Member Avatar for heshanm

Hi all,

This is my chage password script. This works ONLY if all the data fields entered correctly. Otherwise it gives several error messages. (Ex:incorrect username, incorrect pw etc)

users (user_id, first_name,last_name, email, phone_number, user_type, username, password)

<?php
session_start();

$connection=mysql_connect("localhost","root","");
$db=mysql_select_db("bank",$connection);

	
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword);	

$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else
if(md5($password)!=mysql_result($result,0))
{
echo "You entered an incorrect password";
}

if($newpassword==$confirmnewpassword) 
    $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}   
?>
  • 5 Contributors
  • 11 Replies
  • 353 Views
  • 11 Months Discussion Span
  • Latest Post Latest Post by viktor.jiracek.5
Member Avatar for Shanti C

This is my chage password script. This works ONLY if all the data fields entered correctly. Otherwise it gives several error messages. (Ex:incorrect username, incorrect pw etc)

Yes, the fields should not be null, if you enter nothing , then the query will result nothing,so the problem occurs.
Please clearly explain your requirement.

Member Avatar for heshanm

@Shanthi C;

This works ONLY if all the data fields entered correctly. Otherwise it gives several error messages. (Ex:incorrect username, incorrect pw etc)

I mean if i enter correct username, correct existing password, correct new password and correct confirm password. NOT just filling fields.

My problem is if i enter wrong existing password and try to enter a new password then also the coding works. That should be avoided. It should give only an error message.

Member Avatar for urtrivedi

changed if ladder

<?php
session_start();

$connection=mysql_connect("localhost","root","");
$db=mysql_select_db("bank",$connection);

	
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword);	

$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else
if(md5($password)!=mysql_result($result,0))
{
echo "You entered an incorrect password";
}
else
{
 

if($newpassword==$confirmnewpassword) 
    $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}   

}//i have added this brace //
?>
Edited by urtrivedi because: n/a
Member Avatar for heshanm

Thanks, Incorrect password works..:-)

But still generate error messages in following cases.

If user enters two different passwords in new password and confirm new password fields there should be an error message "The new password and confirm new password fields must be the same". But it says,

Notice: Undefined variable: sql in C:\wamp\www\MySite\php files\check_password.php on line 30

If user enters an incorrect username the following error message occurs.

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 4 in C:\wamp\www\MySite\php files\check_password.php on line 21
Call Stack

Member Avatar for urtrivedi

This is little simplified.

<?php
session_start();

$connection=mysql_connect("localhost","root","");
$db=mysql_select_db("bank",$connection);

	
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword);	

$result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");
if(mysql_result($result,0)=1) //there must be one combination of user/pass
{
	if($newpassword==$confirmnewpassword) 
	{
	    $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
	    if($sql) 
	    { 
	   	 	echo "Congratulations You have successfully changed your password"; 
	    }
	}
	else
	{ 
		echo "The new password and confirm new password fields must be the same"; 
	}   
}
else
{ 
	echo "Invalid Username/Password"; 
} 


?>
Member Avatar for heshanm

It says,

Fatal error: Can't use function return value in write context in C:\wamp\www\MySite\php files\check_password.php on line 16

Member Avatar for urtrivedi

it needs double ==

if(mysql_result($result,0)==1)
Member Avatar for heshanm

Thanks a lot urtrivedi..Now everything works fine..:-)

I want to know one more thing. Is it possible to display these echo messages in the same page where user enters details..

Member Avatar for heshanm

Then how could i change my script to fulfill the above requirement?

Member Avatar for viktor.jiracek.5

I am working on this code as well and I am having trouble. It doesn't work and it seems to just refresh the page when I submit the right information. I would appreciate any help. Thanks!

<html>
    <head>
        <title>Change Password</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
<?php
$connection=mysql_connect('localhost','root','') or die (mysql_error());
$db=mysql_select_db('databasehere',$connection) or die (mysql_error());

$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword); 
$result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");
if(mysql_result($result,0)==1) //there must be one combination of user/pass
{
    if($newpassword==$confirmnewpassword) 
    {
        $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
        if($sql) 
        { 
            echo "Congratulations! You have successfully changed your password"; 
        }
    }
    else
    { 
        echo "The new password and confirm new password fields must be the same"; 
    }   
}
else
{ 
    echo "Invalid Username/Password"; 
} 
?>

<form action="changepassword.php" method="post">
<div id="border">
<table cellpadding="2" cellspacing="0" border="0">
    <tr>
        <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
    </tr>
    <tr>
        <td>Username:</td>
        <td><input type="text" name="username" /></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type="password" name="password" /></td>
    </tr>
    <tr>
        <td>New Password:</td>
        <td><input type="password" name="newpassword" /></td>
    </tr>
    <tr>
        <td>Confirm New Password:</td>
        <td><input type="password" name="confirmnewpassword" /></td>
    </tr>
    <tr>
        <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
</div>
</form>
    </body>
</html>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.