Update password md5 - Change Password Script

MySQL database
#1

Hi Guys,

Having some issues with the following code for changing a users password in their profile:

[php]$todo=$_POST[‘todo’];
$password=$_POST[‘password’];
$password2=$_POST[‘password2’];

if(isset($todo) and $todo==“change-password”){
$password=mysql_real_escape_string($password);

//Setting flags for checking
$status = “OK”;
$msg="";

if ( strlen($password) < 3 or strlen($password) > 8 ){
$msg=$msg.“Password must be more than 3 char legth and maximum 8 char lenght
”;
$status= “NOTOK”;}

if ( $password <> $password2 ){
$msg=$msg.“Both passwords are not matching
”;
$status= “NOTOK”;}

if($status<>“OK”){
echo “$msg
”;
}else{ // if all validations are passed.
$db_new_password = md5($password2);
if(mysql_query(“UPDATE users SET password = ‘$db_new_password’ WHERE userid = ‘$_SESSION[userid]’”)){

echo “Thanks
Your password changed successfully. Please keep changing your password for better security”;
}else{echo “Sorry
Failed to change password Contact Site Admin”;
}
}
}[/php]

Now when submitting the form it advises that the password has been changed. But the password actually remains the same.

Any help would be greatly appreciated.

Kind Regards,

egghead0

#2

Hi,
It all looks good and as you are getting the updated response it suggests that the following line is executing fine

if(mysql_query(“UPDATE users SET password = ‘$db_new_password’ WHERE userid = ‘$_SESSION[userid]’”))

Maybe add the following before the if statement to see what is being run

echo “UPDATE users SET password = ‘$db_new_password’ WHERE userid = ‘$_SESSION[userid]’”;
die();

Is the session variable set correctly, I am guessing this is just a snippet of code so you have already run session_start() or similar.

Ant

#3

Hi Egghead,

I think there’s problem with how you extract your session variable “userid” in WHERE clause. Single quote is missing.

It should be $_SESSION[‘userid’]

Hope this helps… :slight_smile:

#4

Hi Guys,

Thanks for the replies. Looking at your post codeguru - I decided it would be best to take the session out of the query and added another query rather than using sessions for the userid.

All running smooth now:

[php]include ($_SERVER[‘DOCUMENT_ROOT’]). ‘/include/functions.php’;
include ‘include/header.php’;

$todo=$_POST[‘todo’];
$password=$_POST[‘password’];
$password2=$_POST[‘password2’];
$username = $_SESSION[‘username’];

if(isset($todo) and $todo==“change-password”){
$md5password=md5(mysql_real_escape_string($password));
$md5password2=md5(mysql_real_escape_string($password2));

$login = mysql_query("SELECT * FROM users WHERE username = ‘$username’ ");

$getuserid = mysql_fetch_array($login);
$userid = $getuserid[‘userid’];

//Setting flags for checking
$status = “OK”;
$msg="";

if ( $password <> $password2 ){
$msg=$msg.“Both passwords are not matching
”;
$status= “NOTOK”;}

if($status<>“OK”){
echo “$msg
”;
}else{ // if all validations are passed.
if(mysql_query(“UPDATE users SET password = ‘$md5password’ WHERE userid = ‘$userid’”)){

echo “Thanks
Your password changed successfully. Please keep changing your password for better security”;
}else{echo “Sorry
Failed to change password Contact Site Admin”;
}
}
}[/php]

#5

Cant see an edit button - but just removed the include for the header as ofc not required on a submit - DUR!

Thanks again guys.

Kind Regards

egghead0

Sponsor our Newsletter | Privacy Policy | Terms of Service