; } if (strcmp( $new_password,$new_password_again ) !=0) { $msg=$msg."Both passwords do not match<BR>"; $status= "NOTOK"; } if($status<>"OK") { echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>"; } else { if(mysql_query("update users set password='$db_new_password' where userid='$session[userid]'")) { echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $new_password ; } } } ?> <script type = "text/javascript"> $(document).ready(function() { $('#changepassword').ketchup(); }); </script> </body> </html> hi folks I have a problem with the code to change the password, it shows the message all time when I send the form: old password dont match! <?php session_start(); $user = $_SESSION['first_name']; if ($user) { //user is logged in if ($_POST['submit']) { //check fields $oldpassword = md5($_POST['oldpassword']); $newpassword = md5($_POST['newpassword']); $repeatnewpassword = md5($_POST['repeatnewpassword']); //check password against db //connect db $connect = mysql_connect("*******","****","****") or die(""); mysql_select_db("****") or die(""); $queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query didnt work !!!"); $row = mysql_fetch_assoc($queryget); $oldpassworddb = $row['password']; //check password if ($oldpassword==$oldpassworddb) { //check to new password if ($newpassword==$repeatnewpassword) { //success //change password in db $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die (""); session_destroy(); die("YOUR PASSWORD HAS BEEN CHANGED.<a href='login_form.html'>RETURN</a> TO THE LOGIN PAGE"); } else die("new password dont match"); } else die("old password dont match"); } else { echo" <form action='changepassword.php' method='POST'> Old password: <input type='text' name='oldpassword'><br/> New password: <input type='password' name='newpassword'><br/> Repeat new password: <input type='password' name='repeatnewpassword'><br/> <input type='submit' name='submit' value='change password'> </form>"; } } else echo("YOU MUST BE LOGGED IN!!!!.<br><a href='login_form.html'>RETURN</a> TO THE LOGIN PAGE"); ?> please help thanks! hello everyone, i try to make a registration script and change password script with PIN as security code, registration script was working perfect, but change password script didn't work. here i give a full code for you to review. here link to file Test.7z I hope someone can help and give me information what i'am missing. Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe I wrote a bunch of code just to realize that there's a huge security hole in my script. Here's a how I've built it: 1. first you enter the new email address into the input box and click submit 2. an email gets sent to you where you have to click on an activation link to confirm the change, and of course the email gets send to the inbox to make sure it's a valid email the activation link looks as follows: Code: [Select] http://localhost/changeemail_confirm.php?id=$dbuser_id&email=$user_email The dbuser_id gets taken from the session variable, and the user email is the new entered user email. 3. After clicking the link you get directed to an activation page, I thought about letting the user enter his password and letting it match with the password in the database as added security, so he can't just change the user_id in the link so that the email of another user gets changed. the query on the activation page looks like this: "UPDATE user SET email = '$user_email' WHERE nickname = '$dbuser_name' AND WHERE user_id = '$id'"; The $id is being taking from the activation link per GET, and the $dbuser_name is being taking from the session variable. And now this is the problem where I'm stuck, even though I've added a bunch of security, and even the necessary to enter a password there's still a major security hole, which is the user can easily change the email in the activation link to something else, something that is not a valid email. E.g. this Code: [Select] http://localhost/changeemail_confirm.php?id=35&email=mail@phpmail.local can become to this, when the user manually edits the url and pastes it into his browser: Code: [Select] http://localhost/changeemail_confirm.php?id=35&email=MAIL@ANYTHING.com How can I prevent this, is there any way I could tell the script the CONFIRMED and VALID email, with a more secure way? BTW this script works as it is, it's just that the user can manually change the email to something else what makes this script worthless for now. Hello.. I've a problem about how to change our destination and the consecutively. As example, today the email will be sent to A,B,C and tomorrow the email will be sent to B,C,A until next week. Next week the email will be sent to D,E,F. Code for looping email.. Code: [Select] <?php $to = array('ikrom.shabri@yahoo.com','1.k.rom.pc@gmail.com'); foreach($to as $mail) { usleep(60000000); mail($mail,$subject,$email,$headers); } ?> Thank you for your assistance.. Hi, I'm trying to change the password after logging in to web site. Following is the code that change the password. However, the password is not changing in the table. Please let me know if I'm making any error in below code. Thanks. Code: [Select] <?php $password=mysql_real_escape_string($_POST['newpassword']); $password2=mysql_real_escape_string($_POST['confirmnewpassword']); if ( strlen($password) < 5 or strlen($password) > 12 ){ echo "Password must be more than 5 char legth and maximum 12 char lenght<BR>"; } if ( $password <> $password2 ){ echo "Both passwords are not matching"; } if($password == $password2){ if(mysql_query("update users set password='$password' where empid='$_SESSION[login]'")){ echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password every 2 monthsfor better security</font></center>"; } } hi i've been asked to create a change password form for a friends band website, and ive come up with this code (below) and im having trouble to get it to work, i have the Database connecting, (i am able to log users in), also im not sure if my IF statements are set up correctly. When i go to change password, it looks as if the page is just refreshing its self with no errors coming up. any help would be very appreciated Thanks in advance <?php session_start(); require("db_connect.php"); $username = $_POST['uname']; $password = $_POST['pword']; $npass = $_POST['nPass']; $cnpass = $_POST['cnPass']; $sql = "SELECT * FROM login_details WHERE username='$username' AND password='$password'"; $results = mysql_query($sql, $connect); $numofrows = mysql_num_rows($results); if ($numofrows == 0) { if ($npass == $cnpass) { $sql = "UPDATE login_details SET password='$npass' WHERE username='$username'"; header("Location: secure_page.php"); die(); } else { $_SESSION['error2']= "Passwords Do Not Match"; header("Location: change_pass.php"); die(); } } else { $_SESSION['error1']= "Icorrect Username Or Password"; header("Location: change_pass.php"); die(); } ?> Hi there I'm a newbie to all of this so please be gentle! I am starting up my own online business and I am feeling my way through PHP. I have been doing ok so far but I'm having problems with the "change your password" function. I change the password, I receive a reactivation email, but when I try to log in with the new password it hasnt changed. Code I'm using as follows: <?php // process.php include 'config.php'; if(isset($_POST['changepassword'])) { $current = trim($_POST['current']); $new = trim($_POST['new']); $confirm = trim($_POST['confirm']); $pw = md5($current); $query = mysql_query("SELECT * FROM Users WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); if(mysql_num_rows($query) > 0) { while($row = mysql_fetch_array($query)) { if ( $_POST['new'] == $_POST['confirm'] ) {}else{ echo '<script>alert("Your passwords were not the same, please enter the same password in each field.");</script>'; echo '<script>history.back(1);</script>'; exit; } $password = md5($new); $do = mysql_query("UPDATE Users SET Password = '$password' WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); $dotwo = mysql_query("UPDATE Users SET Activated = 0 WHERE Password = '$password' LIMIT 1") or die(mysql_error()); $send = mail($row['Email'] , "Password changed" , "Your password has been changed to: ".trim($_POST['new'])."\n\nYou can change it again via the members only panel, but first you must re-activate your account:\nhttp://www.infinite-monkey.co.uk/activate.php?id=".$row['Actkey']."\n\nDo not reply to this email, it is automated. Thanks." , "From: auto@mailer.com"); if((($do)&&($dotwo)&&($send))) { echo '<script>alert("Password changed. You will now be logged out and you must re-activate your account, check your email, a confirmation email has been sent.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } else { echo '<script>alert("There appears to have been an error in the script. 1 or 2 of 3 things may have happened:\n\n• Your password could have been reset/changed\n• Your account could have been deactivated, see the resend validation email page\n• Your email may not have been sent.\n\nYou will now be logged out, if you are not able to login, reset your password using the form, or resend the validation email to activate your account again.\n\nWe are sorry for the inconvenience.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } } } else { echo '<script>alert("Incorrect password.");</script>'; echo '<script>history.back(1);</script>'; exit; I have tried resetting the password on my old account and the email never arrives , nor do my notifications for posts.
I'm trying to let the users change their password, but everytime I try.. it just changes the password to what they type in whether or not the password they currently have is right or not.. x_x I have the password set as an MD5 so I'm guessing I have to select the password from the database as an MD5, but I don't know how to do that.. <?php include("logincheck.php"); $newpass = $_POST['newpass']; $username = $_SESSION['username']; $password = $_POST['password']; ?> <?php include_once("header.php"); ?> Welcome to your settings. This is where you can manage everything on your account! <br><br>----------<b>Change Password</b>---------- <form action="<?php echo $_SERVER['SCRIPT_NAME']?>" method="post"> <?php $type = "text"; echo " <p>Type your current password:<br> <input size='25' name='password' type='$type'></input></p> <p>Type your new password:<br> <input size='25' name='newpass' type='$type'></input></p> <p>Verification:<br> <img src='randomimage.php'><br> <input name='txtNumber' type='text' id='txtNumber' value=''> <br>"; ?> <input type="submit" name="changepass" value="submit" /> </form> <?php if (@$_POST['changepass']) { include("haha.php"); $cxn = mysqli_connect($dbhost,$dbuser,$dbpassword,$dbdatabase); $sql = "SELECT `password` FROM `Member` WHERE `username`='$username'"; $result = mysqli_query($cxn,$sql) or die("Query died: password"); if($result = $password) //password matches { $number = $_POST['txtNumber']; if (md5($number) == $_SESSION['image_random_value']) { $sql = "UPDATE Member SET password = md5('$newpass') WHERE username = '$username'"; mysqli_query($cxn,$sql) or die("Query died: update"); }}} ?> <?php include_once("footer.php"); ?> Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code : <?php session_start(); include "connection.php"; //include_once('header1.php'); $msg=""; if($_SERVER['REQUEST_METHOD']=='POST' && empty($_POST['username']) || empty($_POST['password']) || empty($_POST['newpass']) || empty($_POST['newpassconfirm']) ) { $msg="empty fields"; } { $user=$_POST['username']; $pass=$_POST['password']; $newpass=$_POST['newpass']; $confirmpass=$_POST['newpassconfirm']; $result=mysql_query("SELECT password FROM user WHERE username='$user'"); if(!$result) { $msg="The Username You Entered Does not Exist"; } elseif($pass!= mysql_result($result,0)) { echo $msg="You Entered An Incorrect Password"; } if($newpass != $confirmpass) { $msg = "Passwords do not match"; } elseif($newpass=$confirmpass) $sql=mysql_query("update user set password='$newpass' where username ='$user'"); if($sql) { echo "Congrats you have successfully changed your password."; } header('refresh:3 databases.php'); } { ?> <html> <body> <?php echo $msg ; ?> <form class="changepass" action="changepass.php" method="POST"><P> <table><tr><td> Enter ur username :</td> <td> <input type="text" name="username" /></td></tr> <tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr> <tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr> <tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr> <tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr> </table> </form> </body> </html> <?php }?> Hi folks! Upon registering, my register script runs an md5 hash on the password. My problem is when the user wants to change passwords. currently I have a very simple profile, and when they edit it, it doesn't rehash the password- it simply replaces the entire hashed old password with the plain, new password. Any way I could get the script to rehash the password? editprofile.php <?php include('config.php'); include('header.php'); if($_SESSION['id']=="") { header("Location: YouMustLogInNotice.html"); } if(isset($_POST['btnedit'])){ $callname = $_POST['callname']; $email = $_POST['email']; $password = $_POST['password']; $sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); $user = $userfinal; echo "<td align=center> <div id=box> <table width='100%'> <tr> <td><h2>Edit profile</h2> <form method='post'> <table><tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr> <tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr> <tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> <tr><th>Registered:</th><td>".$row['registered']."</td></tr> <tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr> </table><br /> <input type='submit' name='btnedit' value='update' class=button /> </form></div></td> </tr> </table> </td></tr> </table>"; ?> <?php include('footer.php'); ?> Hey all. I am new to this forum and to PHP as a whole. I though I would try to make a login system using php and mysql. The login and register forms work great but I cannot seem to fully figure out how to let a user change their password. My code partially works. When the user types the correct old password and when the two new password forms confirm, the password changes and the database is updated and the user is taken to a page that tells him that his password was successfully changed. However, the problem is when the old password he types is different than the one in the database, the page that states password successfully changed also appears but the password is not changed in the database. The problem is thus with the SELECT statement. Can anyone please help me find whats wrong. It has been tormenting for a few hours now. Thank you in advance. . I used md5 encryption for the passwords. Here is the section of code that comes after the script makes sure that none of the forms are empty and that the passwords confirm . //Create SELECT query to verify that the old password is correct $qry="SELECT * FROM members WHERE login='" . $_SESSION['SESS_USERNAME'] . "' AND passwd='".md5($_POST['opassword'])."'"; $result = mysql_query($qry); if($result) { //Create UPDATE query to replace old password with new password $updatepasswd="Update members set passwd='".md5($_POST['npassword'])."' where login='" . $_SESSION['SESS_USERNAME'] . "' AND passwd='".md5($_POST['opassword'])."'"; $update = mysql_query($updatepasswd); //Check whether the query was successful or not if($update) { header("location: changepasswordsuccess.php"); exit(); } else { die("Query failed"); } } else { header("location: passwordchange-failed.php"); } Hi, I want to create a forgotten password page, where the user enters in their email address, the script queries the database for that email address, creates a unique ID, stores that unique ID in the database, then emails the unique ID and the User ID off to the user in an HTML link e.g. http://somesite.com/reset-password.php?userId=2&uniqueId=132832189312978312. The reset page would then match the unique ID to the one in the database and let them enter in a new password into the form. Ok so I can do most of that so far except from the emailing to the user. I'm running an Ubuntu Server 10 at the moment as my test server which is on my local network. Do I need to set up a mail server on that for php mailing to work, or can I use some external SMTP for sending? I've had a play round with the PHP mail() function but it won't send anything at the moment. I'll also need some code for when the site is running in the hosted live environment as it will likely use their mail servers. What's the best way to go about doing this? Many thanks! I'm using this type of code below. how can my site may have access to my e-mail ? and how can I send e-mails containing passwords to users.?? please help. //code is like this// if($_POST['submit']=='Register') { // If the Register form has been submitted $err = array(); if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32) { $err[]='Your username must be between 3 and 32 characters!'; } if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username'])) { $err[]='Your username contains invalid characters!'; } if(!checkEmail($_POST['email'])) { $err[]='Your email is not valid!'; } if(!count($err)) { // If there are no errors $pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6); // Generate a random password $_POST['email'] = mysql_real_escape_string($_POST['email']); $_POST['username'] = mysql_real_escape_string($_POST['username']); // Escape the input data mysql_query(" INSERT INTO tz_members(usr,pass,email,regIP,dt) VALUES( '".$_POST['username']."', '".md5($pass)."', '".$_POST['email']."', '".$_SERVER['REMOTE_ADDR']."', NOW() )"); if(mysql_affected_rows($link)==1) { send_mail( 'myemail@xx.net', $_POST['email'], 'sitename - Your New Password', 'Your password is: '.$pass); $_SESSION['msg']['reg-success']='We sent you an email with your new password!'; } else $err[]='This username is already taken!'; } if(count($err)) { $_SESSION['msg']['reg-err'] = implode('<br />',$err); } header("Location: demo.php"); exit; } //but while running it on local server it shows the message "failure" as I have mentioned in the index.php. please provite a template codeing to solve the problem// Can someone tell me why my php code isn't inserting users into the database. My database is made and table is made. I created a register form so my visitors can register but im getting a blank page. I has something to do with the following code
$statement = $connection->prepare('INSERT INTO users (username, email, password) VALUES (:usernamebox, :emailbox, :passwordbox)');
if ($result) {
Why is there the " : " before the usernamebox
Heres how my form looks like
<form action="register-clicked.php" method="POST"> This is completely different code than my change password script thread. This is not double posting. Whenever I use this script to change my email, it just changes the email to nothing (blank). What could be wrong with it? Help is hugely appreciated. I know you don't have to use your valuable time to help me. <?php // I removed the connect to db part session_start(); $username = $_SESSION['username']; $email = $_POST['email']; $newemail = $_POST['newemail']; $confirmnewemail = $_POST['confirmnewemail']; $result = mysql_query("SELECT email FROM members WHERE username='$username'"); if($email!= mysql_result($result, 0)) { echo "The email address you entered is incorrect."; } if($newemail==$confirmnewemail) $sql=mysql_query("UPDATE members SET email='$newemail' where username='$username'"); if($sql) { echo "You have successfully changed your email address."; } else { echo "The new email and confirm new email fields were different."; } ?> Having a little problem with passwords, they are stored clear text and not encrypted because its for an assignment and I need to prove in the write up that users can change their passwords. Anyway when I register a user with a username and a password of say Password1, I can still login with PASSword1 or any other variation of upper and lower case characters! This is my select statement: Code: [Select] $qry = "SELECT * FROM users WHERE username='$username' AND password='$password'"; Just wondering if there is anything that can be done to this, I read somewhere about using === but that doesn't seem to be fixing the problem, it just causes the query to fail! Using MySQL if thats any help. Thanks Hi, im having trouble with the below code which is used in case user forgets password. If i enter username and ANY email, it will send there "Username" and "Password". off course i just want it to be sent only to existing email in db. any ideas? Thank you. <? include("fns.php"); include "config.php"; if(isset($_POST['Submit'])){ //1. Check if form fields are filled in if(!filledin($_POST)){ header( "Location:Messages.php?msg=7" ); exit(); } $name=$_POST['name']; $em=$_POST['mail']; //2. Check if entered name exist $query="Select pw from user where uname='$name'" or die(mysql_error()); $result= mysql_query($query); if(mysql_num_rows($result)>0){ for ($i=0; $i<mysql_num_rows($result); $i++) { $row = mysql_fetch_assoc($result); $pass=$row['pw']; $to="$em\r\n"; $from="From: \r\n"; $msg="Password:$pass\r\n"; $msg .="Username:$name\r\n"; $msg .="Your login information\r\n"; $subject=" Your Login Password\r\n"; } }else{ header( "Location:Messages.php?msg=8" ); exit(); } //4. Send password to user if(mail($to,$subject,$msg,$from)){ header( "Location:Messages.php?msg=9&email=<?php echo $em; ?>" ); exit(); //echo "Please click here to log"; }else{ header( "Location:Messages.php?msg=10"); exit(); } } |
|||||||