Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Change Password Script: Mysql/php

"Please try again"......message

11:11 pm on Oct 2, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 21, 2004
votes: 0

Hi All,

Can someone please tell me why this script will not change the password. I keep getting the "Please try again" message. I have been through it over and over again. I am totally frustrated!

Thanks in Advance..


if (isset($_POST['submit'])) {
// Handle the form.

require_once ('databaseconnectinfo.php');
// Connect to the db.

// Create a function for escaping the data.
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
return mysql_real_escape_string($data, $dbc);
// End of function.

$message = NULL; // Create an empty new variable.

// Check for a loginName.
if (empty($_POST['loginName'])) {
$lo = FALSE;
$message .= '<p>You forgot to enter your Login Name!</p>';
} else {
$lo = escape_data($_POST['loginName']);

// Check for an existing password.
if (empty($_POST['password'])) {
$pa = FALSE;
$message .= '<p>You forgot to enter your existing password!</p>';
} else {
$pa = escape_data($_POST['password']);

// Check for a password and match against the confirmed password.
if (empty($_POST['password1'])) {
$npa = FALSE;
$message .= '<p>You forgot to enter your new password!</p>';
} else {
if ($_POST['password1'] == $_POST['password2']) {
$npa = escape_data($_POST['password1']);
} else {
$npa = FALSE;
$message .= '<p>Your new password did not match the confirmed new password!</p>';

if ($lo && $pa && $npa) { // If everything's OK.

$query = "SELECT id FROM tablename WHERE (loginName='$lo' AND password=PASSWORD('$pa') )";
$result = @mysql_query ($query);
$num = mysql_num_rows ($result);
if ($num == 1) {
$row = mysql_fetch_array($result, MYSQL_NUM);

// Make the query.
$query = "UPDATE tablename SET password=PASSWORD('$npa') WHERE id=$row[0]";
$result = @mysql_query ($query); // Run the query.
if (mysql_affected_rows() == 1) { // If it ran OK.

// Send an email, if desired.
echo '<p><b>Your password has been changed.</b></p>';

exit(); // Quit the script.

} else { // If it did not run OK.
$message = '<p>Your password could not be changed due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>';
} else {
$message = '<p>Your loginName and password do not match our records.</p>';
mysql_close(); // Close the database connection.

} else {
$message .= '<p>Please try again.</p>';

} // End of the main Submit conditional.

// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>

<p><b>Login Name:</b> <input type="text" name="loginName" size="10" maxlength="20" value="<?php if (isset($_POST['loginName'])) echo $_POST['loginName'];?>" /></p>

<p><b>Current Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>

<p><b>New Password:</b> <input type="password" name="password1" size="20" maxlength="20" /></p>

<p><b>Confirm New Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>

<div align="center"><input type="submit" name="submit" value="Change My Password" /></div>


7:52 am on Oct 3, 2005 (gmt 0)

New User

10+ Year Member

joined:Oct 2, 2005
votes: 0

Problem is here:
$query = "SELECT id FROM tablename WHERE (loginName='$lo' AND password=PASSWORD('$pa') )";
$result = @mysql_query ($query);
$num = mysql_num_rows ($result);

1. Try to write it in such way:
$query = "SELECT id FROM tablename WHERE (loginName='".$lo."' AND password=PASSWORD('".$pa."') )";
$result = mysql_query ($query);
$num = mysql_num_rows ($result);

2. Are you sure you use the MySQL function PASSWORD for hashing the password? Maybe problems with it... I don't know for sure.