Member Avatar for j_limboo

Hi newbee to php mysql
appreciate if anyone can help in change password in sha1
Current mysql table

`users` (
  `id` int(255) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) NOT NULL,
  `firstname` varchar(50) DEFAULT NULL,
  `lastname` varchar(50) DEFAULT NULL,
  `password` varchar(40) NOT NULL,
  `active` int(1) NOT NULL DEFAULT '0',
  `ip` text NOT NULL,
  `usergroup` text NOT NULL,
  `datasource_id` int(3) unsigned DEFAULT '0',
  `last_login` int(14) DEFAULT NULL,
  `day_limit` int(3) unsigned DEFAULT NULL,
  `language` varchar(5) NOT NULL DEFAULT 'en',
  `email` varchar(100) DEFAULT NULL,
  `pwd_updated` int(14) unsigned DEFAULT NULL,
  `created` int(14) unsigned NOT NULL DEFAULT '0',
  `owner_id` int(255) NOT NULL DEFAULT '0',
  `modified` int(14) unsigned DEFAULT NULL,
  `updated` int(14) unsigned DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `login` (`username`),
  KEY `active` (`active`),
  KEY `password` (`password`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;
Edited by j_limboo because: n/a
  • 2 Contributors
  • 4 Replies
  • 136 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by j_limboo
Member Avatar for leviathan185

which part are you having issues with? The use of sha1() or the sql to change the password?

Post your change password script if you have one

Edited by leviathan185 because: spelling...
Member Avatar for j_limboo

Did some changes to the code which i was doing wrong and made it work
its working!

$server="xxxx";
$db_user="xxxx";
$db_pass="xxxx";
$database="xxxx";
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$rs_pwd = mysql_query("select password FROM users where username='$_POST[username]'");
list($old) = mysql_fetch_row($rs_pwd);

	if($old == sha1($_POST['password']))
	{
	$newmd5 = sha1(mysql_real_escape_string($_POST['newpassword']));
	mysql_query("update sumo_users set password='$newmd5' where username='$_POST[username]'");
echo "Password Changed successfully";
	} else
	{
	echo "Password change failed";
	}
	
	
	?>
Edited by j_limboo because: n/a
Member Avatar for leviathan185

you might want to add stripslashes() to the mysql_real_escape_string() because if the password has any special chars in it the stored password will have slashes is it, and the password you are comparing it against will not have the slashes.

you should use:

$newmd5 = sha1(mysql_real_escape_string(stripslashes($_POST['newpassword'])));
Edited by leviathan185 because: tags
Member Avatar for j_limboo

That adds sense
thank you

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.