Forum Moderators: coopster
When the user fills in the password change form, it brings the error that the old password is incorect, even though it's correct... I was wondering if there's something small that I've missed in the coding or something, I've spent all day trying things but I can't seem to work it out...
The form code is:
<form action="pass.php" method="post">
Change your password:<br/><br />
<table width="100%">
<tr>
<td width="191"><div align="right">Old password: </div></td>
<td width="247"><input type="password" name="oldpassword" size="25"></td>
</tr>
<tr>
<td><div align="right">New password: </div></td><td><input type="password" name="newpassword" size="25"></td>
</tr>
<tr>
<td><div align="right">Repeat password: </div></td><td><input type="password" name="newpassword2" size="25"></td>
</tr>
<tr>
<td>
</td>
<td><input type="image" src="images/capsmak.gif" value="passchange"></td>
</tr>
</table>
</form>
the php is:
<?php
$link = mysql_connect("mysql15.#*$!.net","#*$!","#*$!");
mysql_selectdb("#*$!", $link);
if (!$_POST['oldpassword'] ¦ !$_POST['newpassword'] ¦ !$_POST['newpassword2'])
{
die("<meta http-equiv='refresh' content='0;URL=myaccountpassfields.php'>");
}
if ($_POST['newpassword'] != $_POST['newpassword2'])
{
die("<meta http-equiv='refresh' content='0;URL=myaccountpassfail.php'>");
}
if (!get_magic_quotes_gpc())
{
$_POST['newpassword'] = addslashes($_POST['newpassword']);
}
$un = $_COOKIE['username'];
$opw = $_POST['oldpassword'];
$opw = stripslashes($opw);
$opw = mysql_real_escape_string($opw);
$opw = md5($opw);
$npw = $_POST['newpassword'];
$npw1 = $_POST['newpassword2'];
$query = "SELECT * FROM Users WHERE username='$un' and password='$opw'";
$result=mysql_query($query);
if (mysql_num_rows($result)<=0)
{
echo "<meta http-equiv='refresh' content='0;URL=myaccountpasswrong.php'>";
}
else
{
$npw = md5($npw);
$sqlpw = mysql_query("UPDATE Users SET password='$npw' WHERE username='$un'");
if($sqlpw)
{
echo "<meta http-equiv='refresh' content='0;URL=myaccountpasssucc.php'>";
}
}
?>
When the user fills in the password change form, it brings the error that the old password is incorect, even though it's correct
You've shown us all your markup and PHP code, but haven't pointed out the section of the PHP that handles this specific task. I can guess where it is, and how it's handled, but it would be better if you would be more explicit and point it out.
Stepping through the script, I see these potential errors:
if (!$_POST['oldpassword'] ¦ !$_POST['newpassword'] ¦ !$_POST['newpassword2'])
$query = "SELECT * FROM Users WHERE username='$un' and password='$opw'";
$result=mysql_query($query);
Are you certain this SQL statement works, and the variable values contained represent a record in stored in the database? Make sure you use echo on the $query variable, and make use of mysql_error() to check the validity of the query execution.
I also think it's really interesting that you're using a meta tag to redirect the user. Why not use header()?
I checked the $query variable, like you said, and the username wasn't calling anything... then it hit me, I'd written the wrong title for the username's session... stupid mistake.
It works now... I should have just checked the query before, I don't know why it didn't occur to me, I guess I'm just used to checking everything manually.
As for the AND operator, I'm guessing you just mean to replace the ¦ with AND?
finally... I'm using the meta tag for now as I am pretty new to php, I just started it this week and this was the final touch to make the site able to go beta so I've overlooked a few codes in the process, using ones that I know will work. I'm going to go through each page again and update the codes as soon as I can.
Thanks a lot again. I thought I'd come back and let you know its fixed ;)
As for the AND operator, I'm guessing you just mean to replace the ¦ with AND?
You can use the logical operator AND or &&. PHP Manual : Logical Operators [us2.php.net]
Thanks for posting back.
