While creating a userid the password is saved in type md5 in mysql
The below script to change password does not save password in md5 in mysql
and hence user after changing password cannot login
The script also gives password chaged sucessfully but also says you have typed wrong password (the old one)
as users type their password in the form which are not in type md5
is there any solution for this
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html401/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Password Change</title>
</head>
<body>
<h1>Change Password for {USERNAME}</h1>
{MESSAGE}
<form method="POST" action="passch.php">
<table>
<tr>
<td>Enter your UserName</td>
<td><input type="username" size="10" name="username"></td>
<td>Enter your existing password:</td>
<td><input type="password" size="10" name="password"></td>
</tr>
<tr>
<td>Enter your new password:</td>
<td><input type="password" size="10" name="newpassword"></td>
</tr>
<tr>
<td>Re-enter your new password:</td>
<td><input type="password" size="10" name="confirmnewpassword"></td>
</tr>
</table>
<p><input type="submit" value="Update Password">
</form>
<p><a href="home.php">Home</a>
<p><a href="logout.php">Logout</a>
</body>
</html>
passch.php
<?php
$server="xxxx";
$db_user="xxxx";
$db_pass="xxxx";
$database="xxxx";
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];
$result = mysql_query("SELECT passwd FROM members WHERE login='$username'");
if(!$result)
{
echo "The username you entered does not exist";
}
else
if($password!= mysql_result($result, 0))
{
echo "You entered an incorrect password";
}
if($newpassword=$confirmnewpassword)
$sql=mysql_query("UPDATE members SET passwd='$newpassword' where login='$username'");
if($sql)
{
echo "Congratulations You have successfully changed your password";
}
else
{
echo "The new password and confirm new password fields must be the same";
}
?>