New to PHP
Password change fails please advice

CREATE TABLE IF NOT EXISTS `ps_users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;
<html>
<head>
</head>
<body bgcolor="#5791BF">
  <h1>Change Password</h1>
  <form method="POST" action="passch.php">
  <table>
    <tr>
          <td>Enter your UserName</td>
      <td><input type="username" size="10" name="username"></td>
      
      <td>Enter your existing password:</td>
      <td><input type="password" size="10" name="password"></td>
    </tr>
    <tr>
      <td>Enter your new password:</td>
      <td><input type="password" size="10" name="newpassword"></td>
    </tr>
    
  </table>
  <p><input type="submit" value="Update Password">
  </form>
  <p><a href="member-index.php">Home</a>
  <p><a href="logout.php">Logout</a>
</body>
</html>

<?php
$server="localhost";
$db_user="root";
$db_pass="brijpuja1";
$database="puresearch";
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$rs_pwd = mysql_query("select password FROM ps_users where username='$_POST[username]'");
list($old) = mysql_fetch_row($rs_pwd);

	if($old == md5($_POST['password']))
	{
	$newmd5 = md5(mysql_real_escape_string($_POST['newpassword']));
	mysql_query("update ps_users set password='$newmd5' where username='$_POST[username]'");
echo "Password Changed successfully";
	} else
	{
	echo "Password change failed";
	}
	
	
	?>

If you are using mysql_real_escape_string your

if($old == md5($_POST))

should be

if($old == md5(mysql_real_escape_string($_POST)))

Yes?

Still do not change after doing the above
Is it something to do with table

The variables you are comparing do not seem to be the same...

This:

list($old) = mysql_fetch_row($rs_pwd);

I believe would work as

@old = mysql_fetch_row($rs_pwd);

mysql_fetch_row will return the array of the items in the select.

Then your if should be like this:

if(@old[0] == md5(mysql_real_escape_string($_POST)))

Try and let me know.

OR you can use something like this:

$old = mysql_fetch_array($rs_pwd));

and

if($old == md5(mysql_real_escape_string($_POST)))

AND I just noticed this:

$_POST[username]

should be

$_POST['username']

and I'm not 100% percent but you might need to do a concatenate on the string instead of including it as it is for instance:

$rs_pwd = mysql_query("select password FROM ps_users where username='$_POST[username]'");

Should be:

$rs_pwd = mysql_query("select password FROM ps_users where username='".$_POST['username']."'");
<?php

$host="localhost";          // Host name 
$username="root";        // Mysql username 
$password="brijpuja1"; // Mysql password 
$db_name="puresearch";  // Database name 
$tbl_name="ps_users";     // Table name 

$username=$_POST['username'];
$oldpass=$_POST['oldpass']; 
$newpass=$_POST['newpass']; 
$conpass=$_POST['confirmpass'];

$encry_oldpass=md5($oldpass);          //encrypting old password

/*  Test OK
echo $username;
echo "<br />";
echo $oldpass;
echo "<br />";
echo $encry_oldpass;
echo "<br />";
die();   */

$con=mysql_connect("$host","$username","$password");
mysql_select_db("$db_name",$con);

$result=mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$encry_oldpass'");
$count=mysql_num_rows($result);

if((!empty($newpass)&&!empty($conpass))&&($newpass==$conpass)&&($count==1))
 {
      $encry_conpass=md5($conpass);//encrypting confirm password

      $result2=mysql_query("UPDATE $tbl_name SET password='$encry_conpass' WHERE username='$username' and password='$encry_oldpass'");
      
      echo "Password Chamged Successfully"; 
      header("location:...............");	  // redirect to login page

 }
 else
 {
      echo"Password Change Fails";	 
      header("location:...............");	  // redirect to password change page
 }
?>

provided username must be an unique entry in your database...

nadnakinam
I get this error

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'joelimboo'@'localhost' (using password: YES) in D:\webroot\puresearch\passch.php on line 37

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in D:\webroot\puresearch\passch.php on line 38

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in D:\webroot\puresearch\passch.php on line 40

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in D:\webroot\puresearch\passch.php on line 40

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\webroot\puresearch\passch.php on line 41
Password Change Fails

my html code

<h1>Change Password</h1>
  <form method="POST" action="passch.php"><br/>

         Enter your UserName
      <input type="username" size="10" name="username"> <br/>
      
      Enter your existing password:
    <input type="password" size="10" name="oldpass"><br/>
Enter your new password:
      <input type="password" size="10" name="newpass"><br/>
      Enter your new password:
   <input type="password" size="10" name="confirmpass"><br/>


<input type="submit" value="Update Password">
  </form>

passch.php

<?php


$host="localhost";          // Host name 
$username="root";        // Mysql username 
$password="brijpuja1"; // Mysql password 
$db_name="puresearch";  // Database name 
$tbl_name="sumo_users";     // Table name 

$username=$_POST['username'];
$oldpass=$_POST['oldpass']; 
$newpass=$_POST['newpass']; 
$conpass=$_POST['confirmpass'];

$encry_oldpass=md5($oldpass);          //encrypting old password

/*  Test OK
echo $username;
echo "<br />";
echo $oldpass;
echo "<br />";
echo $encry_oldpass;
echo "<br />";
die();   */

$con=mysql_connect("$host","$username","$password");
mysql_select_db("$db_name",$con);

$result=mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$encry_oldpass'");
$count=mysql_num_rows($result);

if((!empty($newpass)&&!empty($conpass))&&($newpass==$conpass)&&($count==1))
 {
      $encry_conpass=md5($conpass);//encrypting confirm password

      $result2=mysql_query("UPDATE $tbl_name SET password='$encry_conpass' WHERE username='$username' and password='$encry_oldpass'");
      
      echo "Password Chamged Successfully"; 
     // header("location:...............");	  // redirect to login page

 }
 else
 {
      echo"Password Change Fails";	 
     // header("location:...............");	  // redirect to password change page
 }
?>

my table row

`sumo_users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

is mysql user & mysql password are correct?
verify, if wrong you'll get these errors...

paste the code on which you are getting error with respective errors next...

Error are in database connection only, try with password "no"...
establish correct database connection, sure that code'll work...

It works good for me...

Now I get this
no errors
Password Change Fails

the registration application saves password in this way. is it md5 at all
1d7d2fcc49f157c0be4456580011a58d469c71b6

I just echoed md5 old password is correct but the echo md5 is different from database that means the registration form does nt save password in md5

Here is the look of the password saved in the database can anyone tell what type is it

1d7d2fcc49f157c0be4456580011a58d469c71b6
Please advice

hi j_limboo,

echo all variables after each declaration, analyse line-by-line...
try to find where goes wrong...

take some effort...
it is not recommended to post whatever you got...!

I echo the old md5 password and it does not match the password in the database.
The registration application is using a different encryption
1d7d2fcc49f157c0be4456580011a58d469c71b6 using password brijpuja

md5 looks d41d8cd98f00b204e9800998ecf8427e using password brijpuja

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.