homepage Welcome to WebmasterWorld Guest from 54.211.235.255
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Ability for the admin to edit a users password
php mysql
GaZzErZz




msg:4599839
 9:14 pm on Aug 6, 2013 (gmt 0)

Hi there, it's been a while since I have used php so need a bit of help for a personal site I'm working on. I want to create a script only the admin can use, where I can change a users password.

Sadly really struggling. As I would have to pull through the persons first name, last name and user ID to do this.

So I thought perhaps combining it all into 1 page.

Having a drop down box with all the users listed, eg UserID First Name, Last Name.

Then below it a box for the password entry, here is what I have so far:

<?php
include"conn.php";
$getinfo = mysql_query("SELECT member_id, firstname, lastname FROM members");
while ($row = mysql_fetch_assoc($getinfo)) {
$userid = $row['member_id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];

?>
<html>
<body>
<form id="changepw" name="changepw" method="post" action="editpw.php">
<table width="500" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th width="200">Select Client</th>
<td width="200"><select name="userid">
<option value="$userid $firstname $lastname">$firstname $lastname</select>
</select> </td>
</tr>
<tr>
<th>Password</th>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<th>Confirm Password </th>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Change Password" /></td>
</tr>
</table>
</form>
</body>
</html>


Then this will lead to the exec script that will actually edit the database:


<?php

session_start();
include_once('isadmin.php');
require_once('config.php');
include('conn.php');


if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}


$user = ($_POST['userid']);
$password = ($_POST['password']);
$cpassword = ($_POST['cpassword']);

if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}

mysql_query("UPDATE users SET passwd = '$password' WHERE member_id='$user'")

$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
header("location: admin-welcome.php");
exit();
}else {
die("Query failed");
}


?>


so yeah, all help appreciated, this is the error i get -
Parse error: syntax error, unexpected $end in /home/a2539787/public_html/scott/edit.php on line 36

 

Readie




msg:4599851
 10:15 pm on Aug 6, 2013 (gmt 0)

This line here:

mysql_query("UPDATE users SET passwd = '$password' WHERE member_id='$user'")

Needs a semi colon

But the cause of your problem is you open this while loop in your first <?php block:

while ($row = mysql_fetch_assoc($getinfo)) {

But you don't close it again.

GaZzErZz




msg:4600015
 3:28 pm on Aug 7, 2013 (gmt 0)

thank you, fixed those 2 issues.
fixed my newest error by myself.

Here is my new problem. Something here is stopping my query from working, I simply get a query failed at the end :

Array
(
[userid_1] => y
[password] => 12345
[cpassword] => 12345
[Submit] => Change Password
)

Query failed

any clue?


<?php
require_once('config.php');
include('conn.php');
$tbl_name="members";

echo( "<pre>" );
print_r( $_POST );
echo( "</pre>" );


if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}


$user = ($_POST['userid']);
$password = ($_POST['password']);
$cpassword = ($_POST['cpassword']);

if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}


// Cycle through each member and check that it needs to be added to the db
$useruploadids = mysql_query( "SELECT member_id FROM members" );
while ($row = mysql_fetch_assoc($useruploadids))
{
// Check that the member was sent from the last form
if( isset( $_POST['userid_'.$row['member_id']] ) && $_POST['userid_'.$row['member_id']] == "y" )
{


// update data in mysql database
$sql="UPDATE {$tbl_name} SET passwd='.md5{$password}' WHERE member_id='{$row['member_id']}'";
$result=mysql_query($sql) or die( mysql_error() );
}
}



$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
header("location: admin-welcome.php");
exit();
}else {
die("Query failed");
}


?>


Readie




msg:4600041
 4:51 pm on Aug 7, 2013 (gmt 0)

Yea, this line:

$result = @mysql_query($qry);

You've not set $qry to anything.

DrDoc




msg:4600042
 4:56 pm on Aug 7, 2013 (gmt 0)

You really need to turn on full error reporting when developing ...

error_reporting(E_ALL);
Readie




msg:4600046
 5:12 pm on Aug 7, 2013 (gmt 0)

And... Also don't forcibly hide errors with the @ symbol.

GaZzErZz




msg:4600049
 5:25 pm on Aug 7, 2013 (gmt 0)

$qry was supposed to be $sql

well it does the sql, but it changes the password. then when I try and log in with the new password I get login failed, when I try to login with old password, I get password failed :(

ahh i found what its doing, cghecked the table and im getting this as the entered value:

.md5test


i was changing the password to test, and obviously its something on this line that is borked:


$sql="UPDATE {$tbl_name} SET passwd='.md5{$password}' WHERE member_id='{$row['member_id']}'";

GaZzErZz




msg:4600055
 5:38 pm on Aug 7, 2013 (gmt 0)

ok fixed that issue,

$sql="UPDATE {$tbl_name} SET passwd= md5('$password') WHERE member_id='{$row['member_id']}'";



now it doesn't do any of the checks to make sure the password areas are filled/match it just changes the password regardless


apologies for double post

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved