homepage Welcome to WebmasterWorld Guest from 54.167.238.60
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Change Password Script: Mysql/php
"Please try again"......message
Senmar50




msg:1267462
 11:11 pm on Oct 2, 2005 (gmt 0)

Hi All,

Can someone please tell me why this script will not change the password. I keep getting the "Please try again" message. I have been through it over and over again. I am totally frustrated!

Thanks in Advance..
Senmar

<?php

if (isset($_POST['submit'])) {
// Handle the form.

require_once ('databaseconnectinfo.php');
// Connect to the db.

// Create a function for escaping the data.
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}
// End of function.

$message = NULL; // Create an empty new variable.

// Check for a loginName.
if (empty($_POST['loginName'])) {
$lo = FALSE;
$message .= '<p>You forgot to enter your Login Name!</p>';
} else {
$lo = escape_data($_POST['loginName']);
}

// Check for an existing password.
if (empty($_POST['password'])) {
$pa = FALSE;
$message .= '<p>You forgot to enter your existing password!</p>';
} else {
$pa = escape_data($_POST['password']);
}

// Check for a password and match against the confirmed password.
if (empty($_POST['password1'])) {
$npa = FALSE;
$message .= '<p>You forgot to enter your new password!</p>';
} else {
if ($_POST['password1'] == $_POST['password2']) {
$npa = escape_data($_POST['password1']);
} else {
$npa = FALSE;
$message .= '<p>Your new password did not match the confirmed new password!</p>';
}
}

if ($lo && $pa && $npa) { // If everything's OK.

$query = "SELECT id FROM tablename WHERE (loginName='$lo' AND password=PASSWORD('$pa') )";
$result = @mysql_query ($query);
$num = mysql_num_rows ($result);
if ($num == 1) {
$row = mysql_fetch_array($result, MYSQL_NUM);

// Make the query.
$query = "UPDATE tablename SET password=PASSWORD('$npa') WHERE id=$row[0]";
$result = @mysql_query ($query); // Run the query.
if (mysql_affected_rows() == 1) { // If it ran OK.

// Send an email, if desired.
echo '<p><b>Your password has been changed.</b></p>';

exit(); // Quit the script.

} else { // If it did not run OK.
$message = '<p>Your password could not be changed due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>';
}
} else {
$message = '<p>Your loginName and password do not match our records.</p>';
}
mysql_close(); // Close the database connection.

} else {
$message .= '<p>Please try again.</p>';
}

} // End of the main Submit conditional.

// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>

<p><b>Login Name:</b> <input type="text" name="loginName" size="10" maxlength="20" value="<?php if (isset($_POST['loginName'])) echo $_POST['loginName'];?>" /></p>

<p><b>Current Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>

<p><b>New Password:</b> <input type="password" name="password1" size="20" maxlength="20" /></p>

<p><b>Confirm New Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>
</fieldset>

<div align="center"><input type="submit" name="submit" value="Change My Password" /></div>

</form>

 

sergeytch




msg:1267463
 7:52 am on Oct 3, 2005 (gmt 0)

Problem is here:
$query = "SELECT id FROM tablename WHERE (loginName='$lo' AND password=PASSWORD('$pa') )";
$result = @mysql_query ($query);
$num = mysql_num_rows ($result);

1. Try to write it in such way:
$query = "SELECT id FROM tablename WHERE (loginName='".$lo."' AND password=PASSWORD('".$pa."') )";
$result = mysql_query ($query);
$num = mysql_num_rows ($result);

2. Are you sure you use the MySQL function PASSWORD for hashing the password? Maybe problems with it... I don't know for sure.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved