Hello guys,

I tought this is simple at a very 1st place... but I didn't manage to do it ..
Anyone of you can give me an idea on how to do this...

I've created a web apps that required authentication. and yeah ... oh the user setting section I want to have update/change password...

what is the best way to do this ?

I have a very simple mysql table which is
id, username, password

anyone ? thanks in advance

Simplest way

use a form with 3 fields.
current password
new password
Confirm

Compare the current to that already in the DB table, use if stmt so if it is ok, then compare the new and confirm. If these match, update. If not throw exception

Hi,

One of many ways of doing this is to write script following the simple guidelines.

  1. First check if the user is logged in. YES? NO?. If NO?, this is not allowed..
  2. Yes?-> provide a link or form to change the password.
  3. Let the user type in the old password, and the new password. Make it twice for the new password for comparison

    ## e.g.
    <label>Type Old Password</label>
    <input type="password" name="oldpass">
    <label>Type New Password</label>
    <input type="password" name="newFirst"/>
    <label>Re-Type New Passwrod</label>
    <input type="passwrod" name="newSecond"/>

  4. Using $_POST, process the inputted password ( clean it up a little). Compare new passwords .

  5. Connect to your database, validate to make sure that the old password matches the one that is on the database table and the member changing it matches in the username column.

  6. If the validation is a success, update the password column with the new password.

  7. Redirect the user to logout.php and then give the link to login using the new password credentials.
commented: descriptive +2

any update.php sample script that I can refer to ?

<?php 

$host="localhost"; // Host name 

$username="admin"; // Mysql username 

$password="your password"; // Mysql password 

$db_name="db1"; // Database name 

$tbl_name="table1"; // Table name 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");



$username1 = $_POST['username'];

$password1 = $_POST['password'];

$newuserpassword1 = $_POST['newuserpassword'];

$renewuserpassword1 = $_POST['renewuserpassword'];


$result = mysql_query("SELECT localpassword FROM $tbl_name WHERE localusername='$username1' and localpassword = '$password1'");

if(!$result) 
{ 
    echo "Invalid Input";
    exit;
} 

if(mysql_num_rows($result)){
    if($newuserpassword1==$renewuserpassword1){
        $sql=mysql_query("UPDATE $tbl_name SET localpassword='$newuserpassword1' where localusername='$username1'");        
        if($sql) 
        { 
                echo "Password Updated";
                print "<a href=\"login.php\">Login Page</a>";
        }
        else
        {
            // In case when problem while updating your new password
           echo "Oops! could not update password";
           exit;
        }       
    } 
    else 
    {
        // In case when new-password and retype-password do not match
        echo "new password do not match";
        exit;
    }
} 
else 
{
    // In case of you have not correct User name and password
    echo "Login Information Incorrect";
    exit;
}

?> 
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.