Newbee in php
Below is my table and script, I know it should change the password
I am using a registration application
the password is saved in this manner
1d7d2fcc49f157c0be4456580011a58d469c71b6
I could not make out if this is a md5.
I echoed the php, the password i type in the form, it shows different.
now you must be thinking i typed the wrong password
I can login to the web application with the password but using the same password i cannot change
Please advice

 
`users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;




/*
<?
$host="localhost";          // Host name 
$username="root";        // Mysql username 
$password="brijpuja1"; // Mysql password 
$db_name="newsumo";  // Database name 
$tbl_name="users";     // Table name 

$username=$_POST['username'];
$oldpass=$_POST['oldpass']; 
$newpass=$_POST['newpass']; 
$conpass=$_POST['confirmpass'];

$encry_oldpass=md5($oldpass);          //encrypting old password
echo "$encry_oldpass";

/*  Test OK
echo $username;
echo "<br />";
echo $oldpass;
echo "<br />";
echo $encry_oldpass;
echo "<br />";
die();   */

$con=mysql_connect("$host","$username","$password");
mysql_select_db("$db_name",$con);

$result=mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$encry_oldpass'");
$count=mysql_num_rows($result);

if((!empty($newpass)&&!empty($conpass))&&($newpass==$conpass)&&($count==1))
 {
      $encry_conpass=md5($conpass);//encrypting confirm password

      $result2=mysql_query("UPDATE $tbl_name SET password='$encry_conpass' WHERE username='$username' and password='$encry_oldpass'");
      
      echo "Password Chamged Successfully"; 
      //header("location:...............");	  // redirect to login page

 }
 else
 {
      echo"Password Change Fails";	 
      //header("location:...............");	  // redirect to password change page
 }
?>
*/

This section is commented out:

<?
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="brijpuja1"; // Mysql password
$db_name="newsumo"; // Database name
$tbl_name="users"; // Table name
 
$username=$_POST['username'];
$oldpass=$_POST['oldpass'];
$newpass=$_POST['newpass'];
$conpass=$_POST['confirmpass'];

$encry_oldpass=md5($oldpass); //encrypting old password
echo "$encry_oldpass";

But I think you need it to connect to the database and retrieve the details from the form. You should also validate all $_POST variables.

Also, you set $username to "root", then overwrite it with $_POST["username"]. You need to make sure they are different variables.

Let me check this

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.