Hey everyone,

Sorry if it seems as if I have posted something similar to this but I don't believe I have had this error before..well not really an error but anyway..so I have a change password form and I process it using php. Well, it goes through the process of saying my password has been changed but it doesn't update the password in my local database..which it should..do..is there something wrong with my code that I am missing?

changepassword.php

<?php

session_start();

$user = (isset($_SESSION{'username'}));

if ($user)
{
 //user is logged in
 
 if(isset($_POST['submit']))
	{
		//check fields
		
		$oldpassword = ($_POST['oldpassword']);
		$newpassword = ($_POST['newpassword']);
		$repeatnewpassword = ($_POST['repeatnewpassword']);
		
		// check password against db
		
		//connect to db
		$connect = mysql_connect("*******","*******","*******") or die("Could not connect to db!");
		mysql_select_db("*******") or die("Could not select database!");
		
		$queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query did not work!");
		$row = mysql_fetch_assoc($queryget);
		
		$oldpassword = $row['password'];
		
		//check passwords
		if ($oldpassword==$oldpassword)
			{
			
				// check two new passwords
				if ($newpassword==$repeatnewpassword)
					{
						//success
						//change password in db
						
						$querychange = mysql_query("
						UPDATE users SET password='$_POST[newpassword]' WHERE username='$user'
						");
						session_destroy();
						die("Your password has been changed. <a href='login.php'>Return</a> to the main page!");
					}
					else
						die("New passwords do not match!");
			
			
			}
			else
				die("Old password does not match!");
		
		
	}
	else
		{
 
			echo"
				<form action='changepassword.php' method='POST'>
					Old Password: <input type='text' name='oldpassword'><br />
					New Password: <input type='password' name='newpassword'><br />
					Repeat new Password: <input type='password' name='repeatnewpassword'><br />
					<input type='submit' name='submit' value='Change Password'> 
				</form>
				";
		}



}
else 
	die("You must be logged in to change your password! Click <a href='login.php'>here</a> to log in!")

?>
Member Avatar for diafol

Won't:

$user = (isset($_SESSION{'username'}));

return 'true' instead of the username itself?

@ardav yes you are right, should I just check to see if the user info is set by using this then?:

$username = isset($_POST['username']);

never mind, I fixed the issue! thanks for the help!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.