1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:12 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Ability for the admin to edit a users password

php mysql

         

GaZzErZz

9:14 pm on Aug 6, 2013 (gmt 0)

10+ Year Member



Hi there, it's been a while since I have used php so need a bit of help for a personal site I'm working on. I want to create a script only the admin can use, where I can change a users password.

Sadly really struggling. As I would have to pull through the persons first name, last name and user ID to do this.

So I thought perhaps combining it all into 1 page.

Having a drop down box with all the users listed, eg UserID First Name, Last Name.

Then below it a box for the password entry, here is what I have so far: 

<?php
   include"conn.php";
   $getinfo = mysql_query("SELECT member_id, firstname, lastname FROM members");
while ($row = mysql_fetch_assoc($getinfo)) {
$userid = $row['member_id']; 
$firstname = $row['firstname'];
$lastname = $row['lastname'];

?>
<html>
<body>
<form id="changepw" name="changepw" method="post" action="editpw.php">
 <table width="500" border="0" align="center" cellpadding="2" cellspacing="0">
  <tr>
   <th width="200">Select Client</th>
   <td width="200"><select name="userid">
<option value="$userid $firstname $lastname">$firstname $lastname</select>
</select> </td>
  </tr>
  <tr>
   <th>Password</th>
   <td><input name="password" type="password" class="textfield" id="password" /></td>
  </tr>
  <tr>
   <th>Confirm Password </th>
   <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
  </tr>
  <tr>
   <td>&nbsp;</td>
   <td><input type="submit" name="Submit" value="Change Password" /></td>
  </tr>
 </table>
</form>
</body>
</html>


Then this will lead to the exec script that will actually edit the database: 


<?php

session_start();
include_once('isadmin.php');
require_once('config.php');
include('conn.php');


if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>'; 
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}


$user = ($_POST['userid']);
$password = ($_POST['password']);
$cpassword = ($_POST['cpassword']);

if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}

 mysql_query("UPDATE users SET passwd = '$password' WHERE member_id='$user'") 
 
 $result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
header("location: admin-welcome.php");
exit();
}else {
die("Query failed");
}
 
 
 ?>


so yeah, all help appreciated, this is the error i get -
Parse error: syntax error, unexpected $end in /home/a2539787/public_html/scott/edit.php on line 36

Readie

10:15 pm on Aug 6, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This line here: 

mysql_query("UPDATE users SET passwd = '$password' WHERE member_id='$user'")

Needs a semi colon

But the cause of your problem is you open this while loop in your first <?php block: 

while ($row = mysql_fetch_assoc($getinfo)) {

But you don't close it again.

GaZzErZz

3:28 pm on Aug 7, 2013 (gmt 0)

10+ Year Member



thank you, fixed those 2 issues.
fixed my newest error by myself.

Here is my new problem. Something here is stopping my query from working, I simply get a query failed at the end :

Array
(
[userid_1] => y
[password] => 12345
[cpassword] => 12345
[Submit] => Change Password
)

Query failed

any clue? 


<?php
require_once('config.php');
include('conn.php');
$tbl_name="members";

 echo( "<pre>" );
 print_r( $_POST );
 echo( "</pre>" );


if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>'; 
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}


$user = ($_POST['userid']);
$password = ($_POST['password']);
$cpassword = ($_POST['cpassword']);

if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
if($cpassword == '') {
$errmsg_arr[] = 'Confirm password missing';
$errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}


 // Cycle through each member and check that it needs to be added to the db
$useruploadids = mysql_query( "SELECT member_id FROM members" );
while ($row = mysql_fetch_assoc($useruploadids))
{
// Check that the member was sent from the last form
if( isset( $_POST['userid_'.$row['member_id']] ) && $_POST['userid_'.$row['member_id']] == "y" )
{


// update data in mysql database
$sql="UPDATE {$tbl_name} SET passwd='.md5{$password}' WHERE member_id='{$row['member_id']}'";
$result=mysql_query($sql) or die( mysql_error() ); 
}
}

 
 
 $result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
header("location: admin-welcome.php");
exit();
}else {
die("Query failed");
}
 

 ?>

Readie

4:51 pm on Aug 7, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yea, this line: 

$result = @mysql_query($qry);

You've not set $qry to anything.

DrDoc

4:56 pm on Aug 7, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You really need to turn on full error reporting when developing ... 

error_reporting(E_ALL);

Readie

5:12 pm on Aug 7, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



And... Also don't forcibly hide errors with the @ symbol.

GaZzErZz

5:25 pm on Aug 7, 2013 (gmt 0)

10+ Year Member



$qry was supposed to be $sql

well it does the sql, but it changes the password. then when I try and log in with the new password I get login failed, when I try to login with old password, I get password failed :(

ahh i found what its doing, cghecked the table and im getting this as the entered value:

.md5test


i was changing the password to test, and obviously its something on this line that is borked: 


$sql="UPDATE {$tbl_name} SET passwd='.md5{$password}' WHERE member_id='{$row['member_id']}'";

GaZzErZz

5:38 pm on Aug 7, 2013 (gmt 0)

10+ Year Member



ok fixed that issue, 

$sql="UPDATE {$tbl_name} SET passwd= md5('$password') WHERE member_id='{$row['member_id']}'";



now it doesn't do any of the checks to make sure the password areas are filled/match it just changes the password regardless


apologies for double post
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:12 pm Apr 27, 2026