Hey everyone, so I have a change password form and script to go with it..but when I change the password to letters, symbols such as (#$%$) and numbers, it still tells me my input information is incorrect whether it be username, old password or new password...why is this?
here is the script for changepassword.php
<?php
session_start();
function Checker($str)
{
$var = preg_match('/[^a-zA-Z]/', $str);
return $var;
}
function CheckerNum($str)
{
$var = preg_match('/[^a-zA-Z0-9]/', $str);
return $var;
}
if(isset($_POST['submit']))
{
//Get all the user inputs
$username = $_POST['username'];
$passwordOld = $_POST['passwordOld'];
$passwordNew = $_POST['passwordNew'];
$passwordNew1 = $_POST['passwordNew1'];
//Connect to database: hostname, username, password and databasename
$con = mysql_connect('************', '******', '*********') or die(mysql_error());
mysql_select_db('********') or die(mysql_error());
//Remove stuff from the user inputs...
$username = mysql_real_escape_string(html_entity_decode(htmlentities($username)));
$passwordOld = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld)));
$passwordNew = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew)));
$passwordNew1 = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew1)));
//Die if account contains non-alphanumeric characters
if(CheckerNum($username) == 1)
{
die("Error: Username contains invalid characters! Please try again <a href='changepassword-form.php'>here</a>!");
}
//Die if old password contains non-alphanumeric characters
elseif(CheckerNum($passwordOld) == 1)
{
die("Error: Password contains invalid characters! Please try again <a href='changepassword-form.php'>here</a>!");
}
//Die if new password contains non-alphanumeric characters
elseif(CheckerNum($passwordNew) == 1)
{
die("Error: New password contains invalid characters! Please try again <a href='changepassword-form.php'>here</a>!");
}
//Die if new password(confirm) contains non-alphanumeric characters
elseif(CheckerNum($passwordNew1) == 1)
{
die("Error: New password contains invalid characters! Please try again <a href='changepassword-form.php'>here</a>!");
}
//If new pass and new pass(confirm) dont match, die.
if($passwordNew != $passwordNew1)
{
die("New password fields must match! Please try again <a href='changepassword-form.php'>here</a>!");
}
//Get password from db
$query = "SELECT password FROM users WHERE username = '".$username."' AND password = '".$passwordOld."'";
$result = mysql_query($query) or die(mysql_error());
$numrows = mysql_num_rows($result);
//If no rows, means invalid user/pass, die.
if($numrows == 0)
{
die("Invalid username/password! Please try again <a href='changepassword-form.php'>here</a>!");
}
//Change pass to new password
$query = "UPDATE users SET password = '".$passwordNew."' WHERE username = '".$username."'";
$result = mysql_query($query) or die(mysql_error());
echo "The password for ".$username." was successfully changed! Please log in <a href='logIn.php'>here</a>!";
//close mysql connection
mysql_close();
}
else
{
include('changepassword-form.php');
}
?>Any help would be greatly appreciated!! :)