password change in php

Maybe you should use md5() on the db password.

maybe you should use md5() on the db password.

hi,
thanks for quick resp!
My problem is not encryption but even if i dont enter anything into fields it gives same results in browser if i give correct old password and incorrect new password what shall it echo" wrong new password" but instead it gives same results

Since the output is "123456", my guess is that the password in the db was not encrypted. The one you entered in the form is encrypted with md5(), thus the mismatch.

I guess

first you print

echo $oldpassworddb."<br>";

which printing 123456
means you not using md5() while storing password into database ..

I guess

first you print

echo $oldpassworddb."<br>";

which printing 123456
means you not using md5() while storing password into database ..

i need this code to be executed and you are telling different thing

if ($oldpassword==$oldpassworddb)
   {
	if ($newpassword==$repeatnewpassword)
	   {
	   $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");
	    session_destroy();
	   die("Your password has been changed.<a href='/webdesigning1/index.php'>Return</a>");
	  }
	    else
	  die ("new passwords don't match!");

please tell me how to execute this code in my file

Pritaeas is correct ..
And i was also saying same ..

You encrypt while storing or Dont encrypt while checking(comparing)

So remove all md5()s on 16 17 n 18 and try your code may be exicuted

Pritaeas is correct ..
And i was also saying same ..

You encrypt while storing or Dont encrypt while checking(comparing)

So remove all md5()s on 16 17 n 18 and try your code may be exicuted

Thanks a lot !
it worked ,i deleted md5 from above mentioned lines and it helped then i wanted to keep md5.i looked at pritaeas's first responce and that helped me to keep md5
i am very much impressed .will you please tell me which web site shall i usse to learn php so that i get same confidence as you people
here comes other problem after inserting md5 on $oldpassworddb it changes the password but when i try to login it dosent recognise the new password and if i try to find it in phpmyadmin it is encryted there
thanks a lot sir

Everything is on php.net. A bit easier is w3schools.com (it will get you started), and if you still have questions, you should come here.

Yup php.net is best for online reference and all ..

I am also new to PHP and referring a book

Sams PHP and MySQL WebDevelopment 3edition by Luke..

I think its perfect book for PHP and MySql..
You can google for more books ..

and regarding ur another prob I didnt get what problem you having, Can you state it clear...

Yup php.net is best for online reference and all ..

I am also new to PHP and referring a book

Sams PHP and MySQL WebDevelopment 3edition by Luke..

I think its perfect book for PHP and MySql..
You can google for more books ..

and regarding ur another prob I didnt get what problem you having, Can you state it clear...

i mean when i change password it works but when i try to login with changed password it dosent login and says user doset exist then i copy password from phpadmin which is encrypted i mean in the form of md5 and past it in old password and it works
nnow my problem is when i change password it dosent login with changed password

i mean when i change password it works but when i try to login with changed password it dosent login and says user doset exist then i copy password from phpadmin which is encrypted i mean in the form of md5 and past it in old password and it works
nnow my problem is when i change password it dosent login with changed password

no body replies what happened?

no body replies what happened?

post your check login query here...

post your check login query here...

here it is

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>changepassword</title>
</head>
<body>
<?php
session_start();
$user = $_SESSION ['username'];
if ($user)
{
//user is logged in
if ($_POST['submit'])
{
       $oldpassword = md5($_POST['oldpassword']);
	   	$newpassword= md5($_POST['newpassword']);
		$repeatnewpassword = md5($_POST['repeatnewpassword']);
				//connect db
		 $connect = mysql_connect("localhost","webdesigning1","") or die ("couldnt connect to mysql data base ");
    mysql_select_db("phplogin") or die("couldnt find db") ;
   $queryget = mysql_query("SELECT password FROM users WHERE username ='$user'") or die("query didnt work");
   $row=mysql_fetch_assoc($queryget);
   $oldpassworddb=$row['password'];
   		//check pass againest db
	   if ($oldpassword==md5($oldpassworddb))
   {
	if ($newpassword==$repeatnewpassword)
	   {
	   $querychange = mysql_query("UPDATE users SET password=md5('$newpassword') WHERE username='$user'");
	    session_destroy();
	   die("Your password has been changed.<a href='/webdesigning1/index.php'>Return</a>");
	  }
	    else
	  die ("new passwords don't match!");
	   
   }
   else
   die ("old password dosent match!");
	}
	else
	echo "
	<form action='/webdesigning1/changepassword.php'  method='POST'>
	old password:<input type='text' name='oldpassword'><p>
	new password:<input type='password' name='newpassword'><br>
	repeat new password:<input type='password' name='repeatnewpassword'><br>
	<input type='submit' name='submit' value='change password'> <p>
	</form>
	";
}


else

	die
	     ("You must be logged in to change the password")
?>

</body>
</html>

You use md5 in your query on $newpassword, but you already did that in PHP, so now it's md5'd twice.

Yes, pritaeas is right,

change this line:

$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");

Yes, pritaeas is right,

change this line:

$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");

i have already changed that line but it still do's same thing changes password successfully puts it in md5 format in phplogin but when i try to login with new password it accepts it in md5 format not in simple format e.g if i change password from a to b now it shall login with b but it changes b into md5 format and accepts that format only which i have to copy from phpadmin

Its accepting md5() code correctly ??

Than you need to md5() ..

Md5(b) than check whether its correct password or not

Its accepting md5() code correctly ??

Than you need to md5() ..

Md5(b) than check whether its correct password or not

not able to understand what you want to say in these lines .Than you need to md5() ..

Md5(b) than check whether its correct password or not
will you please make necessary changes to code and send it to me or tell me on which line change is necesary

please help if anybody can

Do you use a different php file to login ? Maybe the changes in this file messed it up.

do you use a different php file to login ? Maybe the changes in this file messed it up.

it is working without md5 but when i use md5 it changes the password but does not login with new password this happens only when md5 is used

print your new password entered and database password in your browser , then check once...

I think you store your passwords in plain text the first time you add a user, and when you change the password you store it in md5. That will not do. Either you store your passwords plain text everywhere or you store them in md5 everywhere. There is no middle way.

I think you store your passwords in plain text the first time you add a user, and when you change the password you store it in md5. That will not do. Either you store your passwords plain text everywhere or you store them in md5 everywhere. There is no middle way.

i tried to do what you said but i think i am doing it wrong will you lease tell me which rows shall i change,u have my code

md5 the biggest problem here and they say stored data has problem the password is changed but stored in md5 and when we login it does not recognise the md5 password however without md5 it does