How to change the password

chinni_77

Hello,

I have a log-in page where the user name and password entered is checked with the values in a table and if they match, the user would be re-directed to the page i mentioned in the header.Thatz fine.Now, i would like to change the password through a form.For ex:

I have a form with 3 text boxes to enter the old password(i.e the user which he entered to log-in), to enter a new password and to re-enter the new password.If the entered new password and the re-entered password matches they are stored in the table in encrypted form.If they are not matched, i would like to display an error message.I would like to store this newly entered password value on my old password, that is just over-writing the exsisting one.How can i do this one?
All your suggestions would be highly appreciated.

thanking you in advance.

The following is the piece of code which i'm using for my log-in page.

<?php

Database connection;

$sql = "SELECT count(*) as cnt from TBL_USER WHERE USER_NAME = '$user' AND USER_PASSWORD = '$pass'";
$result = ibase_query($sql);
$row = ibase_fetch_row($result);
if ($row[0]) {
header('Location: main.php');
exit;
} else {
echo"<form action=\"$PHP_SELF\" method=\"POST\">\n";

}
// Display Log-in Form
?>

bladx

You would want to use the mysql query function: UPDATE.
for example, your code may look like this:

<?php

$sql = "UPDATE tablename SET pass='$pass' where name='$name'";

?>

chinni_77

well, could you be more specific like, how should we check the newly entered password and the re-entered password?if they are equal, then they are updated in the table and the most important thing is, they should be stored in encrypted form.

thanks once again

bastien

if ($newpassword <>$newpassword2){
header ("Location:http://www.mysite.com/change.php");
echo "passwords do not match. please re-enter passwords!";
echo "<html><body>

<form name=change method=post action="PHP_SELF>
Old password: <input type=password name=oldpassword value=$oldpassword><br><br>
New password:<input type=password name=newpassword><br>
Repeat new pasword:<input type=password name=newpassword><br>
<input type=hidden value=$userid>
<input type=submit value=submit></form></body></html>";

}else{
$sql="update userstable set password=MD5($password) where userid =$userid";

$result=mysql_query($sql,$conn) or die ("database not available");

if (!$result){
echo "Change update did not take place. Please retry";
}else {
echo "change successful!";
}
}

notes:

MD5 is a hash function that is acceptable for encryption of the data into the table. remember to do the same when querying the DB as the user logs in.

a better way of organizing the page is to put a function that displays the html for the form. that way you can use one page to log the user in / change passwords...

hth

chinni_77

finally, I've written something like this, unfortunately it does'nt work.could somebody pls tell me where the error is.

<?
include "dbconnection.ini";

// if ($newpassword <>$newpassword2){

//echo "passwords do not match. please re-enter passwords!"; 
echo ("<html><body> 

<form action=\"$PHP_SELF\" method=\"POST\">\n");

echo("Old password:<input type=\"password\" name=\"oldpassword\" value=\"$oldpassword\"><br><br> 
New password:<input type=\"password\" name=\"newpassword\"><br> 
Repeat new pasword:<input type=\"password\" name=\"newpassword2\"><br> 
<input type=\"hidden\" value=\"$userid\"> 
<input type=\"submit\" value=\"submit\"></form></body></html>");

if ($newpassword <>$newpassword2){
echo "passwords do not match. please re-enter passwords!";
}else{
$sql="update TBL_USER set USER_PASSWORD='$newpassword' where USER_ID ='$userid'";

$result=ibase_query($sql); 

if (!$result){ 
echo "Change update did not take place. Please retry";

}else {
echo "Password successfully changed!";
}
}
?>

thanks in advance

bastien

you could also echo back the sql statement to see if all the values are correct...does php produce an error? or does the update statement fail?