Hey everyone,
Sorry if it seems as if I have posted something similar to this but I don't believe I have had this error before..well not really an error but anyway..so I have a change password form and I process it using php. Well, it goes through the process of saying my password has been changed but it doesn't update the password in my local database..which it should..do..is there something wrong with my code that I am missing?
changepassword.php
<?php
session_start();
$user = (isset($_SESSION{'username'}));
if ($user)
{
//user is logged in
if(isset($_POST['submit']))
{
//check fields
$oldpassword = ($_POST['oldpassword']);
$newpassword = ($_POST['newpassword']);
$repeatnewpassword = ($_POST['repeatnewpassword']);
// check password against db
//connect to db
$connect = mysql_connect("*******","*******","*******") or die("Could not connect to db!");
mysql_select_db("*******") or die("Could not select database!");
$queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query did not work!");
$row = mysql_fetch_assoc($queryget);
$oldpassword = $row['password'];
//check passwords
if ($oldpassword==$oldpassword)
{
// check two new passwords
if ($newpassword==$repeatnewpassword)
{
//success
//change password in db
$querychange = mysql_query("
UPDATE users SET password='$_POST[newpassword]' WHERE username='$user'
");
session_destroy();
die("Your password has been changed. <a href='login.php'>Return</a> to the main page!");
}
else
die("New passwords do not match!");
}
else
die("Old password does not match!");
}
else
{
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><br />
New Password: <input type='password' name='newpassword'><br />
Repeat new Password: <input type='password' name='repeatnewpassword'><br />
<input type='submit' name='submit' value='Change Password'>
</form>
";
}
}
else
die("You must be logged in to change your password! Click <a href='login.php'>here</a> to log in!")
?>