Hi newbee to php mysql
appreciate if anyone can help in change password in sha1
Current mysql table

`users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

which part are you having issues with? The use of sha1() or the sql to change the password?

Post your change password script if you have one

Did some changes to the code which i was doing wrong and made it work
its working!

$server="xxxx";
$db_user="xxxx";
$db_pass="xxxx";
$database="xxxx";
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$rs_pwd = mysql_query("select password FROM users where username='$_POST[username]'");
list($old) = mysql_fetch_row($rs_pwd);

	if($old == sha1($_POST['password']))
	{
	$newmd5 = sha1(mysql_real_escape_string($_POST['newpassword']));
	mysql_query("update sumo_users set password='$newmd5' where username='$_POST[username]'");
echo "Password Changed successfully";
	} else
	{
	echo "Password change failed";
	}
	
	
	?>

you might want to add stripslashes() to the mysql_real_escape_string() because if the password has any special chars in it the stored password will have slashes is it, and the password you are comparing it against will not have the slashes.

you should use:

$newmd5 = sha1(mysql_real_escape_string(stripslashes($_POST['newpassword'])));

That adds sense
thank you

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.