password change in PHP on MySQL

Question

tissam 0 Newbie Poster

14 Years Ago

In MySQL I have "users" table and one user for password and username exist. i need to change this password using basic HTML form. But when press the "Update Password" button every time given print out "The username you entered does not existThe new password and confirm new password fields must be the same". so please provide me complete correct coding for "changepw.php" I will attached both HTML and PHP codes what i have. This password not the MD5. (in addition pls guide me in case of password is MD5 how should be the PHP coding)

changepw.html

<html>
     <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Password Change</title>
     </head>
    <body>
    <h1>Change Password for </h1>

   <form method="POST" action="passch1.php">
    <table>
    <tr>
   <td>Enter your UserName</td>
    <td><input type="username" size="10" name="username"></td>
    <td>Enter your existing password:</td>
    <td><input type="password" size="10" name="password"></td>
    </tr>
  <tr>
    <td>Enter your new password:</td>
    <td><input type="password" size="10" name="newpassword"></td>
    </tr>
    <tr>
   <td>Re-enter your new password:</td>
   <td><input type="password" size="10" name="confirmnewpassword"></td>
    </tr>
    </table>
    <p><input type="submit" value="Update Password">
    </form>
   <p><a href="home.php">Home</a>
   <p><a href="logout.php">Logout</a>
   </body>
    </html>

changepw.php

<?php
$dbhost = "localhost";
$dbname = "tissam";
$dbuser = "root";
$dbpass = "ranjith";

//Connect to database

$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE login='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where login='$username'");

        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }

      ?>

mysql php

Edited 11 Years Ago by Reverend Jim because: Fixed formatting

6 Contributors
5 Replies
6K Views
5 Years Discussion Span
Latest Post 8 Years Ago Latest Post by diafol

vaultdweller123 32 Posting Pro

14 Years Ago

maybe the username doesnt really exist... check your database if the username you inputted is already inserted

diafol

8 Years Ago

OK, enough on this nonsense. There are plenty of tutes and snippets and stuff on DW on this. No need to resurrect a 5 year old thread.

1) Do not use mysql_* functions
2) Do not use MD5
3) Do not place raw unsanitized input into queries - use prepared statements

I think it's fair to say the posts in this thread are exactly how IT SHOULD NOT be done.

BTW:

if($newpassword=$confirmnewpassword)

Will be interesting! ::rolleyes::

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

baalasubramanya 0 Newbie Poster · Answer 1 · 2012-02-13T19:20:49+00:00

change the above type as text, instead of username.

nice jone 0 Newbie Poster · Answer 2 · 2015-07-29T12:01:55+00:00

        <?php
$dbhost = "localhost";
$dbname = "tissam";
$dbuser = "root";
$dbpass = "ranjith";
//Connect to database
$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE login='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where login='$username'");
        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }
      ?>

change code like this

Ajdin 0 Newbie Poster · Answer 3 · 2015-11-29T21:55:58+00:00

If anyone using this the error is because you got here SELECT password FROM users WHERE login='$username'"); "where login there should be where username cause you need to get username so the ful working code is this, just change your database info:

<?php
$dbhost = "host";
$dbname = "name";
$dbuser = "user";
$dbpass = "pass";
//Connect to database
$link= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());
        $username = $_POST['username'];
        $password = $_POST['password'];
        $newpassword = $_POST['newpassword'];
        $confirmnewpassword = $_POST['confirmnewpassword'];
        $result = mysql_query("SELECT password FROM users WHERE username='$username'");
        if(!$result)
        {
        echo "The username you entered does not exist";
        }
        else if($password!= mysql_result($result, 0))
        {
        echo "You entered an incorrect password";
        }
        if($newpassword=$confirmnewpassword)
        $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'");
        if($sql)
        {
        echo "Congratulations You have successfully changed your password";
        }
       else
        {
       echo "The new password and confirm new password fields must be the same";
       }
      ?>