Member Avatar for garwil

Ok.. Am getting there slowly. In both sets of code i.e. from simplypixie as well as urtrivedi I am getting the same results. It is as if the db does not have that user there at all but it is the same user details I have logged in with initially to enable me to change the password...

It seems that the code around these lines is not picking up the password from the databse and therefore throwing out the error that the username and / or password does not match??
Error messages up to that point are ok, except if I insert an incorrect password initially then I don't get an error...

else
    {
     
    // query username old password is not correct
    $query = "SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."' and password = '".$oldpassword."'";
     
    $result = mysql_query($query);
    $row=mysql_fetch_array($result);
     
    // Check if Old username old password is not correct
    if(!$row)
    {
     
    echo "Aw shucks! Seems like you don't exist! Please recheck your username/password dude";
    //mysql_create_db("abcde");
    }
    else
    {
Member Avatar for simplypixie

Break everything down, so try selecting with the username only and then the password only to see which one is causing the error. I am presuming you have used MD5 on your posted old password already?

Also add OR die(mysql_error()) to the end of your query to check the syntax is correct.

And add LIMIT 1 within your query at the end in case there are 2 usernames the same.

"SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."' LIMIT 1" or die(mysql_error());
Member Avatar for garwil

yes... old password was already hashed in the db. I had tried various things and ended up with taking out the password in the select query. Everything then worked ok.. Got the "All Ok" message as well as a hash change in the db but now cannot login with the new password.. :)

Member Avatar for simplypixie

Can you post your new code so I can check agin please.

Including your login.

Edited by simplypixie because: n/a
Member Avatar for garwil

I tried wrapping all the code as you previously advised and when that gave me errors reverted to this code which is what is currently as close as I have got in recent days to anything remotely working with your help.. The login is jacky/21w7348b . Would live login help at all? Can pm you all the relevant details etc.

<?php
    include '../dbfunctions.php';
    $link = dbConnect();
    //session_start();
    $stid = $_GET['staffref'];
    echo $stid;
     
     
    $staffs = dbGetRows("staff", "id = '".$stid."'");
    $staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
     
    echo $staff['username'];
    echo $staff['password'];
     
    if (isset($_POST['Submit']))
    {
     
    $username = $_POST['username'];
    $oldpassword = md5($_POST['oldpassword']);
    $newpassword = $_POST['newpassword'];
    $confirmnewpassword = $_POST['confirmnewpassword'];
     }
    // var_dump($_POST);
     
     
    if($newpassword == "" )
    {
    echo "New password cannot be blank!";
    }
    // Check if New password is confirmed
    elseif ($newpassword != $confirmnewpassword)
    {
    echo "The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!";
    }
    else
    {
     
    // query username old password is not correct
    $query = "SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."' LIMIT 1" or die(mysql_error());
     
    $result = mysql_query($query);
    $row=mysql_fetch_array($result);
     
    // Check if Old username old password is not correct
    if(!$row)
    {
     
    echo "Aw shucks! Seems like you don't exist! Please recheck your username/password dude";
    //mysql_create_db("abcde");
    }
    else
    {
    // If everything is ok, modify the record
   
	 $query = "UPDATE staff SET password = '".md5($newpassword)."' WHERE username = '".$username."'";
     
    $result = mysql_query($query) or die('Error : ' . mysql_error());
    if( $result )
    {
    echo "All done!";
    }
     }
	 }
	 ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>Password Administration</title>
    <link href="../bb.css" rel="stylesheet" type="text/css">
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>
     
    <body bgcolor="#FFF4DC">
    <table width="60%" border="0" cellspacing="0" cellpadding="0" align="center">
    <tr>
    <td width="32"><img src="../images/admin_03.gif"></td>
    <td width="0*" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
    </tr>
    <tr>
    <td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
    <tr> <td>
     
    <a href="javascript<b></b>:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br>
    </td>
     
    <td><b><font size="3">CHANGE PASSWORD</font></b><br>
    
    <br>
    <form name="form1" method="post" action="changepassword.php">
    <table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
    <tr>
    <td><b>Username:</b></td>
    <td><input type="text" name="username" ></td>
    </tr>
    <tr>
    <td width="154"><b>Old Password:</b></td>
    <td width="167"><input type="password" name="oldpassword"></td>
    </tr>
    <tr>
    <td><b>New Password</b></td>
    <td><input type="password" name="newpassword"> </td>
    </tr>
    <tr>
    <td><b>New Password Again</b></td>
    <td><input type="password" name="confirmnewpassword"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td align="right"> <input type="submit" name="Submit" value="Submit"> </td>
    </tr>
     
    </table>
    </form>
    </td>
    </tr>
    </table></td>
    <td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
    </tr>
    <tr>
    <td><img src="../images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="../images/admin_20.gif" width="32" height="33"></td>
    </tr>
    </table>
    <br>
    <br>
    <br>
    <br>
    </body>
    </html>
Member Avatar for simplypixie

I have tweaked your code to wrap everything as I suggested - if you could try it please

<?php
    include '../dbfunctions.php';
    $link = dbConnect();
    //session_start();
    $stid = $_GET['staffref'];
    echo $stid;
     
     
    $staffs = dbGetRows("staff", "id = '".$stid."'");
    $staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
     
    echo $staff['username'];
    echo $staff['password'];
     
    if (isset($_POST['Submit']))
    {
     
	    $username = mysql_real_escape_string($_POST['username']);
	    $oldpassword = mysql_real_escape_string($_POST['oldpassword']);
	    $newpassword = mysql_real_escape_string($_POST['newpassword']);
	    $confirmnewpassword = mysql_real_escape_string($_POST['confirmnewpassword']);
	     
	    // var_dump($_POST);
	     
	     
	    if($newpassword == "" )
	    {
	    	echo "New password cannot be blank!";
	    }
	    // Check if New password is confirmed
	    elseif ($newpassword != $confirmnewpassword)
	    {
	    	echo 'The "New Password" and "Confirm New Password" fields do not match, please re-enter!';
	    }
	    else
	    {
	     
		    // query username old password is not correct
		    $query = "SELECT username FROM staff WHERE username = '".$username."' LIMIT 1" or die(mysql_error());
		     
		    $result = mysql_query($query);
		    $row=mysql_fetch_array($result);
		     
		    // Check if Old username old password is not correct
		    if(!$row)
		    {
		     
		    	echo "Aw shucks! Seems like you don't exist! Please recheck your username/password dude";
		    //mysql_create_db("abcde");
		    }
		    else
		    {
		    // If everything is ok, modify the record
		   
				$query = "UPDATE staff SET password = '".md5($newpassword)."' WHERE username = '".$username."'";
		     
			    $result = mysql_query($query) or die('Error : ' . mysql_error());
			    if( $result )
			    {
			    	echo "All done!";
			    }
	     	}
	     }
	 }
	 else 
	 {
	 ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>Password Administration</title>
    <link href="../bb.css" rel="stylesheet" type="text/css">
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>
     
    <body bgcolor="#FFF4DC">
    <table width="60%" border="0" cellspacing="0" cellpadding="0" align="center">
    <tr>
    <td width="32"><img src="../images/admin_03.gif"></td>
    <td width="0*" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
    </tr>
    <tr>
    <td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
    <tr> <td>
     
    <a href="javascript<b></b>:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br>
    </td>
     
    <td><b><font size="3">CHANGE PASSWORD</font></b><br>
    
    <br>
    <form name="form1" method="post" action="changepassword.php">
    <table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
    <tr>
    <td><b>Username:</b></td>
    <td><input type="text" name="username" ></td>
    </tr>
    <tr>
    <td width="154"><b>Old Password:</b></td>
    <td width="167"><input type="password" name="oldpassword"></td>
    </tr>
    <tr>
    <td><b>New Password</b></td>
    <td><input type="password" name="newpassword"> </td>
    </tr>
    <tr>
    <td><b>New Password Again</b></td>
    <td><input type="password" name="confirmnewpassword"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td align="right"> <input type="submit" name="Submit" value="Submit"> </td>
    </tr>
     
    </table>
    </form>
    </td>
    </tr>
    </table></td>
    <td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
    </tr>
    <tr>
    <td><img src="../images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="../images/admin_20.gif" width="32" height="33"></td>
    </tr>
    </table>
    <br>
    <br>
    <br>
    <br>
    </body>
    </html>
    <?php } ?>
Having the live login won't help I am afraid but if you can post your login form and php to be checked changing the password is obviously doing something now.
Member Avatar for garwil

Ok.. have tried the new code and although getting the "All Done" message, the db is not changing and cannot login with either the new or old passwords.

There are two locations where a user can login.. from the index.php file and if they make a mistake there then they are sent to login.php. I have added both here...

Index.phpLines 39 - 55 for this user type

<?php
  session_start();
  include 'dbfunctions.php';
  $link = dbConnect();
  if( isset($_POST['Submit']) ) {
    $logintype = $_POST['logintype'];
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    switch( $logintype ) {
      case "guest":
        $guests = login("guests", $username,$password);
        if( mysql_num_rows($guests) == 1 ) {
          $_SESSION['guestid'] = $username;
		  //echo $guest['id'];
        }
        else header("Location: login.php");
        break;
      case "agent":
        $agents = login("agents", $username,$password);
        if( mysql_num_rows($agents) == 1 ) {
          $_SESSION['agentid'] = $username;
        }
        else header("Location: loginagent.php");
        break;
      case "venue":
        $login = login("venues", $username,$password);
		
        if( mysql_num_rows($login) == 1 ) {
        $venues = dbGetRows("venues", "username = '$username' AND status = '1'");
	  	$venue = mysql_fetch_array($venues, MYSQL_ASSOC);
          $_SESSION['venueid'] = $venue['id'];
          $_SESSION['password'] = $password;
          mysql_query("UPDATE venues SET `lastlogin` = '".date("Y-m-d H:i:s")."' WHERE `id` = '".$venue['id']."'", $link);
          header("Location: venueadmin/");
        }
        else header("Location: venueadmin/login.php");
        break;
      case "magent":
	  $login = login("staff", $username,$password);
         
	  if( mysql_num_rows($login) == 1 ) {
	  	$staffs = dbGetRows("staff", "username = '$username' AND status = '1'");
	  	$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
		//$isadmin = $staff['isadmin'];
	  	$_SESSION['stid'] = $staff['id'];
	  	$_SESSION['password'] = $password;
		mysql_query("UPDATE staff SET `lastlogin` = '".date("Y-m-d H:i:s")."' WHERE `id` = '".$staff['id']."'", $link);
		
		if( $staff['isadmin'] == 1 ) {
  		header("Location: coadmin/");
		}
  		else  header("Location: coadmin/staff/");
}
	  break;
 case "owner":
	   	  $login = login("owners", $username,$password);
	   	  
		  if( mysql_num_rows($login) ==1 ) {
			$owners=dbGetRows("owners", "username = '".$username."' AND status = '1'");
			$owner = mysql_fetch_array($owners, MYSQL_ASSOC);
			$_SESSION['ownerid'] = $owner['id'];
			$_SESSION['password'] = $password;
			mysql_query("UPDATE owners SET `lastlogin` = '".date("Y-m-d H:i:s")."' WHERE `id` = '".$company['id']."'", $link);
			header("Location:owneradmin/index.php");
		  }
		  else header("Location: owneradmin/login.php");
	  break;
	 case "supplier":
	  $login = login("suppliers", $username,$password);
	  if( mysql_num_rows($login) == 1 ) {
	  	$suppliers =dbGetRows("suppliers", "username = '$username' AND status = '1'");
	  	$supplier = mysql_fetch_array($suppliers, MYSQL_ASSOC);
	  	$_SESSION['sid'] = $supplier['id'];
	  	$_SESSION['password'] = $password;
	  	mysql_query("UPDATE suppliers SET `lastlogin` = '".date("Y-m-d H:i:s")."' WHERE `id` = '".$supplier['id']."'", $link);
	  	header("Location:suppliers/");
	  }
	  else header("Location: suppliers/login.php");
	  break;
	  case "tour":
	  $login = login("tourops", $username,$password);
	  if( mysql_num_rows($login) == 1 ) {
	  	$tourops=dbGetRows("tourops", "username = '$username' AND status = '1'");
	  	$tourop = mysql_fetch_array($tourops, MYSQL_ASSOC);
	  	$_SESSION['tourid'] = $tourop['id'];
	  	$_SESSION['password'] = $password;
	  	mysql_query("UPDATE tourops SET `lastlogin` = '".date("Y-m-d H:i:s")."' WHERE `id` = '".$tourops['id']."'", $link);
	  	header("Location:touradmin/");
	  }
	  else header("Location: touradmin/login.php");
	  break;
    }
   }
      
  if( isset($_SESSION['agentid']) ) {
    $agentid = $_SESSION['agentid'];
    $result = dbGetRows("agents", "username = '".$agentid."' AND status = '1'");
    $agent = mysql_fetch_array($result, MYSQL_ASSOC);
    $greetname = $agent['firstname'];
  }

  if( isset($_SESSION['guestid']) ) {
    $guestid = $_SESSION['guestid'];
	echo $guestid;
    $result = dbGetRows("guests", "username = '".$guestid."'");
    $guest = mysql_fetch_array($result, MYSQL_ASSOC);
    $greetname = $guest['firstname'];
  }
  
  $region = $_GET['region'];
  $category = $_GET['category'];
  $country = $_GET['country'];
  $province = $_GET['province'];
  $city = $_GET['city'];
  $noguests = $_GET['noguests'];
  $datefrom = $_GET['fromyear']."-".$_GET['frommonth']."-".$_GET['fromday'];
  $dateto = $_GET['toyear']."-".$_GET['tomonth']."-".$_GET['today'];
  $minrate = $_GET['minrate'];
  $maxrate = $_GET['maxrate'];
  $ratetype = $_GET['ratetype'];

  if( $region == "" ) $region = "%";
  if( $category == "" ) $category = "%";
  if( $city == "" ) $city = "%";
  if( $province == "" ) $province = "%";
  if( $noguests == "" ) $noguests = '0';
  if( strlen($datefrom) < 8 || $datefrom == "0000-00-00" ) $datefrom = date("Y-m-d");
  if( strlen($dateto) < 8  || $dateto == "0000-00-00" ) $dateto = "2020-".date("m-d");
  if( $minrate == "" ) $minrate = "0";
  if( $maxrate == "" ) $maxrate = "999999";
  if( $ratetype == "" ) $ratetype = "ignore";

  //area
  if($country != "South Africa") {
  $venues = dbGetRows("venues", "country like '".$country."' AND venuetype like '".$category."' AND city like '".$city."' AND published = '1' ORDER BY venuename");
  } else {
  $venues = dbGetRows("venues", "country like '".$country."' AND province like '".$province."' AND venuetype like '".$category."' AND city like '".$city."' AND published = '1' ORDER BY venuename");
  var_dump($venues);
  }
  $novenues = mysql_num_rows($venues);

  //rates
  if( $ratetype != "ignore" && $ratetype != "" ) {
    $query = "SELECT DISTINCT venues.id, venues.* FROM venues, rates WHERE venues.status = '1' AND venues.region LIKE '".$region."' AND venues.venuetype LIKE '".$category."' AND venues.city LIKE '".$city."' AND rates.venueid = venues.id AND rates.dateto >= '".$datefrom."' AND rates.datefrom <= '".$dateto."' AND rates.".$ratetype." > 0 AND rates.".$ratetype." >= ".$minrate." AND rates.".$ratetype." <= ".$maxrate." ORDER BY venues.id";
    $rates = mysql_query($query, $link) or die("Query failed : ".$query."<br>". mysql_error());
    $novenues = mysql_num_rows($rates);
  }
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Welcome to Leisure Africa</title>
<link rel="shortcut icon" type="image/x-icon" href="images/leisure-logo.png">
<link href="bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script src="usableforms1.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<style type="text/css">
<!--
.style1 {font-size: x-small}
-->
</style>
</head>

<body onLoad="prepareForm()">
<table width="80%" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td width="23"><img src="images/brdr-tl.gif"></td>
    <td width="0*" background="images/brdr-t2.gif" style="background-repeat: repeat-x;"></td>
    <td width="23"><img src="images/brdr-tr.gif"></td>
  </tr>
  <tr>
    <td valign="top" background="images/brdr-l2-repeat.gif" style="background-repeat: repeat-y; background-position: left;">&nbsp;</td>
    <td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td width="100%" height="81" align="center"><table width="100%" border="0">
            <tr>
              <td width="165"><div align="center">
                <?php         
if( !isset($_SESSION['guestid']) && !isset($_SESSION['agentid']) ) echo <<<END
          <form name="form1" method="post" action="index.php">
          <table width="100%" bgcolor="#FAFAFA" border="0" cellspacing="2" cellpadding="2" style="border: 1px solid #CCCCCC;">
              <tr>
                <td bgcolor="#FF9933"><b>LOGIN</b></td>
              </tr>
              <tr>
                <td class="medium"><b>Been Here Before?</b><br>
                    Login or <a href="register.php">register now</a> for the personal experience.</td>
              </tr>
              <tr>
                <td>
                  <table width="100%" border="0" cellspacing="2" cellpadding="0">
                    <tr>
					<td class="medium">Login Type</td>
                        <td><select name="logintype" style="width: 100px; height: 15px; font-size: 7pt;">
                              <option value="guest">Private Guest</option>
                              <option value="agent">Corporate / Agent</option>
							  <option value="venue">Establishment</option>
							  <option value="owner">Owner</option>
                              <option value="magent">Managing Agent</option>
							  <option value="supplier">Supplier</option>
							  <option value="tour">Tour Operator</option>
                              					  
                             </select> </td>
                    </tr>
                    <tr>
                        <td class="medium">Username</td>
                      <td>
                          <input type="text" name="username" style="width: 100px; height: 19px; font-size: 7pt;">
                        </td>
                    </tr>
                    <tr>
                        <td class="small">Password</td>
                      <td><input type="password" name="password" style="width: 100px; height: 19px; font-size: 9pt;"></td>
                    </tr>
                    <tr>
                        <td><a href=resetPassword.php>Click here</a> if you have forgotten your password </td>
                      <td align="right"><input type="submit" name="Submit" value="Login" style="font-size: 7pt;"></td>
                    </tr>
                  </table></td>
              </tr>
            </table>
            </form>
END;


if( isset($_SESSION['guestid']) || isset($_SESSION['agentid']) ) {
 echo <<<END
              <table width="200" bgcolor="#FAFAFA" border="0" cellspacing="2" cellpadding="2" style="border: 1px solid #CCCCCC;">
                <tr> 
                <td bgcolor="#FF9933"><b>WELCOME BACK</b></td>
                </tr>
                <tr> 
                <td class="small">Welcome back, $greetname!<br><br>
END;
                // if( isset($_SESSION['guestid']) ) $messages = dbGetRows("messages", "touser = '".$_SESSION['guestid']."' AND totype = 'guest' AND status = '0'");
                 //if( isset($_SESSION['agentid']) ) $messages = dbGetRows("messages", "touser = '".$_SESSION['agentid']."' AND totype = 'agent' AND status = '0'");
                //  echo "<a href=\"javascript:;\" onClick=\"window.open('inbox.php', '_blank', 'width=700,height=500,toolbar=0,location=0,status=0,menubar=0,resizable=1,scrollbars=1')\" class=\"small\"><b>MY INBOX</b> (".mysql_num_rows($messages)." unread message".(mysql_num_rows($messages) != 1 ? "s" : "").")</a><br>";
                //  while( $msg = mysql_fetch_array($messages, MYSQL_ASSOC) ) 
                //    echo "<a href=\"javascript:;\" onClick=\"window.open('inbox.php?showmessage=".$msg['id']."', '_blank', 'width=700,height=500,toolbar=0,location=0,status=0,menubar=0,resizable=1,scrollbars=1')\" class=\"small\">[".$msg['from']."] ".$msg['subject']."</a><br>";
                  
 echo <<<END
                  <br>
                  <a href="updatedetails.php">[update my details] </a><a href="myres.php">[view bookings]<br><a href="logout.php">[logout]</a> </td>
                </tr>
              </table>
END;
}

?>
              </div>                </td>
              <td width="283" height="145"><div align="right"><img src="images/weblogo2.jpg" width="283" height="145" align="top"></div></td>
              <td width="381" height="150"><div align="right"><img src="images/wozani<?php echo rand(1,6); ?>.jpg" width="381" height="150"></div></td>
            </tr>
            <tr>
              <td bgcolor="#F1F1F1" colspan="3"><div align="center"><span class="style1"><a href="register.php">[register as guest] || </a> <a href="registerest.php">[register your establishment]</a> || 
<a href="registerestmulti.php">[register as managing agent] || </a><a href="registersupplier.php">[register as an advertiser]</a> || </a><a href="registertour.php">[register as a tour operator]</a></span></div></td>
              </tr>
          </table>          </td>
        </tr>
        <tr>
          <td height="2" align="center"><hr></td>
        </tr>
        
      </table>
      <div align="right" style="font-size: 8pt;">
        <table width="100%" border="0">
          <tr bordercolor="#990000" bgcolor="#f1f1f1">
            <td colspan="9"><div align="center" class="style1"><b>&nbsp;&nbsp;<?php echo date("l d M Y"); ?></b></div> 
            <div align="right" class="style1"></div></td>
          </tr>
          <tr bordercolor="#990000" bgcolor="#FFFFFF">
            <td colspan="9"><hr></td>
          </tr>
          <tr>
            <td width="97" class="<?php if(!isset($_GET['section']) || $_GET['section'] == "about") echo "tabactive"; else echo "tabinactive"; ?>"><div align="center"><a href="index.php?section=about" class="<?php if(!isset($_GET['section']) || $_GET['section'] == "overview") echo "tabactive"; else echo "tabinactive"; ?>"">About</a></div></td>
           <td width="93" class="<?php if(!isset($_GET['section']) || $_GET['section'] == "accom") echo "tabactive"; else echo "tabinactive"; ?>"><div align="center"><a href="index.php?section=accom" class="<?php if(!isset($_GET['section']) || $_GET['section'] == "accom") echo "tabactive"; else echo "tabinactive"; ?>"">Accommodation</a></div></td>
          <td width="68" class="<?php if($_GET['section'] == "tours") echo "tabactive"; else echo "tabinactive"; ?>"><div align="center"><a href="index.php?section=tours" class="<?php if($_GET['section'] == "tours") echo "tabactive"; else echo "tabinactive"; ?>">Tours</a></div></td>
          <td width="76" class="<?php if($_GET['section'] == "activities") echo "tabactive"; else echo "tabinactive"; ?>"><div align="center"><a href="index.php?section=activities" class="<?php if($_GET['section'] == "activities") echo "tabactive"; else echo "tabinactive"; ?>">Activities</a></div></td>
          <td width="39" class="<?php if($_GET['section'] == "terms") echo "tabactive"; else echo "tabinactive"; ?>"><div align="center"><a href="index.php?section=terms" class="<?php if($_GET['section'] == "terms") echo "tabactive"; else echo "tabinactive"; ?>">Terms of use</a></div></td>
          
        </tr>
        <tr>
          <td colspan="9" style="border-left: 1px solid #BBBBBB; border-bottom: 1px solid #BBBBBB; border-right: 1px solid #BBBBBB; padding: 10px;">
          <?php
            if( !isset($_GET['section']) ) include 'about.php'; else include $_GET['section'].".php";
          ?>          </td>
          </tr>
        </table>
      </div>
      <br>
    </td>
    <td valign="top" background="images/brdr-r2-repeat.gif" style="background-repeat: repeat-y; background-position: right;">&nbsp;</td>
  </tr>
  <tr>
    <td><img src="images/brdr-bl.gif"></td>
    <td valign="top" class="small" align="center" background="images/brdr-b2.gif" style="background-repeat: repeat-x; background-position: bottom;">Copyright 
      &copy; 2011 Leisure Africa </td>
    <td><img src="images/brdr-br.gif"></td>
  </tr>
</table><br>
</body>
</html>

Login.php

<?php
  session_start();
  include '../dbfunctions.php';
  
  $link = dbConnect();
  
  $errorcode = -2;
  if( isset($_POST['Submit']) ) {
  
    $username = $_POST['username'];
    $password = $_POST['password'];  	  
    $login = login("staff", $username,$password);
    echo mysql_num_rows($login);
   
    if( mysql_num_rows($login) ==1 ) {
      $result = dbGetRows("staff", "username = '".$username."'");
      $staff = mysql_fetch_array($result, MYSQL_ASSOC);
      
	  if( $staff['status'] == '0' ) {
       mysql_query("UPDATE staff SET `lastlogin` = '".date("Y-m-d H:i:s")."' WHERE `id` = '".$staff['id']."'", $link);
       session_start();
       $_SESSION['stid'] = $staff['id'];
       $_SESSION['password'] = $password;
       session_write_close();
       header("Location: index.php");
       die();
      }
      else $errorcode = $staff['status'];
    }
    else $errorcode = '-1';
  }
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Company Administration - Login</title>
<link rel="shortcut icon" type="image/x-icon" href="../images/favicon.ico">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../venueadmin.css" rel="stylesheet" type="text/css">

<body bgcolor="#FFF4DC">
<table width="700" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td width="32"><img src="../images/admin_03.gif"></td>
    <td width="633" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
  </tr>
  <tr>
    <td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr> 
          <td width="10%"><img src="../images/zululogo.gif" width="113" height="48"></td>
          <td width="90%" valign="top"><img src="../images/admin_09.gif" width="111" height="23"></td>
        </tr>
      </table>
    <br>
      <b>Welcome.</b> <br>
      Please enter your login details below.  if you have not yet registered, you can do so <a href="../registertour.php">here</a>. If you have multiple properties to manage then <a href="../registerestmulti.php">register here</a><br><br>
      <?php
  switch( $errorcode ) {
    case '-1': 
      echo "<font color=\"#FF0000\">Incorrect username or password.<br>Please try again<br></font><br>";
      break;
    case '1':
      echo "<font color=\"#FF0000\">Account is pending authorisation<br>Please try again later or contact us regarding your registration status.<br></font><br>";
      break;
   case '2':
      echo "<font color=\"#FF0000\">Access Denied<br>Your venue registration was unsuccessful.<br></font><br>";
      break;
    case '3':
      echo "<font color=\"#FF0000\">Access Denied<br>Your account has been suspended.<br></font><br>";
      break;
  }  
      
?>
      <form name="form1" method="post">    
        <table width="262" border="0" cellspacing="0" cellpadding="0" align="center">
          <tr> 
          <td width="9" valign="top"><img src="../images/admin_11.gif" width="9" height="80"></td>
          <td width="227" bgcolor="#F9F9F9" valign="top"><img src="../images/admin_12.gif">

          <table width="97%" border="0" cellspacing="2" cellpadding="0">
                <tr>
                <td>Username</td>
                <td><input type="text" name="username"></td>
              </tr>
              <tr>
                <td>Password</td>
                <td><input type="password" name="password"></td>
              </tr>
              <tr>
                <td>&nbsp;</td>
                <td align="right">
                    <input type="submit" name="Submit" value="Login" style="font-size: 9px;">&nbsp;
                    <input type="button" name="Cancel" value="Cancel" onClick="location.href='../index.php';" style="font-size: 9px;"> </td>
              </tr>
            </table></td>
          <td width="26"><img src="../images/admin_13.gif" width="9" height="80"></td>
        </tr>
      </table>
</form>
      <br><br><br>
    </td>
    <td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
  </tr>
  <tr>
    <td><img src="../images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="../images/admin_20.gif" width="32" height="33"></td>
  </tr>
</table>
</body>
</html>

Have also addedd my dbfunctions.php as there is code there relating to login.. at the bottom.. lines 252 ---> (There is also a changepassword function there but it is code I was attempting to impliment and started with but never finished ....

dbfunctions.php

<?php
function dbConnect() {
$link = mysql_connect("localhost", "root", "")
        or die("Could not connect : " . mysql_error());
        mysql_select_db("res") or die("Could not select database");
  return $link;
}

 function checkTkadminLogin() {
  $aid = $_SESSION['aid'];
  $password = $_SESSION['password'];
  $admin = loginID("tkadmin", $stid,$password);
  if( mysql_num_rows($admin) != 1 ) { header("Location: login.php"); die(); }
}
function checkVenueLogin() {
  $id = $_SESSION['venueid'];
  $password = $_SESSION['password'];
  $users = loginID("venues",$id,$password);
  if( mysql_num_rows($users) != 1 ) { header("Location: login.php"); die(); }
}

function checkTourLogin() {
  $tid = $_SESSION['tourid'];
  $password = $_SESSION['password'];
  $tourusers = loginID("tourops",$tid,$password);
  if( mysql_num_rows($tourusers) != 1 ) { header("Location: login.php"); die(); }
}
function checkActvityLogin() {
  $actid = $_SESSION['activityid'];
  $password = $_SESSION['password'];
  $actusers = loginID("actvities", $actid,$password);
  if( mysql_num_rows($actusers) != 1 ) { header("Location: login.php"); die(); }
}
function checkGuestLogin() {
  //60373b0369db0c5f482fe31dfc151a8b
	$guestid = $_SESSION['id'];
  $password = $_SESSION['password'];
  $guestusers = loginID("guests",$guestid,$password);
  if( mysql_num_rows($guestusers) != 1 ) { header("Location: login.php"); die(); }
  }
function checkOwnerLogin() {
  $ownerid = $_SESSION['ownerid'];
  $password = $_SESSION['password'];  
  $ownerusers = loginID("owners", $ownerid,$password);
  if( mysql_num_rows($ownerusers) != 1 ) { header("Location: login.php"); die(); }
}
function checkSupplierLogin() {

  $sid = $_SESSION['sid'];
  $password = $_SESSION['password'];

  $supplierusers = loginID("suppliers",$sid,$password);
  if( mysql_num_rows($supplierusers) != 1 ) { header("Location: login.php"); die(); }
}                                     

function checkStaffLogin() {
  $stid = $_SESSION['stid'];
  $password = $_SESSION['password'];
  $staffusers = loginID("staff", $stid,$password);
  //echo"$stid,$password<br>";echo mysql_num_rows($staffusers);exit;
  if( mysql_num_rows($staffusers) != 1 ) { header("Location: login.php"); die(); }
}
function showFacilities( $facilities ) {
  $images = "";
  for( $n = 0; $n < strlen($facilities); $n++) {
    switch( substr($facilities, $n, 1) ) {
      case "t":
        $images .= "<img src=\"images/icons/ico_tv.gif\">";
        break;
      case "s":
        $images .= "<img src=\"images/icons/ico_smoke.gif\">";
        break;
      case "f":
        $images .= "<img src=\"images/icons/ico_safe.gif\">";
        break;
      case "g":
        $images .= "<img src=\"images/icons/ico_gym.gif\">";
        break;
      case "p":
        $images .= "<img src=\"images/icons/ico_swim.gif\">";
        break;
      case "l":
        $images .= "<img src=\"images/icons/ico_phone.gif\">";
        break;
      case "d":
        $images .= "<img src=\"images/icons/ico_address.gif\">";
        break;
      case "o":
        $images .= "<img src=\"images/icons/ico_towels.gif\">";
        break;
     case "c":
        $images .= "<img src=\"images/icons/ico_cover_park.gif\">";
        break;
     case "e":
        $images .= "<img src=\"images/icons/ico_pets.gif\">";
        break;
        case "m":
        $images .= "<img src=\"images/icons/ico_tv_sat.gif\">";
        break;      
    }
}
    return $images;
}

function showcards( $cards ) {

$images = "";
  for( $n = 0; $n < strlen($cards); $n++) {
    switch( substr($cards, $n, 1) ) {
      case "v":
        $images .= "<img src=\"images/icons/ico_visa.gif\">";
        break;
      case "x":
        $images .= "<img src=\"images/icons/ico_amex.gif\">";
        break;
      case "z":
        $images .= "<img src=\"images/icons/ico_diners.gif\">";
        break;
        }
    }   
    return $images;
}
function myDateTophp ($mydate) {
  $yr = substr($mydate,0,4);
  $mo = substr($mydate,5,2);
  $da = substr($mydate,8,2);

  return mktime(04,52,82,$mo,$da,$yr);
}

function getExpiryDate( $startdate, $months ) {

  $yr = substr($startdate,0,4);
  $mo = substr($startdate,5,2);
  $da = substr($startdate,8,2);

  if( $months > 0 )
    return mktime(00,00,00,$mo+$months,$da, $yr);
  else
    return mktime(00,00,00,$mo,$da+7, $yr);
}

function getAdminStatusColor( $expiry, $active ) {
  $c = "#EEEEEE";
  if( strtotime("now") + (3*24*60*60) > $expiry ) $c = "#FF0000";
  if( $expiry < strtotime("now") ) $c = "#888888";

  return $c;
}

function showBlock( $user, $option ) {
  $optres = dbGetRows("options", "username = '".$user."'");
  $options = mysql_fetch_array($optres, MYSQL_ASSOC);

  if( $options[$option] == '1' ) return "block;"; return "none;";
}

function canHandlePNG() {
  $browser = getBrowser();
  if( $browser != "Internet Explorer" ) return true; else return false;
}

function colorizeHex( $fromcolor, $refcolor ) {

   $r = hexdec(substr($refcolor, 0,2));
   $g = hexdec(substr($refcolor, 2,2));
   $b = hexdec(substr($refcolor, 4,2));

   $or = hexdec(substr($fromcolor, 0,2));
   $og = hexdec(substr($fromcolor, 2,2));
   $ob = hexdec(substr($fromcolor, 4,2));

    $t = ($or+$og+$ob)/3;
    $nr = min((0.8 * $t) + (0.5* $r), 255);
    $ng = min((0.8 * $t) + (0.5* $g), 255);
    $nb = min((0.8 * $t) + (0.5* $b), 255);

    return dechex($nr).dechex($ng).dechex($nb);
  }

function getBrowser() {
if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Gecko') )
{
   if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Netscape') )
   {
     $browser = 'Netscape';
   }
   else if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') )
   {
     $browser = 'Firefox';
   }
   else
   {
     $browser = 'Mozilla';
   }
}
else if ( strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') )
{
   if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') )
   {
     $browser = 'Opera';
   }
   else
   {
     $browser = 'Internet Explorer';
   }
}
else
{
   $browser = 'Other Browser';
}

return $browser;

}


function logTraffic() {
  $fieldvals[0] = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ".",0));
  $fieldvals[1] = str_replace(".php", "", substr($_SERVER['PHP_SELF'], strpos($_SERVER['PHP_SELF'], "/", 1)+1));
  $fieldvals[2] = date("Y-m-d");
  $fieldvals[3] = $_SERVER['REMOTE_ADDR'];
  $r = dbAddRow( "trafficstats", "`username`, `page`, `date`, `ip`", $fieldvals);
}

function dbAddRow( $table, $fields, $values ) {

  $actualvals = "";
  foreach( $values as $v )   { $actualvals.= "'".$v."', "; }

  if( strlen($actualvals) > 2 ) {$actualvals = substr($actualvals, 0, strlen($actualvals)-2);}

  $query = "INSERT INTO `".$table."` ( ".$fields." ) VALUES ( ".$actualvals." );";
  $result = mysql_query($query) or die("Query failed : " . mysql_error());

  return $result;
}

function dbUpdateRow ($table, $username, $set, $where) {

  $query = "UPDATE `".$table."` SET ".$set." WHERE `username` = '".$username."'".$where.";";
  $result = mysql_query($query) or die("Query failed : " . mysql_error());

  return $result;
}
 
function login( $table,$username, $password) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE username='%s' AND password='%s'",
            mysql_real_escape_string($username),
            md5(mysql_real_escape_string($password).$salt));
		$result=mysql_query($query);
        if(mysql_num_rows($result)==1)
        	$_SESSION['loggedin']=1;
        else 
        	unset($_SESSION['loggedin']);
        return $result;
}
function loginID( $table,$userID, $password) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE id='%s' AND password='%s'",
			mysql_real_escape_string($userID),
            md5(mysql_real_escape_string($password).$salt));
        	$result=mysql_query($query);
        return $result;
}
function changePassword( $table, $username, $password) {
        include 'config.inc.php';
        $query = sprintf("Update `$table` set password='%s' WHERE username='%s'",
            md5(mysql_real_escape_string($password).$salt),
            mysql_real_escape_string($username)
            );
        $result=mysql_query($query);
        
        return 1;
}
function checkUser( $table,$username) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE username='%s' ",
            mysql_real_escape_string($username));
        $result=mysql_query($query);
        return $result;
}

function dbGetRows( $table, $query ) {

        $result = mysql_query("SELECT * FROM `".$table."` WHERE ".$query) or die("Query failed : " . mysql_error());
        return $result;
}
function dbGetDistinctRows( $table, $distinct, $query ) {

        $result = mysql_query("SELECT DISTINCT ".$distinct." FROM `".$table."` WHERE ".$query) or die("Query failed : " . mysql_error());
        return $result;
}

function checkLogin($un, $pw) {

  $username = $un;
  $password = $pw;

  $result = dbGetRows("users", "`username` = '".$un."' AND `password` = '".$pw."'");

  if( mysql_num_rows($result) == 0 ) return 0; else return 1;
}

function initialCap( $text ) {
  return strtoupper(substr($text,0,1)).substr($text,1);
}

function dbClose( $link ) {
  mysql_close($link);
}
function getFolderSize($directory) {
  $FileCount = 0;
  $FolderCount = 0;

    chdir($directory);
    $directory = getcwd();
    if($open = opendir($directory)) {
        while($file = readdir($open)) {
            if($file == '..' || $file == '.') continue;
            if(is_file($file)) {
                $FileCount++;
                $FolderSize += filesize($file);
            } elseif(is_dir($file)) {
                $FolderCount++;
            }
        }
        if($FolderCount > 0) {
            $open2 = opendir($directory);
            while($folders = readdir($open2)) {
                $folder = $directory.'/'.$folders;
                if($folders == '..' || $folders == '.') continue;
                if(is_dir($folder)) {
                    $FolderSize += getFolderSize($folder);
                }
            }
            closedir($open2);
        }
        closedir($open);
    }
  return $FolderSize;
}

function formatByteSize($bytes) {
    $size = $bytes / 1024;
    if($size < 1024){
        $size = number_format($size, 2);
        $size .= ' KB';
    } else {
        if($size / 1024 < 1024) {
            $size = number_format($size / 1024, 2);
            $size .= ' MB';
        } elseif($size / 1024 / 1024 < 1024) {
            $size = number_format($size / 1024 / 1024, 2);
            $size .= ' GB';
        } else {
            $size = number_format($size / 1024 / 1024 / 1024, 2);
            $size .= ' TB';
        }
    }
    return $size;
}


function f_p_dates($type) {
//----------------------------------------------
// Get the current year and subtract 100 years.
//----------------------------------------------
$now = date("Y");
if ($type == "Start") {
$then = $now - 100;
} elseif ($type == "End") {
$then = $now - 100;
}

//----------------------------------------------
// Display the day up to 31 days long.
//----------------------------------------------
for($i = 1; $i <= 31; $i++) {
    //----------------------------------------------
    // Define the days, output all at once.
    //----------------------------------------------
    $dates .= "<option value=\"$i\">$i</option>\n";
}

//----------------------------------------------
// Display the months up to 12 months.
//----------------------------------------------
for($i = 1; $i <= 12; $i++) {


    //----------------------------------------------
    // Display the month in english.
    //----------------------------------------------
    if($i == 1) {
        $date = "January";
    } elseif($i == 2) {
        $date = "February";
    } elseif($i == 3) {
        $date = "March";
    } elseif($i == 4) {
        $date = "April";
    } elseif($i == 5) {
        $date = "May";
    } elseif($i == 6) {
        $date = "June";
    } elseif($i == 7) {
        $date = "July";
    } elseif($i == 8) {
        $date = "August";
    } elseif($i == 9) {
        $date = "September";
    } elseif($i == 10) {
        $date = "October";
    } elseif($i == 11) {
        $date = "November";
    } elseif($i == 12) {
        $date = "December";
    }

    //----------------------------------------------
    // Define the months, output all at once.
    //----------------------------------------------
    $months .= "<option value=\"$i\">$date</option>\n";
}

//----------------------------------------------
// Display the years with  100 year range.
//----------------------------------------------
for($i = $now; $i >= $then; $i--) {
    //----------------------------------------------
    // Define the years, output all at once.
    //----------------------------------------------
    $years .= "<option value=\"$i\">$i</option>\n";
}

//----------------------------------------------
// Put information in dropdown lists.
//----------------------------------------------

echo "<b>$type Date:</b></td><td>";
echo "<select name=\"$type"."_days\">";
echo "$dates";
echo "</select>";
echo "<select name=\"$type"."_months\">";
echo "$months";
echo "</select>";
echo "<select name=\"$type"."_years\">";
echo "$years";
echo "</select>";
}
function f_p_dates_o($av) {
//----------------------------------------------
// Get the current year and subtract 100 years.
//----------------------------------------------
$year = date("Y");
$month = date("m");
$then = $year + 5;
$years = "";
for($i = $year; $i <= $then; $i++) {
    
for($m = 1; $m <= 12; $m++) {
    //----------------------------------------------
    // Display the month in english.
    //----------------------------------------------
    if($m == 1) {
        $date = "January";
    } elseif($m == 2) {
        $date = "February";
    } elseif($m == 3) {
        $date = "March";
    } elseif($m == 4) {
        $date = "April";
    } elseif($m == 5) {
        $date = "May";
    } elseif($m == 6) {
        $date = "June";
    } elseif($m == 7) {
        $date = "July";
    } elseif($m == 8) {
        $date = "August";
    } elseif($m == 9) {
        $date = "September";
    } elseif($m == 10) {
        $date = "October";
    } elseif($m == 11) {
        $date = "November";
    } elseif($m == 12) {
        $date = "December";
    }
    //----------------------------------------------
    // Define the years, output all at once.
    //----------------------------------------------
    if($av == "$i-$m") $sel = "selected";
    if(($i != $year) || (($month <= $m) && ($year == $i))) {
    $years .= "<option value=\"$i-$m\" $sel>$date $i</option>\n";
    }
    $sel = "";
}       
}
return $years;
}
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
function password(){
	$password = "";
	$possible = "0123456789bcdfghjkmnpqrstvwxyz";
	$i = 0;
	while ($i < 8) {
	$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
	    
	    if (!strstr($password, $char)) {
	      $password .= $char;
	      $i++;
	    }

  	}
  	return $password;
}
?>
Member Avatar for simplypixie

It appears to me that on some of your login functions you are using md5($password).$salt to check the password but you are not applying the $salt to the query that changes the password so they will be different.

Edited by simplypixie because: n/a
Member Avatar for garwil

Right... there was a post here that recommended I did not use salt in my queries so in this case I took it out not realising then that it would impact this particular procedure...

Member Avatar for simplypixie

You don't need to use salt so I would remove all references to it and stick with just MD5 and see if that resolves your problems

Member Avatar for garwil

ok thanks... there is a lot that involves salt so will take a while to go through it all and remove.. will let you know how I go...
Thanks one again for all the time you have spent with me on this..

Member Avatar for moneeshot

your var_dump is dumping post values so it will show the original posted values. your modified values are not in an array so you can't dump them as a group. theres to much going on in your script, you need to clean it up. start by checking first if the values are blank or null if not then encode them for use in the script, actually check if the passwords match before encoding and before you go to dev you should change your encoding, md5 is way to easy to crack.
if($username != $username) makes no sense, your checking a value against itself?
if(isset($_POST)) is only needed once, remove the other checks and keep any code within that check, also one is Submit and the other is submit?
your else statement is on the wrong place for your update, try adding a variable like $canUpdate = true. if there is an error change $canUpdate = false, then check if ($canUpdate === true) UPDATE ......
whats with all this md5 business in your sql and why on earth are you using sprintf?

Member Avatar for moneeshot

your also encoding your password twice after fetching it and while you update your table, is this how your loggin works, double md5 encoded password?

its bad practice to do these things, strip and encode your vars before inserting or updating.

Member Avatar for skraps

Why not use the built in mysql AES encryption functions for your password? MD5 is outdated and sha1 is old also. when making a mysql query that references the password use AES_ENCRYPT('".$password."','".$key."') and when grabbing the password out of the database use the AES_DECRYPT('password_row','".$key."') as password in your queries and that will use the mysql aes functions with one of the better encryption algorithms. Much better than md5 or sha . With a 255 character key for the encryption it would make the passwords very to decrypt in case a attacker was to get a hold of them.

Member Avatar for skraps

Another good thing to do when receiving variables is to limit the length of them as they are first processed by the script. This can help prevent MySQL buffer overflows. Hack in the box has done a good article in it this month. You can do that using the function $foo_var = substr($foo_var,$length);

also the date if else.

Why not try a switch statement

switch($m){
case 1:
$date = "January";
break;
case 2:
$date = "Febuary";
break;
etc....
Member Avatar for skraps

using encrypt in your code for selecting the password from the database.
Line 27:

$query = "SELECT username FROM staff WHERE username = '".mysql_real_escape_string($username)."' and password = AES_ENCRYPT('$oldpassword','someverylongandrandomstringthatmakesithardertocrack')";
Member Avatar for skraps 
$query = "UPDATE staff SET password = AES_ENCRYPT('$newpassword','someverylongandrandomkey') WHERE username = '".$username."'";
Member Avatar for garwil

Thanks to everyone that has helped me here. It is very clear now from all the posts that MD5 is a "no-no". Having said that, my whole site is based on MD5, from 'Registration' through to my 'Reset' and 'Change Password' features and functions. I am going to have a lot of changin code ahead of me to change everything but for now I have a solution sorted enabling me to change a password using MD5. The problem was the code was not recognising the oldpassword (no doubt due to MD5 as being outdated or some other "funny" with it). I made the username "unigue" and dropped the

"and password = '".md5($_POST['oldpassword'].$salt)."'

portion from the query and for now at least it works on my locahost and will take a deep breath and try it live shortly..

So my code now looks like this for anyone else that may have the same issue as I had and for anyone to comment...

<?php
session_start();
include '../dbfunctions.php';
$link = dbConnect();

$stid = $_GET['staffref'];
//echo $stid;
 
 
$staffs = dbGetRows("staff", "id = '".$stid."'");
$staff = mysql_fetch_array($staffs, MYSQL_ASSOC);
 
//echo $staff['username'];
$error=0;
//echo $staff['password'];
 
if (isset($_POST['Submit'])){
	$username = mysql_real_escape_string($_POST['username']);
	$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
	$newpassword = mysql_real_escape_string($_POST['newpassword']);
	$confirmnewpassword = mysql_real_escape_string($_POST['confirmnewpassword']);
	//echo $_POST['oldpassword']."-".md5($_POST['oldpassword'].$salt);


	 
	if($newpassword == "" )
	{
		echo "New password cannot be blank!";
		$error++;
	}
	// Check if New password is confirmed
	elseif ($newpassword != $confirmnewpassword)
	{
		echo 'The "New Password" and "Confirm New Password" fields do not match, please re-enter!';
		$error++;
	}
	else
	{
	 
	// query username old password is not correct
	//added md5 password in where clause  - fida
		
	$query = "SELECT username FROM staff WHERE username = '".$username."'" or die(mysql_error());
	 
	$result = mysql_query($query);
	$row=mysql_fetch_array($result);
	 
	// Check if Old username old password is not correct
	if(!$row)
	{
		echo "Aw shucks! Seems like you don't exist! Please recheck your username/password dude";
		$error++;
	}
	
	if($error==0){// If everything is ok, modify the record
		$success=changePassword("staff",$username,$_POST['newpassword']); // reusing the function from resetpassword
		
	}
	}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
 
<body bgcolor="#FFF4DC">
<table width="60%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="32"><img src="../images/admin_03.gif"></td>
<td width="0*" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
<td width="35"><img src="../images/admin_07.gif" width="32" height="33"></td>
</tr>
<tr>
<td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
<td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
<tr> <td><?php
if( $success ){
			echo "<font color=\"#006600\">Password Successfully Changed.</font><br><br>
            <a href=\"javascript:;\" onClick=\"window.close(); opener.location.reload(true)\">[CLOSE WINDOW]</a><br> <br> 
           <td bgcolor=\"#FFFFFF\" align=\"right\" background=\"../images/admin_14.gif\" style=\"background-position: right; background-repeat: repeat-y;\"></td>
<tr>
<td><img src=\"../images/admin_21.gif\" width=\"32\" height=\"33\"></td>
<td bgcolor=\"#FFFFFF\" background=\"../images/admin_23.gif\"></td>
<td><img src=\"../images/admin_20.gif\" width=\"32\" height=\"33\"></td>
</tr>
</body>
</html>
";
        die();
   }       

?>
</td>
 
<td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
<br>
<form name="form1" method="post" action="changepassword.php">
<table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
<tr>
<td><b>Username:</b></td>
<td><input type="text" name="username" ></td>
</tr>
<tr>
<td width="154"><b>Old Password:</b></td>
<td width="167"><input type="password" name="oldpassword"></td>
</tr>
<tr>
<td><b>New Password</b></td>
<td><input type="password" name="newpassword"> </td>
</tr>
<tr>
<td><b>New Password Again</b></td>
<td><input type="password" name="confirmnewpassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td align="right"> <input type="submit" name="Submit" value="Submit"> </td>
</tr>
 
</table>
</form>
</td>
</tr>
</table></td>
<td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
</tr>
<tr>
<td><img src="../images/admin_21.gif" width="32" height="33"></td>
<td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
<td><img src="../images/admin_20.gif" width="32" height="33"></td>
</tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>
Member Avatar for skraps

Can we see the changePassword function

Member Avatar for garwil

Here are a few functions related to logins and changepasswrod taken form my dbfunctions.php file...

function login( $table,$username, $password) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE username='%s' AND password='%s'",
            mysql_real_escape_string($username),
            md5(mysql_real_escape_string($password).$salt));
		$result=mysql_query($query);
        if(mysql_num_rows($result)==1)
        	$_SESSION['loggedin']=1;
        else 
        	unset($_SESSION['loggedin']);
        return $result;
}
function loginID( $table,$userID, $password) {
        include 'config.inc.php';
        $query = sprintf("SELECT * FROM `$table` WHERE id='%s' AND password='%s'",
			mysql_real_escape_string($userID),
            md5(mysql_real_escape_string($password).$salt));
        	$result=mysql_query($query);
        return $result;
}
function changePassword( $table, $username, $password) {
        include 'config.inc.php';
        $query = sprintf("Update `$table` set password='%s' WHERE username='%s'",
            md5(mysql_real_escape_string($password).$salt),
            mysql_real_escape_string($username)
            );
        $result=mysql_query($query);
        
        return 1;
}
Member Avatar for jmichae3

you can simply replace md5(mysql_real_escape_string($password).$salt) with md5($password.$salt)

I stated the reason before.anything coming out of MD5 will be perfectly fine for a database. it will be about 32 characters worth of hexadecimal (character set is 0123456789abcdef)

try it from the command-line and see what happens.

<?php echo md5("'fooblotzky's'\n"); ?>
Edited by jmichae3 because: n/a
Member Avatar for garwil

Hi. jmichae3.. this is driving me scatty... I thik I am following what you say and at the same time I realised I could not do away with checking the old password and re-instated that piece of code. It all seems to be working properly according to the var_dumps etc ..

When the page loads I have the existing username and password echoed as per below..

gyesdahl - c5a7cd8b5f7c6f055c25fc0ad3ff5a9c

Then after I have completed the form and submitted, I echo the query which is returning the following which is all correct as the username and password hashes are the same.

string 'SELECT username FROM venues WHERE username = 'admin' and password = 'c5a7cd8b5f7c6f055c25fc0ad3ff5a9c'' length=102)

(

As the error message indicates it cannot find the user as per the SELECT clause I decided to count the rows returned and that is '0' so I end up with the following error
0 Rows .. Please recheck your username and / or your password ...

Surely MD5 cannot cause so many issues can it?

My code now looks like this and I have absolutly no clue as to what I should try next...

<?php
session_start();
include '../dbfunctions.php';

$link = dbConnect();

$error=0;

 
if (isset($_POST['Submit'])){
	$username = mysql_real_escape_string($_POST['username']);
	$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
	$newpassword = mysql_real_escape_string($_POST['newpassword']);
	$confirmnewpassword = mysql_real_escape_string($_POST['confirmnewpassword']);
	echo $_POST['oldpassword']."-".md5($_POST['oldpassword'].$salt);


	 
	if($newpassword == "" )
	{
		echo "<b><font color=\"#8a0000\">New password cannot be blank!</font></b>";
		$error++;
	}
	if( strlen($newpassword) < 6 )
	{
	echo "<b><font color=\"#8a0000\">Password too short! It must be a minimum of 6 characters</font></b>";
	$error++;
	}
	// Check if New password is confirmed
	elseif ($newpassword != $confirmnewpassword)
	{
		echo "<font color=\"#8a0000\">The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!</font></b>";
		$error++;
	}
	else
	{
	 
	// query username old password is not correct
	//added md5 password in where clause  - fida
		
	$query = "SELECT username FROM venues WHERE username = '".$username."' and password = '".md5($_POST['oldpassword'].$salt)."'" or die(mysql_error());
	var_dump($query);
	$result = mysql_query($query);
	$row=mysql_fetch_array($result);
	$num_rows = mysql_num_rows($result);

echo "$num_rows Rows\n";

	// Check if Old username old password is not correct
	if(!$row)
	{
		echo "<font color=\"#8a0000\">Please recheck your username and / or your password ...</font></b>";
		$error++;
	}
	
	if($error==0){// If everything is ok, modify the record
		$success=changePassword("venues",$username,$_POST['newpassword']); // reusing the function from resetpassword
		
	}
	}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
 
<body bgcolor="#FFF4DC">
<table width="33%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="32"><img src="../images/admin_03.gif"></td>
<td width="732" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
<td width="32"><img src="../images/admin_07.gif" width="32" height="33"></td>

</tr>
<tr>
<td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
<td bgcolor="#FFFFFF"><table width="59%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
<tr> <td><?php
if( $success ){
			echo "<font color=\"#006600\">Password Successfully Changed. You will have to login again...</font><br><br>";
			$_SESSION['password']=md5($newpassword.$salt);
			?>
			<a href="javascript:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br> 
	<?php echo "<td bgcolor=\"#FFFFFF\" align=\"right\" background=\"../images/admin_14.gif\" style=\"background-position: right; background-repeat: repeat-y;\"></td>
<tr>
<td><img src=\"../images/admin_21.gif\" width=\"32\" height=\"33\"></td>
<td bgcolor=\"#FFFFFF\" background=\"../images/admin_23.gif\"></td>
<td><img src=\"../images/admin_20.gif\" width=\"32\" height=\"33\"></td>
</tr>
</body>
</html>
";
//header("Location: ../index.php");
        die();
   }       

?>
</td>
 
<td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
<br>
<form name="form1" method="post" action="changepassword.php">
<table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
<tr>
<td><b>Username:</b></td>
<td><input type="text" name="username" ></td>
</tr>
<tr>
<td width="154"><b>Old Password:</b></td>
<td width="167"><input type="password" name="oldpassword"></td>
</tr>
<tr>
<td><b>New Password</b></td>
<td><input type="password" name="newpassword"> </td>
</tr>
<tr>
<td><b>New Password Again</b></td>
<td><input type="password" name="confirmnewpassword"></td>
</tr>
<tr>
  <td width="626" align="right" valign="bottom">&nbsp;</td>
  <td align="right"> <input type="button" name="Cancel" id="Cancel3" value="Cancel" onClick="window.close(); opener.location.reload(true)">&nbsp;&nbsp;
    <input type="submit" name="Submit" value="Submit"> </td>
</tr>
</table>
</form>
</td>
</tr>
</table></td>
<td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
</tr>
<tr>
<td><img src="../images/admin_21.gif" width="32" height="33"></td>
<td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
<td><img src="../images/admin_20.gif" width="32" height="33"></td>
</tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>
Member Avatar for garwil

Ok... I think I have found out where the problem was occuring. The old password field was generating a new hash value on submit. So the SELECT statement was looking for that value in the database which of course was not there. I echoed just about everything and these were the results:
PASSWORD currently in db = bd9f333e24d38ea6f69216e077f15ef4
OLD PASSWORD hash from form = c5a7cd8b5f7c6f055c25fc0ad3ff5a9c
NEW PASSWORD hash from form = 531cf6e04ba45b3c088cd4d4d3cc3c36
CONFIRM NEW PASSWORD hash from form = 531cf6e04ba45b3c088cd4d4d3cc3c36

SELECT STATEMENT TO EXTRACT MATCHING DETAILS= 'SELECT username FROM venues WHERE username = 'admin' and password = 'c5a7cd8b5f7c6f055c25fc0ad3ff5a9c'' (length=102)

0 Rows Please recheck your username and / or your password ...

So the old password field was causing the whole issue. To fix this I extracted the existing password from the db and changed the select statement to reflect that value and so far it works. The question I have now is this.. Is this a good practise or is there another way that is better? Many thanks once again for all the input..

<?php
session_start();
include '../dbfunctions.php';

$link = dbConnect();

$venues = dbGetRows("venues", "id = '".$_SESSION['venueid']."'");
	$venue = mysql_fetch_array($venues, MYSQL_ASSOC);   
	echo $venue['username']." currently in db ".$venue['password'];
$error=0;

 
if (isset($_POST['Submit'])){
	$username = mysql_real_escape_string($_POST['username']);
	//$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
	$oldpassword = $venue['password'];
	$newpassword = mysql_real_escape_string($_POST['newpassword']);
	$confirmnewpassword = mysql_real_escape_string($_POST['confirmnewpassword']);
	echo $_POST['oldpassword']."  OLD ".md5($_POST['oldpassword'].$salt);
	echo $_POST['newpassword']."  new ".md5($_POST['newpassword'].$salt);
	echo $_POST['confirmnewpassword']."  confirm ".md5($_POST['confirmnewpassword'].$salt);
	echo $oldpassword;
	if($newpassword == "" )
	{
		echo "<b><font color=\"#8a0000\">New password cannot be blank!</font></b>";
		$error++;
	}
	if( strlen($newpassword) < 6 )
	{
	echo "<b><font color=\"#8a0000\">Your new password is too short! It must be a minimum of 6 charachters</font></b>";
	$error++;
	}
	// Check if New password is confirmed
	elseif ($newpassword != $confirmnewpassword)
	{
		echo "<font color=\"#8a0000\">The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!</font></b>";
		$error++;
	}
	else
	{
	 
	
	// query username old password is not correct
	//added md5 password in where clause  - fida
		
	$query = "SELECT username FROM venues WHERE username = '".$username."' and password = '".$oldpassword."'" or die(mysql_error());
	var_dump($query);
	$result = mysql_query($query);
	$row=mysql_fetch_array($result);
	$num_rows = mysql_num_rows($result);

echo "$num_rows Rows\n";

	// Check if Old username old password is not correct
	if(!$row)
	{
		echo "<font color=\"#8a0000\">Please recheck your username and / or your password ...</font></b>";
		$error++;
	}
	
	if($error==0){// If everything is ok, modify the record
		$success=changePassword("venues",$username,$_POST['newpassword']); // reusing the function from resetpassword
		
	}
	}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
 
<body bgcolor="#FFF4DC">
<table width="33%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="32"><img src="../images/admin_03.gif"></td>
<td width="732" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
<td width="32"><img src="../images/admin_07.gif" width="32" height="33"></td>

</tr>
<tr>
<td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
<td bgcolor="#FFFFFF"><table width="59%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
<tr> <td><?php
if( $success ){
			echo "<font color=\"#006600\">Password Successfully Changed. You will have to login again...</font><br><br>";
			$_SESSION['password']=md5($newpassword.$salt);
			?>
			<a href="javascript:;" onClick="window.close(); opener.location.reload(true)">[CLOSE WINDOW]</a><br> <br> 
	<?php echo "<td bgcolor=\"#FFFFFF\" align=\"right\" background=\"../images/admin_14.gif\" style=\"background-position: right; background-repeat: repeat-y;\"></td>
<tr>
<td><img src=\"../images/admin_21.gif\" width=\"32\" height=\"33\"></td>
<td bgcolor=\"#FFFFFF\" background=\"../images/admin_23.gif\"></td>
<td><img src=\"../images/admin_20.gif\" width=\"32\" height=\"33\"></td>
</tr>
</body>
</html>
";
//header("Location: ../index.php");
        die();
   }       

?>
</td>
 
<td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
<br>
<form name="form1" method="post" action="changepassword.php">
<table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
<tr>
<td><b>Username:</b></td>
<td><input type="text" name="username" ></td>
</tr>
<tr>
<td width="154"><b>Old Password:</b></td>
<td width="167"><input type="password" name="oldpassword"></td>
</tr>
<tr>
<td><b>New Password</b></td>
<td><input type="password" name="newpassword"> </td>
</tr>
<tr>
<td><b>New Password Again</b></td>
<td><input type="password" name="confirmnewpassword"></td>
</tr>
<tr>
  <td width="626" align="right" valign="bottom">&nbsp;</td>
  <td align="right"> <input type="button" name="Cancel" id="Cancel3" value="Cancel" onClick="window.close(); opener.location.reload(true)">&nbsp;&nbsp;
    <input type="submit" name="Submit" value="Submit"> </td>
</tr>
</table>
</form>
</td>
</tr>
</table></td>
<td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
</tr>
<tr>
<td><img src="../images/admin_21.gif" width="32" height="33"></td>
<td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
<td><img src="../images/admin_20.gif" width="32" height="33"></td>
</tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>
Member Avatar for skraps

AES encryption would be the best way to do this, not md5, not sha, AES

Member Avatar for skraps

Use a 255 random character key defined in your config file to do the encryption with. Mysql already has built in functions to compliment this without extra php code. Just modify your SQL query to compliment it.

Member Avatar for garwil

thanks skraps... I will get to that soon.. a whole new learning curve for me. Will need to read up on it first as have a few files that are currently coded for MD5 and needed to get that feature working so I could complete other stuff. Once that is done then I will revert to the securing of the passwords again...
thanks for the inout though, it is all very valuable to me....

Member Avatar for garwil

DUH.... I just realised that my "solution" is not secure as am bypassing the "Old Password" check. This means the password can be changed without a correct old password being entered. Although this feature is available to a user only after they have logged in I think it best to check the old password anyway. Can anyone help me to get the old password to produce a correct hash that matches the one already in the db as this is where it is all falling down. I have tried everything I know to get it sorted out but to no avail...
Many thanks

Member Avatar for moneeshot

bypassing the "Old Password" check does not make it unsecure but it is a good idea. anyway I was looking over your code and it looks like you are, don't you query with the username and old_password?
before you run the query add the hash:
$oldpassword = md5($oldpassword . $salt);
$query = "SELECT username FROM venues WHERE username = '".$username."' and password = '".$oldpassword."'" or die(mysql_error());
at least thats what your hash system looks like.
what about the salt, is this random or is the same salt used throughout the system? if its something saved in the DB, like mine, you will have to first query using only the username.
sense we are on security, before you go to prod you should change this:
die(mysql_error()) to maybe something like die('there is a prob with your request')

Member Avatar for jmichae3

hmm. wouldn't the old password already have a $salt in it (only if you are getting it from the DB)?

Edited by jmichae3 because: n/a
Member Avatar for garwil

Hi all.. Well I finally got it sorted. A big, big thank you to all who assisted here and gave me direction. My last post had me stumped and after using var_dump and echoing my variables I eventually discovered that I had somehow omitted the

include '../config.inc.php';

at the beginning of my page wherein lies the salt and hash. It's one of those situations where "one cannot see the woods for the trees" :). I certainly learnt a lot here and my next project is to revisit the MD5, SHA etc and re-do my code.
I have posted my full code here (including the commented out var_dump and echos so you can see what I did) for anyone having the same hassles..
One again, many thanks to all... really appreciated..

<?php
session_start();
include '../dbfunctions.php';
include '../config.inc.php';
$link = dbConnect();

$error=0;

 
if (isset($_POST['Submit'])){
	$username = mysql_real_escape_string($_POST['username']);
	$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
	$newpassword = mysql_real_escape_string($_POST['newpassword']);
	$confirmnewpassword = mysql_real_escape_string($_POST['confirmnewpassword']);
	//echo $_POST['oldpassword']."  OLD ".md5($_POST['oldpassword']);
	//echo $_POST['newpassword']."  new ".md5($_POST['newpassword'].$salt);
	//echo $_POST['confirmnewpassword']."  confirm ".md5($_POST['confirmnewpassword'].$salt);
		
	if($newpassword == "" )
	{
		echo "<b><font color=\"#8a0000\">New password cannot be blank!</font></b>";
		$error++;
	}
	if( strlen($newpassword) < 6 )
	{
	echo "<b><font color=\"#8a0000\">Your new password is too short! It must be a minimum of 6 charachters</font></b>";
	$error++;
	}
	// Check if New password is confirmed
	elseif ($newpassword != $confirmnewpassword)
	{
		echo "<font color=\"#8a0000\">The \"New Password\" and \"Confirm New Password\" fields do not match, please re-enter!</font></b>";
		$error++;
	}
	else
	{
	 
	
	// query username old password is not correct
	//added md5 password in where clause  - fida
		
	$query = "SELECT username FROM venues WHERE username = '".$username."' and password = '".md5($_POST['oldpassword'].$salt)."'" or die(mysql_error());
	var_dump($query);
	$result = mysql_query($query);
	$row=mysql_fetch_array($result);
	$num_rows = mysql_num_rows($result);

echo "$num_rows Rows\n";

	// Check if Old username old password is not correct
	if(!$row)
	{
		echo "<font color=\"#8a0000\">Please recheck your username and / or your password ...</font></b>";
		$error++;
	}
	
	if($error==0){// If everything is ok, modify the record
		$success=changePassword("venues",$username,$_POST['newpassword']); // reusing the function from resetpassword
		
	}
	}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Password Administration</title>
<link href="../bb.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">

function CloseAndIndex() {

  window.close();
  opener.location.href = "http://www.leisureafrica.co.za";

}
//-->
</script>
</head>
 
<body bgcolor="#FFF4DC">
<table width="33%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td width="32"><img src="../images/admin_03.gif"></td>
<td width="732" bgcolor="#FFFFFF" background="../images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
<td width="32"><img src="../images/admin_07.gif" width="32" height="33"></td>

</tr>
<tr>
<td bgcolor="#FFFFFF" background="../images/admin_15.gif" style="background-repeat: repeat-y;"></td>
<td bgcolor="#FFFFFF"><table width="59%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px">
<tr> <td><?php
if( $success ){
			echo "<font color=\"#006600\">Password Successfully Changed. You will have to login again...</font><br><br>";
			$_SESSION['password']=md5($newpassword.$salt);
			
			?>
			<a href="javascript:CloseAndIndex()">[CLOSE WINDOW]</a><br> <br> 
	<?php echo "<td bgcolor=\"#FFFFFF\" align=\"right\" background=\"../images/admin_14.gif\" style=\"background-position: right; background-repeat: repeat-y;\"></td>
<tr>
<td><img src=\"../images/admin_21.gif\" width=\"32\" height=\"33\"></td>
<td bgcolor=\"#FFFFFF\" background=\"../images/admin_23.gif\"></td>
<td><img src=\"../images/admin_20.gif\" width=\"32\" height=\"33\"></td>
</tr>
</body>
</html>
";
//header("Location: ../index.php");
        die();
   }       

?>
</td>
 
<td><b><font size="3">CHANGE PASSWORD</font></b><br>
 
<br>
<form name="form1" method="post" action="changepassword.php">
<table width="321" border="0" bgcolor="#FAFAFA" cellspacing="5" cellpadding="0" style="border: 1px solid #BBBBBB;">
<tr>
<td><b>Username:</b></td>
<td><input type="text" name="username" ></td>
</tr>
<tr>
<td width="154"><b>Old Password:</b></td>
<td width="167"><input type="password" name="oldpassword"></td>
</tr>
<tr>
<td><b>New Password</b></td>
<td><input type="password" name="newpassword"> </td>
</tr>
<tr>
<td><b>New Password Again</b></td>
<td><input type="password" name="confirmnewpassword"></td>
</tr>
<tr>
  <td width="626" align="right" valign="bottom">&nbsp;</td>
  <td align="right"> <input type="button" name="Cancel" id="Cancel3" value="Cancel" onClick="window.close(); opener.location.reload(true)">&nbsp;&nbsp;
    <input type="submit" name="Submit" value="Submit"> </td>
</tr>
</table>
</form>
</td>
</tr>
</table></td>
<td bgcolor="#FFFFFF" align="right" background="../images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
</tr>
<tr>
<td><img src="../images/admin_21.gif" width="32" height="33"></td>
<td bgcolor="#FFFFFF" background="../images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
<td><img src="../images/admin_20.gif" width="32" height="33"></td>
</tr>
</table>
<br>
<br>
<br>
<br>
</body>
</html>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.