MD5 Password changed but cannot login

do not add .$salt to md5 with password

md5(mysql_real_escape_string($newpassword))

Many thanks urtrivedi,
Have made the change and getting an error that the New Password cannot be blank. The newpassword (as a hash) is being inserted to the db but I still cannot use it to login with..

You need to add md5() around all your references to the password that you want to look up in the database, i.e.

$newpassword = md5(mysql_real_escape_string($_POST['newpassword']));

Thanks for the avdvice...
I have this code now and I notice that my var_dump is loading on window open as well as the error message "New password cannot be blank!"... now why would it do that if I have not yet submitted the form?

<?php
include '../dbfunctions.php';
$link = dbConnect();
session_start();
$stid = $_GET['staffref']; 
echo $stid; 

//$staffs = dbGetRows("staff", "id = '".$stid."'");
//$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
//$password = md5($staff['password']);
//echo $staff['username'];
//echo $staff['password'];

  if (isset($_POST['submit'])) {
  	
	$username = $_POST['username'];
	$oldpassword = md5(mysql_real_escape_string($_POST['oldpassword']));
	$newpassword = md5(mysql_real_escape_string($_POST['newpassword']));
	$confirmnewpassword = md5(mysql_real_escape_string($_POST['confirmnewpassword']));
  }
//if(isset($_POST['Submit'])){
$query = "SELECT username FROM staff WHERE username = '".$username."'";
echo $username;
$result = mysql_query($query);

	    if ($result) {
	        // Check if Old password is the correct
	        if ($oldpassword != $password){ 
			echo "Old password is wrong!";
			}
	       }  
	        //Check if New password if blank
	        if (!$newpassword){
			echo "New password cannot be blank!";
			}
	                 
	        // Check if New password is confirmed
	        if ($newpassword != $confirmpassword){ 
			echo "The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!"; 
			}
else
	        // If everything is ok,  modify the record
$query = sprintf("UPDATE staff SET password = '%s' WHERE username = '".$username."'", md5(mysql_real_escape_string($newpassword), mysql_real_escape_string($username)
            ));
			var_dump($query);
	        mysql_query($query) or die('Error : ' . mysql_error());
	?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFF4DC">
<table width="60%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr> 
    <td width="32"><img src="../images/admin_03.gif"></td>
    <td width="0*" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
  </tr>
  <tr> 
    <td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
        <tr> <td>

         <a href="javascript:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br> 
             </td>
            
          <td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
            <br>
           <form name="form1" method="post" action="changepassword.php">
              <table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
                <tr>
                  <td><b>Username:</b></td>
                  <td><input type="text" name="username" ></td>
                </tr>
                <tr> 
                  <td width="154"><b>Old Password:</b></td>
                  <td width="167"><input type="password" name="oldpassword"></td>
                </tr>
                <tr> 
                  <td><b>New Password</b></td>
                  <td><input type="password" name="newpassword"> </td>
                </tr>
                <tr> 
                  <td><b>New Password Again</b></td>
                  <td><input type="password" name="confirmnewpassword"></td>
                </tr>
                <tr> 
                  <td>&nbsp;</td>
                  <td align="right"> <input type="submit" name="Submit" value="Submit">                  </td>
                </tr>
                 
              </table>
            </form>
            </td>
        </tr>
      </table></td>
    <td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
  </tr>
  <tr> 
    <td><img src="../images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="../images/admin_20.gif" width="32" height="33"></td>
  </tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>

You need to var_dump($_POST), not $query and the reason that is showing as soon as the page loads is because it is not contained within you if statement to check if the form has been submitted and will obviously be empty at that point.

You also have to curly brackets around you else statement.

keep line 21 as (uncomment)

if(isset($_POST['Submit'])){

also add close brace } at line 47

Hi there urtrivedi and thanks for taking the time to assist.

I have updated as you suggest and "on submit" the var_dump is returning the following:

array(5) { ["username"]=> string(5) "jacky" ["oldpassword"]=> string(8) "fletcher" ["newpassword"]=> string(8) "gyesdahl" ["confirmnewpassword"]=> string(8) "gyesdahl" ["Submit"]=> string(6) "Submit" }

and the new password (gyesdahl) is not being updated in the db. I am thinking it has something to do with an MD5 declaration but not sure at which line I need to do this.

Does the code

md5(mysql_real_escape_string

have to be inserted prior to every $password variable as on line 40?

Also, none of my error responses are displaying when I omit or deliberatley insert incorrect username etc for testing...

my code is now like this..

?php
include '../dbfunctions.php';
$link = dbConnect();
session_start();
$stid = $_GET['staffref']; 
echo $stid; 

//$staffs = dbGetRows("staff", "id = '".$stid."'");
//$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
//$password = md5($staff['password']);
//echo $staff['username'];
//echo $staff['password'];

  if (isset($_POST['submit'])) {
 
	$username = $_POST['username'];
	$oldpassword = md5(mysql_real_escape_string($_POST['oldpassword']));
	$newpassword = md5(mysql_real_escape_string($_POST['newpassword']));
	$confirmnewpassword = md5(mysql_real_escape_string($_POST['confirmnewpassword']));
  }
 var_dump($_POST);	
if(isset($_POST['Submit'])){
$query = "SELECT username FROM staff WHERE username = '".$username."'";
//}
//echo $username;
		$result = mysql_query($query);

	    //if($result) {
	        // Check if Old password is the correct
	        if($username != $username){ 
			echo "Aw shucks! Seems like you don't exist! Please recheck your username dude";
			//}
	       //}  
	        //Check if New password if blank
	        if($newpassword == "" ){
			echo "New password cannot be blank!";
			}
	                 
	        // Check if New password is confirmed
	        if ($newpassword != $confirmpassword){ 
			echo "The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!"; 
			}
			else{
	        // If everything is ok,  modify the record
			$query = sprintf("UPDATE staff SET password = '%s' WHERE username = '".$username."'", md5(mysql_real_escape_string($newpassword), mysql_real_escape_string($username)
            ));
			}
			$result =  mysql_query($query) or die('Error : ' . mysql_error());
			if( $result ) {
			echo "All done!";
			}
			}
			}
	       //}
			
	?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFF4DC">
<table width="60%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr> 
    <td width="32"><img src="../images/admin_03.gif"></td>
    <td width="0*" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
  </tr>
  <tr> 
    <td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
        <tr> <td>

         <a href="javascript:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br> 
             </td>
            
          <td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
            <br>
           <form name="form1" method="post" action="changepassword.php">
              <table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
                <tr>
                  <td><b>Username:</b></td>
                  <td><input type="text" name="username" ></td>
                </tr>
                <tr> 
                  <td width="154"><b>Old Password:</b></td>
                  <td width="167"><input type="password" name="oldpassword"></td>
                </tr>
                <tr> 
                  <td><b>New Password</b></td>
                  <td><input type="password" name="newpassword"> </td>
                </tr>
                <tr> 
                  <td><b>New Password Again</b></td>
                  <td><input type="password" name="confirmnewpassword"></td>
                </tr>
                <tr> 
                  <td>&nbsp;</td>
                  <td align="right"> <input type="submit" name="Submit" value="Submit">                  </td>
                </tr>
                 
              </table>
            </form>
            </td>
        </tr>
      </table></td>
    <td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
  </tr>
  <tr> 
    <td><img src="../images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="../images/admin_20.gif" width="32" height="33"></td>
  </tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>

$query = sprintf("UPDATE staff SET password = '%s' WHERE username = '".$username."'", md5(mysql_real_escape_string($newpassword), mysql_real_escape_string($username)
));

you have too many arguments. you can cause a crash in a C program doing this with printf-like statements.
try

$query = sprintf("UPDATE staff SET password = '%s' WHERE username = '%s'", md5(mysql_real_escape_string($newpassword), mysql_real_escape_string($username)
));

anyplace in a database query where usernames and passwords or anything from $_POST is involved, you should be using mysql_real_escape_string(), because it could be infected with SQL injection attacks.

I also recommend you use SHA1 instead of MD5. the maker of MD5 told me that it has hash collisions (multiple input content which can generate the same number), has been verified to be untrustworthy as a hash-code algorithm if you want to convert content to a unique number (actually, if you are working on files, sha256 or sha512 would be better). but for short passwords, SHA1 would be sufficient.

also, if you want to compare a password with an empty string, simply compare your SHA1($password) == SHA1(""), you can do this since a hash is a 1-way function.

Wow... ok thanks for the heads-up on SHA1 and the code change... Converting to SHA1 is going to be another project and learning curve for me :) which I will certainly get to but what I need to do now is get this last bit of code working so I can finish off other stuff. Right now not being able to change the password is delaying my progress on other functionality in my app. Spent over a week on it and being pretty new to php / mysql I though I was on top of most things but this securing of passwords I am finding a challenge top say the least :)

So now it appears the submit is capturing all the relevant form data but for some reason it is not placing it into the db, even with me changing the sprintf structure... will keep testing various options till I get it right.... Should the var_dump not be showing me the hash value instead of the actual password?

check my code in new page. IF this works I will explain you later

<?php
.
.
.
.
.
//echo $staff['password'];

  if (isset($_POST['submit'])) 
  {
 
	$username = $_POST['username'];
	$oldpassword = md5($_POST['oldpassword']);
	$newpassword = $_POST['newpassword'];
	$confirmnewpassword = $_POST['newpassword'];
  
// var_dump($_POST);	

 
    if($newpassword == "" )
	{
		echo "New password cannot be blank!";
	}
    // Check if New password is confirmed
    elseif ($newpassword != $confirmnewpassword)
	{ 
		echo "The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!"; 
	}
    else
	{

		 // query username old password is not correct
		$query = "SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."' and password = '".$oldpassword."'";
	
	
		$result = mysql_query($query);
		$row=mysql_fetch_array($result);
	
	    // Check if Old username old password is not correct
	    if(!$row)
		{
		  
			echo "Aw shucks! Seems like you don't exist! Please recheck your username/password dude";
		}
		else
		{
	    // If everything is ok,  modify the record
			$query = "UPDATE staff SET password = '".md5($newpassword)."' WHERE username = '".$username."'";
			$result =  mysql_query($query) or die('Error : ' . mysql_error());
			if( $result ) 
			{
				echo "All done!";
			}
		}
	}
 }	    
			
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
.
.
.
.
.

Nothing happens ... the screen just refreshes with empty fields. When I close the window to refresh the parent to start again I am logged out

can you post your all php files and table script in sql here

<?php
	$minalphas=2;
	$mindigits=2;
	$minpuncts=3;
	$minlength=8;
//you can make this same password strength validation function in javascript.
//returns "" if passes strength validation. otherwise, contains report strings separated with BR tags as to what is wrong.
function checkpassword($s) {
	$report="";
	//$minalphas=2;
	//$mindigits=2;
	//$minpuncts=3;
	//$minlength=8;
	$digits="0123456789";
	$alphas="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
	//punctuation is anything which is not in these sets
	//a 12-character password with punctuation is better.
	$punctcount=$alphascount=$digitscount=0;
	$i=0;
	$len=strlen($s);
    if ($len < $minlength) {
		$report .= "password must be at least $minlength characters long.<br>";
    }

	//count digits
	for ($i=0; $i < $len; $i++) {
		if (FALSE!==strpos($digits,$s[$i])) {
			$digitscount++;
		}
	}

	//count alphas 
	for ($i=0; $i < $len; $i++) {
		if (FALSE!==strpos($alphas,$s[$i])) {
			$alphascount++;
		}
	}

	//count punctuation
	for ($i=0; $i < $len; $i++) {
		//if we can't find it in either the alphas or the digits, it must be punctuation.
		if (FALSE===strpos($digits,$s[$i]) && FALSE===strpos($alphas,$s[$i])) {
			$punctscount++;
		}
	}
	//generate report
	if ($alphascount < $minalphas)	{
		$report .= "password must have at least $minalphas alpha characters.<br>";
	}
	if ($digitscount < $mindigits)	{
		$report .= "password must have at least $mindigits digits.<br>";
	}
	if ($punctscount < $minpuncts)	{
		$report .= "password must have at least $minpuncts punctuation characters.<br>";
	}
	return $report;
}

include '../dbfunctions.php';
$link = dbConnect();
session_start();
$stid = $_GET['staffref']; 
echo $stid; 

//$staffs = dbGetRows("staff", "id = '".$stid."'");
//$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
//$password = md5($staff['password']);
//echo $staff['username'];
//echo $staff['password'];

if (isset($_POST['submit'])) {
	$username = $_POST['username'];
	$oldpassword = $_POST['oldpassword'];
	$newpassword = $_POST['newpassword'];
	$confirmnewpassword = $_POST['confirmnewpassword'];
} else {
	$username=$oldpassword=$newpassword=$confirmnewpassword="";
}
var_dump($_POST);
$errors=""; //a variable to accumulate the errors into a report for later in the page
if(isset($_POST['Submit'])){
$query = "SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."'";
//}
//echo $username;
	$result1 = mysql_query($query);

	    //if($result) {
	        // Check if Old password is the correct
	if (mysql_num_rows($result1) < 1) { 
		$errors .= "<div>Aw shucks! Seems like you don't exist! Please recheck your username dude</div>\n";
		//}
	       //}  
	        //Check if New password if blank
		$s=checkpassword($newpassword);
	    if ("" != $s){
			$errors.="<div>$s</div>\n";
		}
	                 
	        // Check if New password is confirmed
	    if ($newpassword != $confirmpassword) { 
			$errors.= "<div>The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!</div>\n"; 
		}
		//update the password ONLY if the confirm password matches new password, and password strength check comes back OK.
		if ($newpassword == $confirmpassword && "" == $s) {
	        // If everything is ok,  modify the record
			$query = sprintf("UPDATE staff SET password = '%s' WHERE username = '%s'", SHA1($newpassword), $username);
		
			$result = mysql_query($query) or die('Error: ' . mysql_error());
			if ($result) {
				$errors.= "<div>All done!</div>\n";
			}
			
		}
	}
	mysql_free_result($result1);
}
	       //}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFF4DC">
<table width="60%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr> 
    <td width="32"><img src="../images/admin_03.gif"></td>
    <td width="0*" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
  </tr>
  <tr> 
    <td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
        <tr> <td>

         <a href="javascript<b></b>:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br> 
             </td>
            
          <td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
            <br>
           <form name="form1" method="post" action="changepassword.php">
              <table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
                <tr>
                  <td><b>Username:</b></td>
                  <td><input type="text" name="username" ></td>
                </tr>
                <tr> 
                  <td width="154"><b>Old Password:</b></td>
                  <td width="167"><input type="password" name="oldpassword"></td>
                </tr>
                <tr> 
                  <td><b>New Password</b></td>
                  <td><input type="password" name="newpassword"> </td>
                </tr>
                <tr> 
                  <td><b>New Password Again</b></td>
                  <td><input type="password" name="confirmnewpassword"></td>
                </tr>
                <tr> 
                  <td>&nbsp;</td>
                  <td align="right"> <input type="submit" name="Submit" value="Submit">                  </td>
                </tr>
                 
              </table>
            </form>
            </td>
        </tr>
      </table></td>
    <td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
  </tr>
  <tr> 
    <td><img src="../images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="../images/admin_20.gif" width="32" height="33"></td>
  </tr>
</table>
<br>
<br>
<?php echo "<p>Password must be at least $minlength characters long, have at least $minalphas alphas, $mindigits digits, and $minpuncts punctuation characters.<p>"; ?>
<br>
<?php echo $errors; ?>
<br>
</body>
</html>

you are missing the requires mysql_free_result() after queries are done, without which you will ruin your queries and results, even over multiple page visits.
you don't have to mysql_real_escape_string anything that comes out of SHA1 or MD5, since there are not going to be any quotes, newlines, or any othewr things that accompany SQL injection attacks, only hexadecimal characters 0-9a-f.

<?php echo "<p>Password must be at least $minlength characters long, have at least $minalphas alphas, $mindigits digits, and $minpuncts punctuation characters.<p>"; ?>

put this code somewhere so users know what to expect from the password strength checker.

Ok...
What happens is that an adminsitrator logs in (Jacky/fletcher) and can change passwords. They go to staff (a tab in their index.php) then click a record which launched editstaff.php.. (code below) and then from there choose a staff member to edit...

editstaff.php

<?php
  include '../dbfunctions.php'; 
  session_start();
  
  $link = dbConnect();
  
  echo $stid;
  checkStaffLogin();
   
  $staffref = $_GET['staffref'];  
  $coid = $_GET['coref'];
  
  $companies = dbGetRows("companies", "id = '".$coid."'");
  $company = mysql_fetch_array($companies, MYSQL_ASSOC); 
  echo $coid;
  
 if( isset($_POST['Submit']) ) {
$query = "UPDATE staff SET `username` = '".$_POST['username']."', `password` = '".$_POST['password']."',`title` = '".$_POST['title']."', `firstname` = '".$_POST['firstname']."', `surname` = '".$_POST['surname']."', `tel` = '".$_POST['tel']."', `cell` = '".$_POST['cell']."', `email` = '".$_POST['email']."', `isadmin` = '".$_POST['isadmin']."' WHERE id = '".$_POST['id']."'";
$result = mysql_query($query) or die( "Error: " . mysql_error() );
//var_dump ($query);
   } 
$staffs = dbGetRows("staff", "id = '".$staffref."'");
$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>EditStaff Member</title>
<link rel="shortcut icon" type="image/x-icon" href="../images/favicon.ico">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../bb.css" rel="stylesheet" type="text/css">
<script src="../usableforms1.js"></script>
<style type="text/css">
<!--
.style1 {
	color: #990000;
	font-weight: bold;
}
-->
</style>
</head>
<body bgcolor="#FFFFFF" onLoad="prepareForm()">
<table width="80%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td width="23"><img src="../images/brdr-tl.gif"></td>
    <td width="1005" background="../images/brdr-t2.gif"></td>
    <td width="23"><img src="../images/brdr-tr.gif"></td>
  </tr>
  <tr>
    <td valign="top" background="../images/brdr-l2-repeat.gif" style="background-repeat: repeat-y; background-position: left;"><img src="../images/brdr-l2.gif" width="23" <?php if(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0) echo "style=\"height: 100%\""; ?>></td>
    <td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td width="174" height="81" align="center"><img src="../images/zululogo.gif" width="159" height="61"></td>
          <td width="626" align="right" valign="bottom"><input type="button" name="Cancel2" value="Cancel" onClick="window.close(); opener.location.reload(true);"></td>
        </tr>
      </table>
      <table width="100%" border="0" cellspacing="0" cellpadding="3">
        <tr>
          <td bgcolor="#F5F5F5"><font size="3" color="#880000"><b><?php echo $staff['firstname']; ?>&nbsp;<?php echo $staff['surname']; ?>&nbsp;:&nbsp;Edit Staff Member</b></font> </a></td>
        </tr>
      </table>
      <br>
      <?php 
  if(isset($_POST['Submit'])) {
   echo "Staff Member Details Succesfully Altered.<br><br>
            <a href=\"javascript:;\" onClick=\"window.close(); opener.location.reload(true)\">[CLOSE WINDOW]</a><br> <br> 
            <td valign=\"top\" background=\"../images/brdr-r2-repeat.gif\" style=\"background-repeat: repeat-y; background-position: right;\"><img src=\"../images/brdr-r2.gif\" width=\"23\" ".(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0 ? "style=\"height: 100%\"" : "")."></td>
  </tr>
  <tr> 
    <td><img src=\"../images/brdr-bl.gif\"></td>
    <td background=\"../images/brdr-b2.gif\" style=\"background-repeat: repeat-x;\"></td>
    <td><img src=\"../images/brdr-br.gif\"></td>
  </tr>
</table>
<br>
</body>
</html>";
 die();
}
        ?>
      <br>
      <form name="form1" method="post" action="editstaff.php">
        <table width="65%" border="0" align="center" cellpadding="2" cellspacing="5" bgcolor="#FAFAFA">
          <tr>
            <td colspan="2"><hr></td>
          </tr>
          <tr>
            <td width="385"><b>Login Details</b></td>
            <td width="156"><input type="hidden" name="id" value="<?php echo $staffref; ?>"></td>
          </tr>
          
          <tr>
            <td width="385" bgcolor="#FFFF99"> <span class="style1">Username:</span></td>
            <td width="156" bgcolor="#FFFF99"><input type="text" name="username" value="<?php echo $staff['username']; ?>"></td>
          </tr>
          <tr>
            <td width="385" bgcolor="#FFFF99"> <span class="style1">Password:</span></td>
            <td width="156" bgcolor="#FFFF99">&nbsp;<a href="javascript:;" onClick="window.open('changepassword.php?staffref=<?php echo $staffref; ?>', '_blank', 'width=600,height=750,toolbar=0,location=0,status=0,menubar=0,resizable=0,scrollbars=1');" class="small">[change password]</a></td>
          </tr>
          <tr>
            <td colspan="2" bgcolor="#FFFFFF"><hr></td>
          </tr>
          <tr>
            <td><b>Title:</b></td>
            <td><select name="title" size="1">
                 <option value="Mr." <?php if( $staff['title'] == "Mr." ) echo "selected"; ?>>Mr.</option>
                <option value="Mrs."<?php if( $staff['title'] == "Mrs." ) echo "selected"; ?>>Mrs.</option>
                <option value= "Ms."<?php if( $staff['title'] == "Ms." ) echo "selected"; ?>>Ms.</option>
                <option value="Adv."<?php if( $staff['title'] == "Adv." ) echo "selected"; ?>>Adv.</option>
                <option value="Prof."<?php if( $staff['title'] == "Prof." ) echo "selected"; ?>>Prof.</option>
                <option value="Dr."<?php if( $staff['title'] == "Dr." ) echo "selected"; ?>>Dr.</option>
              </select></td>
          </tr>
          <tr>
            <td width="385"><b>First Name:</b></td>
            <td width="156"><input type="text" name="firstname" value="<?php echo $staff['firstname']; ?>"></td>
          </tr>
          <tr>
            <td><b>Surname:</b></td>
            <td><input type="text" name="surname" value="<?php echo $staff['surname']; ?>"></td>
          </tr>
          <tr>
            <td><b>Telephone No:</b></td>
            <td><input type="text" name="tel" value="<?php echo $staff['tel']; ?>">            </td>
          </tr>
          <tr>
            <td><b>Cell Number:</b></td>
            <td><input type="text" name="cell" value="<?php echo $staff['cell']; ?>"></td>
          </tr>
          <tr>
            <td><b>E-Mail Address:</b></td>
            <td><input type="text" name="email" size="25" value="<?php echo $staff['email']; ?>">            </td>
          </tr>
          <tr>
            <td><b>Is Administrator?</b></td>
            <td width="126">
              <div align="left">
                <select name="isadmin" style="width: 65px;">
                  <option value="0" <?php if( $staff['isadmin'] == '0' ) echo "selected"; ?>>No</option>
                  <option value="1" <?php if( $staff['isadmin'] == '1' ) echo "selected"; ?>>Yes</option>
                  </select>
                <input type="hidden" name="isadmin" value="<?php echo $isadmin; ?>">
              </div></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td align="right"><input type="submit" name="Submit" value="Submit">
              <input type="button" name="Cancel2" value="Cancel" onClick="window.close(); opener.location.reload(true);"></td>
          </tr>
        </table>
      </form></td>
    <td valign="top" background="../images/brdr-r2-repeat.gif" style="background-repeat: repeat-y; background-position: right;"><img src="../images/brdr-r2.gif" width="23" <?php if(strpos($_SERVER['HTTP_USER_AGENT'], "MSIE") == 0) echo "style=\"height: 100%\""; ?>></td>
  </tr>
  <tr>
    <td><img src="../images/brdr-bl.gif"></td>
    <td background="../images/brdr-b2.gif"></td>
    <td><img src="../images/brdr-br.gif"></td>
  </tr>
</table>
<table>
  <tbody id="waitingRoom"
      style="display: none">
  </tbody>
</table>
<br>
</body>
</html>

From the above file in line #99 they launch changepassword.php which is the file we are now working on. I can give you live access if it will help?

My dbfunctions.php Lines 252 --> to do with login and password related functions

<?php
function dbConnect() {
//  $link = mysql_connect("sql5.jnb2.host-h.net", "leisur_3", "55gyes03")
//        or die("Could not connect : " . mysql_error());
//        mysql_select_db("leisur_db2") or die("Could not select database");
 // return $link;
//}
  $link = mysql_connect("localhost", "root", "")
        or die("Could not connect : " . mysql_error());
        mysql_select_db("res") or die("Could not select database");
  return $link;
}

 function checkTkadminLogin() {
  $aid = $_SESSION['aid'];
  $password = $_SESSION['password'];
  $admin = loginID("tkadmin", $stid,$password);
  if( mysql_num_rows($admin) != 1 ) { header("Location: login.php"); die(); }
}
function checkVenueLogin() {
  $id = $_SESSION['venueid'];
  $password = $_SESSION['password'];
  $users = loginID("venues",$id,$password);
  if( mysql_num_rows($users) != 1 ) { header("Location: login.php"); die(); }
}

function checkTourLogin() {
  $tid = $_SESSION['tourid'];
  $password = $_SESSION['password'];
  $tourusers = loginID("tourops",$tid,$password);
  if( mysql_num_rows($tourusers) != 1 ) { header("Location: login.php"); die(); }
}
function checkActvityLogin() {
  $actid = $_SESSION['activityid'];
  $password = $_SESSION['password'];
  $actusers = loginID("actvities", $actid,$password);
  if( mysql_num_rows($actusers) != 1 ) { header("Location: login.php"); die(); }
}
function checkGuestLogin() {
  //60373b0369db0c5f482fe31dfc151a8b
	$guestid = $_SESSION['id'];
  $password = $_SESSION['password'];
  $guestusers = loginID("guests",$guestid,$password);
  if( mysql_num_rows($guestusers) != 1 ) { header("Location: login.php"); die(); }
  }
function checkOwnerLogin() {
  $ownerid = $_SESSION['ownerid'];
  $password = $_SESSION['password'];  
  $ownerusers = loginID("owners", $ownerid,$password);
  if( mysql_num_rows($ownerusers) != 1 ) { header("Location: login.php"); die(); }
}
function checkSupplierLogin() {

  $sid = $_SESSION['sid'];
  $password = $_SESSION['password'];

  $supplierusers = loginID("suppliers",$sid,$password);
  if( mysql_num_rows($supplierusers) != 1 ) { header("Location: login.php"); die(); }
}                                     

function checkStaffLogin() {
  $stid = $_SESSION['stid'];
  $password = $_SESSION['password'];
  $staffusers = loginID("staff", $stid,$password);
  //echo"$stid,$password<br>";echo mysql_num_rows($staffusers);exit;
  if( mysql_num_rows($staffusers) != 1 ) { header("Location: login.php"); die(); }
}
function showFacilities( $facilities ) {
  $images = "";
  for( $n = 0; $n < strlen($facilities); $n++) {
    switch( substr($facilities, $n, 1) ) {
      case "t":
        $images .= "<img src=\"images/icons/ico_tv.gif\">";
        break;
      case "s":
        $images .= "<img src=\"images/icons/ico_smoke.gif\">";
        break;
      case "f":
        $images .= "<img src=\"images/icons/ico_safe.gif\">";
        break;
      case "g":
        $images .= "<img src=\"images/icons/ico_gym.gif\">";
        break;
      case "p":
        $images .= "<img src=\"images/icons/ico_swim.gif\">";
        break;
      case "l":
        $images .= "<img src=\"images/icons/ico_phone.gif\">";
        break;
      case "d":
        $images .= "<img src=\"images/icons/ico_address.gif\">";
        break;
      case "o":
        $images .= "<img src=\"images/icons/ico_towels.gif\">";
        break;
     case "c":
        $images .= "<img src=\"images/icons/ico_cover_park.gif\">";
        break;
     case "e":
        $images .= "<img src=\"images/icons/ico_pets.gif\">";
        break;
        case "m":
        $images .= "<img src=\"images/icons/ico_tv_sat.gif\">";
        break;      
    }
}
    return $images;
}

function showcards( $cards ) {

$images = "";
  for( $n = 0; $n < strlen($cards); $n++) {
    switch( substr($cards, $n, 1) ) {
      case "v":
        $images .= "<img src=\"images/icons/ico_visa.gif\">";
        break;
      case "x":
        $images .= "<img src=\"images/icons/ico_amex.gif\">";
        break;
      case "z":
        $images .= "<img src=\"images/icons/ico_diners.gif\">";
        break;
        }
    }   
    return $images;
}
function myDateTophp ($mydate) {
  $yr = substr($mydate,0,4);
  $mo = substr($mydate,5,2);
  $da = substr($mydate,8,2);

  return mktime(04,52,82,$mo,$da,$yr);
}

function getExpiryDate( $startdate, $months ) {

  $yr = substr($startdate,0,4);
  $mo = substr($startdate,5,2);
  $da = substr($startdate,8,2);

  if( $months > 0 )
    return mktime(00,00,00,$mo+$months,$da, $yr);
  else
    return mktime(00,00,00,$mo,$da+7, $yr);
}

function getAdminStatusColor( $expiry, $active ) {
  $c = "#EEEEEE";
  if( strtotime("now") + (3*24*60*60) > $expiry ) $c = "#FF0000";
  if( $expiry < strtotime("now") ) $c = "#888888";

  return $c;
}

function showBlock( $user, $option ) {
  $optres = dbGetRows("options", "username = '".$user."'");
  $options = mysql_fetch_array($optres, MYSQL_ASSOC);

  if( $options[$option] == '1' ) return "block;"; return "none;";
}

function canHandlePNG() {
  $browser = getBrowser();
  if( $browser != "Internet Explorer" ) return true; else return false;
}

function colorizeHex( $fromcolor, $refcolor ) {

   $r = hexdec(substr($refcolor, 0,2));
   $g = hexdec(substr($refcolor, 2,2));
   $b = hexdec(substr($refcolor, 4,2));

   $or = hexdec(substr($fromcolor, 0,2));
   $og = hexdec(substr($fromcolor, 2,2));
   $ob = hexdec(substr($fromcolor, 4,2));

    $t = ($or+$og+$ob)/3;
    $nr = min((0.8 * $t) + (0.5* $r), 255);
    $ng = min((0.8 * $t) + (0.5* $g), 255);
    $nb = min((0.8 * $t) + (0.5* $b), 255);

    return dechex($nr).dechex($ng).dechex($nb);
  }

function getBrowser() {
if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Gecko') )
{
   if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Netscape') )
   {
     $browser = 'Netscape';
   }
   else if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') )
   {
     $browser = 'Firefox';
   }
   else
   {
     $browser = 'Mozilla';
   }
}
else if ( strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') )
{
   if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') )
   {
     $browser = 'Opera';
   }
   else
   {
     $browser = 'Internet Explorer';
   }
}
else
{
   $browser = 'Other Browser';
}

return $browser;

}


function logTraffic() {
  $fieldvals[0] = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ".",0));
  $fieldvals[1] = str_replace(".php", "", substr($_SERVER['PHP_SELF'], strpos($_SERVER['PHP_SELF'], "/", 1)+1));
  $fieldvals[2] = date("Y-m-d");
  $fieldvals[3] = $_SERVER['REMOTE_ADDR'];
  $r = dbAddRow( "trafficstats", "`username`, `page`, `date`, `ip`", $fieldvals);
}

function dbAddRow( $table, $fields, $values ) {

  $actualvals = "";
  foreach( $values as $v )   { $actualvals.= "'".$v."', "; }

  if( strlen($actualvals) > 2 ) {$actualvals = substr($actualvals, 0, strlen($actualvals)-2);}

  $query = "INSERT INTO `".$table."` ( ".$fields." ) VALUES ( ".$actualvals." );";
  $result = mysql_query($query) or die("Query failed : " . mysql_error());

  return $result;
}

function dbUpdateRow ($table, $username, $set, $where) {

  $query = "UPDATE `".$table."` SET ".$set." WHERE `username` = '".$username."'".$where.";";
  $result = mysql_query($query) or die("Query failed : " . mysql_error());

  return $result;
}
 
function login( $table,$username, $password) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE username='%s' AND password='%s'",
            mysql_real_escape_string($username),
            md5(mysql_real_escape_string($password).$salt));
		$result=mysql_query($query);
        if(mysql_num_rows($result)==1)
        	$_SESSION['loggedin']=1;
        else 
        	unset($_SESSION['loggedin']);
        return $result;
}
function loginID( $table,$userID, $password) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE id='%s' AND password='%s'",
			mysql_real_escape_string($userID),
            md5(mysql_real_escape_string($password).$salt));
        	$result=mysql_query($query);
        return $result;
}
function changePassword( $table, $username, $password) {
        include 'config.inc.php';
        $query = sprintf("Update `$table` set password='%s' WHERE username='%s'",
            md5(mysql_real_escape_string($password).$salt),
            mysql_real_escape_string($username)
            );
        $result=mysql_query($query);
        
        return 1;
}
function checkUser( $table,$username) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE username='%s' ",
            mysql_real_escape_string($username));
        $result=mysql_query($query);
        return $result;
}

function dbGetRows( $table, $query ) {

        $result = mysql_query("SELECT * FROM `".$table."` WHERE ".$query) or die("Query failed : " . mysql_error());
        return $result;
}
function dbGetDistinctRows( $table, $distinct, $query ) {

        $result = mysql_query("SELECT DISTINCT ".$distinct." FROM `".$table."` WHERE ".$query) or die("Query failed : " . mysql_error());
        return $result;
}

function checkLogin($un, $pw) {

  $username = $un;
  $password = $pw;

  $result = dbGetRows("users", "`username` = '".$un."' AND `password` = '".$pw."'");

  if( mysql_num_rows($result) == 0 ) return 0; else return 1;
}

function initialCap( $text ) {
  return strtoupper(substr($text,0,1)).substr($text,1);
}

function dbClose( $link ) {
  mysql_close($link);
}
function getFolderSize($directory) {
  $FileCount = 0;
  $FolderCount = 0;

    chdir($directory);
    $directory = getcwd();
    if($open = opendir($directory)) {
        while($file = readdir($open)) {
            if($file == '..' || $file == '.') continue;
            if(is_file($file)) {
                $FileCount++;
                $FolderSize += filesize($file);
            } elseif(is_dir($file)) {
                $FolderCount++;
            }
        }
        if($FolderCount > 0) {
            $open2 = opendir($directory);
            while($folders = readdir($open2)) {
                $folder = $directory.'/'.$folders;
                if($folders == '..' || $folders == '.') continue;
                if(is_dir($folder)) {
                    $FolderSize += getFolderSize($folder);
                }
            }
            closedir($open2);
        }
        closedir($open);
    }
  return $FolderSize;
}

function formatByteSize($bytes) {
    $size = $bytes / 1024;
    if($size < 1024){
        $size = number_format($size, 2);
        $size .= ' KB';
    } else {
        if($size / 1024 < 1024) {
            $size = number_format($size / 1024, 2);
            $size .= ' MB';
        } elseif($size / 1024 / 1024 < 1024) {
            $size = number_format($size / 1024 / 1024, 2);
            $size .= ' GB';
        } else {
            $size = number_format($size / 1024 / 1024 / 1024, 2);
            $size .= ' TB';
        }
    }
    return $size;
}


function f_p_dates($type) {
//----------------------------------------------
// Get the current year and subtract 100 years.
//----------------------------------------------
$now = date("Y");
if ($type == "Start") {
$then = $now - 100;
} elseif ($type == "End") {
$then = $now - 100;
}

//----------------------------------------------
// Display the day up to 31 days long.
//----------------------------------------------
for($i = 1; $i <= 31; $i++) {
    //----------------------------------------------
    // Define the days, output all at once.
    //----------------------------------------------
    $dates .= "<option value=\"$i\">$i</option>\n";
}

//----------------------------------------------
// Display the months up to 12 months.
//----------------------------------------------
for($i = 1; $i <= 12; $i++) {


    //----------------------------------------------
    // Display the month in english.
    //----------------------------------------------
    if($i == 1) {
        $date = "January";
    } elseif($i == 2) {
        $date = "February";
    } elseif($i == 3) {
        $date = "March";
    } elseif($i == 4) {
        $date = "April";
    } elseif($i == 5) {
        $date = "May";
    } elseif($i == 6) {
        $date = "June";
    } elseif($i == 7) {
        $date = "July";
    } elseif($i == 8) {
        $date = "August";
    } elseif($i == 9) {
        $date = "September";
    } elseif($i == 10) {
        $date = "October";
    } elseif($i == 11) {
        $date = "November";
    } elseif($i == 12) {
        $date = "December";
    }

    //----------------------------------------------
    // Define the months, output all at once.
    //----------------------------------------------
    $months .= "<option value=\"$i\">$date</option>\n";
}

//----------------------------------------------
// Display the years with  100 year range.
//----------------------------------------------
for($i = $now; $i >= $then; $i--) {
    //----------------------------------------------
    // Define the years, output all at once.
    //----------------------------------------------
    $years .= "<option value=\"$i\">$i</option>\n";
}

//----------------------------------------------
// Put information in dropdown lists.
//----------------------------------------------

echo "<b>$type Date:</b></td><td>";
echo "<select name=\"$type"."_days\">";
echo "$dates";
echo "</select>";
echo "<select name=\"$type"."_months\">";
echo "$months";
echo "</select>";
echo "<select name=\"$type"."_years\">";
echo "$years";
echo "</select>";
}
function f_p_dates_o($av) {
//----------------------------------------------
// Get the current year and subtract 100 years.
//----------------------------------------------
$year = date("Y");
$month = date("m");
$then = $year + 5;
$years = "";
for($i = $year; $i <= $then; $i++) {
    
for($m = 1; $m <= 12; $m++) {
    //----------------------------------------------
    // Display the month in english.
    //----------------------------------------------
    if($m == 1) {
        $date = "January";
    } elseif($m == 2) {
        $date = "February";
    } elseif($m == 3) {
        $date = "March";
    } elseif($m == 4) {
        $date = "April";
    } elseif($m == 5) {
        $date = "May";
    } elseif($m == 6) {
        $date = "June";
    } elseif($m == 7) {
        $date = "July";
    } elseif($m == 8) {
        $date = "August";
    } elseif($m == 9) {
        $date = "September";
    } elseif($m == 10) {
        $date = "October";
    } elseif($m == 11) {
        $date = "November";
    } elseif($m == 12) {
        $date = "December";
    }
    //----------------------------------------------
    // Define the years, output all at once.
    //----------------------------------------------
    if($av == "$i-$m") $sel = "selected";
    if(($i != $year) || (($month <= $m) && ($year == $i))) {
    $years .= "<option value=\"$i-$m\" $sel>$date $i</option>\n";
    }
    $sel = "";
}       
}
return $years;
}
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
function password(){
	$password = "";
	$possible = "0123456789bcdfghjkmnpqrstvwxyz";
	$i = 0;
	while ($i < 8) {
	$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
	    
	    if (!strstr($password, $char)) {
	      $password .= $char;
	      $i++;
	    }

  	}
  	return $password;
}
?>

my config.inc.php

<?php
	$salt="MorningShowsTheDay";
//captcha
        $publickey = "6LctuMgSAAAAADBvul3A-jipON8SydIBK3S67gdR";
        $privatekey = "6LctuMgSAAAAAHM54D2yt0HX1iaIpz1Yv6Inq2nG";
?>

re the sql file... do you need a sql dump?

The validation rules I use for password and username (when registration occures) are contained in a file called registerfunctions.php. The lines that concern this particular user type are :

$this->rule[]=array("name"=>'username',"title"=>"Username","min"=>6,"mandatory"=>True,"inputType"=>"alphanumeric");
$this->rule[]=array("name"=>'password',"title"=>"Password","min"=>6,"mandatory"=>True,"inputType"=>"alphanumeric");

I am looking into it, Now I will need some time. meanwhile you try to do it or you many continue other work.

Many thanks urtrivedi.. I really appreciate your time and effort. I will try and see if I can fix and I have some other stuff I have to fix.. then I have to go out for a bit.. chat in a bit...

You change this line to capital S, you have written small s, this will start your script working.
Still I am working on password logic, but this is first workaround, to start

if (isset($_POST['Submit']))

No your var_dump won't show the hashed password as it hasn't been hashed at that point, you are just displaying the $_POST data. Try this (you aren't actually getting the data from the db correctly:

if(isset($_POST['Submit'])){
$query = mysql_query("SELECT username FROM staff WHERE username = '".$username."'");

//echo $username;
		$result = mysql_fetch_array($query);

	    if($result) {
	        // Check if Username exists
	        if($result['username'] != $username){ 
			echo "Aw shucks! Seems like you don't exist! Please recheck your username dude";
	       }  
	        //Check if New password if blank
	        elseif($newpassword == "" ) {
			echo "New password cannot be blank!";
			}
	                 
	        // Check if New password is confirmed
	        elseif ($newpassword != $confirmpassword) {  
			echo 'The "New Password" and "Confirm New Password" fields do not match, please re-enter!'; 
			}
			else {
	        // If everything is ok,  modify the record
			$query = "UPDATE staff SET password = '".md5(mysql_real_escape_string($newpassword)."' WHERE username = '".mysql_real_escape_string($username)."'";
			}
			$result =  mysql_query($query) or die('Error : ' . mysql_error());
			if( $result ) {
			  echo "All done!";
			}
   }
}

this should work

echo $staff['password'];

  if (isset($_POST['Submit'])) 
  {
 
	$username = $_POST['username'];
	$oldpassword = md5($_POST['oldpassword']);
	$newpassword = $_POST['newpassword'];
	$confirmnewpassword = $_POST['confirmnewpassword'];
  
// var_dump($_POST);	

 
    if($newpassword == "" )
	{
		echo "New password cannot be blank!";
	}
    // Check if New password is confirmed
    elseif ($newpassword != $confirmnewpassword)
	{ 
		echo "The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!"; 
	}
    else
	{

		 // query username old password is not correct
		$query = "SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."' and password = '".$oldpassword."'";

	
		$result = mysql_query($query);
		$row=mysql_fetch_array($result);
	
	    // Check if Old username old password is not correct
	    if(!$row)
		{
		  
			echo "Aw shucks! Seems like you don't exist! Please recheck your username/password dude";
		}
		else
		{
	    // If everything is ok,  modify the record
			$query = "UPDATE staff SET password = '".md5($newpassword)."' WHERE username = '".$username."'";

			$result =  mysql_query($query) or die('Error : ' . mysql_error());
			if( $result ) 
			{
				echo "All done!";
			}
		}
	}
 }	    
			
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

if you salt your passwords with random or time, you are going to end up with password which won't validate the next time you check them because the encoded content is different with every compare - they will never compare.

salting SHA1 or MD5 hashes is something you do for tokens for validating that web page forms weren't hacked, but you have to store the token on the page to validate it. but I wouldn't use them for passwords.

hmm. I have not have checked to see if the value of $username was set before using it in the query. if I did, my bad.

thanks... am just back and trying this new code now.. Getting an error on line 104 (unexpected ';')tham am working on...

This is full code, you may keep backup of your changepassword.php and create new file with this code

<?php
include './dbfunctions.php';
$link = dbConnect();
session_start();
$stid = $_GET['staffref']; 
echo $stid; 


$staffs = dbGetRows("staff", "id = '".$stid."'");
$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);

echo $staff['username'];
echo $staff['password'];

  if (isset($_POST['Submit'])) 
  {
 
	$username = $_POST['username'];
	$oldpassword = md5($_POST['oldpassword']);
	$newpassword = $_POST['newpassword'];
	$confirmnewpassword = $_POST['confirmnewpassword'];
  
// var_dump($_POST);	

 
    if($newpassword == "" )
	{
		echo "New password cannot be blank!";
	}
    // Check if New password is confirmed
    elseif ($newpassword != $confirmnewpassword)
	{ 
		echo "The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!"; 
	}
    else
	{

		 // query username old password is not correct
		$query = "SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."' and password = '".$oldpassword."'";
	
		$result = mysql_query($query);
		$row=mysql_fetch_array($result);
	
	    // Check if Old username old password is not correct
	    if(!$row)
		{
		  
			echo "Aw shucks! Seems like you don't exist! Please recheck your username/password dude";
			mysql_create_db("abcde");
		}
		else
		{
	    // If everything is ok,  modify the record
			$query = "UPDATE staff SET password = '".md5($newpassword)."' WHERE username = '".$username."'";

			$result =  mysql_query($query) or die('Error : ' . mysql_error());
			if( $result ) 
			{
				echo "All done!";
			}
		}
	}
 }	    
			
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFF4DC">
<table width="60%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr> 
    <td width="32"><img src="../images/admin_03.gif"></td>
    <td width="0*" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
  </tr>
  <tr> 
    <td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
        <tr> <td>

         <a href="javascript<b></b>:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br> 
             </td>
            
          <td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
            <br>
           <form name="form1" method="post" action="changepassword.php">
              <table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
                <tr>
                  <td><b>Username:</b></td>
                  <td><input type="text" name="username" ></td>
                </tr>
                <tr> 
                  <td width="154"><b>Old Password:</b></td>
                  <td width="167"><input type="password" name="oldpassword"></td>
                </tr>
                <tr> 
                  <td><b>New Password</b></td>
                  <td><input type="password" name="newpassword"> </td>
                </tr>
                <tr> 
                  <td><b>New Password Again</b></td>
                  <td><input type="password" name="confirmnewpassword"></td>
                </tr>
                <tr> 
                  <td>&nbsp;</td>
                  <td align="right"> <input type="submit" name="Submit" value="Submit">                  </td>
                </tr>
                 
              </table>
            </form>
            </td>
        </tr>
      </table></td>
    <td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
  </tr>
  <tr> 
    <td><img src="../images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="../images/admin_20.gif" width="32" height="33"></td>
  </tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>

hi... thanks for this... there was a ')' missing in line 104 but that is sorted. can you tell me what the code

mysql_create_db("abcde");

in line 48 is for?..

It seems to be working better but the error returned now is that the user does not exist( line 47)

For some reason the previous poster wants you to create a database if a username doesn't exist - my previous code would have worked fine for you, did you try it?

Hi simplypixie... I am working on that now. There is a curly brace missing somewhwere as receiving the "unexpected end" error message so just trying to sort that out...

simplypixie... I found a missing } just afte the select query and got that in but now on page load I receive this error "New password cannot be blank!New password cannot be blank!Error : Query was empty" and do not see the form at all.... am going to keep trying to see what I can dig up :)

You need to wrap your whole code in your if (isset($_POST)) { atatement and then use and else { around your html and form

<?php 
include './dbfunctions.php';
$link = dbConnect();
session_start();
$stid = $_GET['staffref']; 
echo $stid; 


$staffs = dbGetRows("staff", "id = '".$stid."'");
$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);

echo $staff['username'];
echo $staff['password'];

if (isset($_POST['Submit'])) 
  {
.
.
.
.
}
else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
 
<body bgcolor="#FFF4DC">
.
.
.
.
</body>
</html>
<?php } ?>

ok... thanks... will do that and see how far I get ... :)