Memebers change their login PASSWORD

LordRogaine

I'm making a site that has a member login with password. Their initial password is generated and sent to them in their email. I'm using this script to generate a random password.

function makeRandomPassword() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$random_password = makeRandomPassword();
$db_password=md5($random_password);

After they login the first time with this password I want them to be able to change it to a password of their own choosing? I have an HTML form set up which will contain the old password and the new password. Does anyone know of a script that will let me replace the passwords in the database(mysql)?

cgraz

If i understand correctly, you can use mysql's UPDATE command. Lets say your database has a field called user_pass where you store the password.

if in your form you have

New Password: <input type="password" name="new_password" size="20">

then to update the random password you originally generated and put in the database with this new password, you would use the following code:


<?

//connect to your database

// select database

// Update password
$query = mysql_query("UPDATE your_table SET user_pass='$new_password' WHERE id='$id'");

?>

notice the WHERE id='$id'. you'll need to pull something out of the database that is unique to each user, usually an id field set to auto increment. Then in your form, you'd pull the users info out of the database and use

That way, their unique id gets passed over to the page update_pass.php and the script knows which user out of all of the users in the database just changed their password.

Hope this helps!

Ryan_Sanders

That way has some security issue's involved. You would want to have 2 forms. One for Current Password, and one for New Password. That way, if they put in the $id for another username, they would have to know that persons original p/w.

You will need 2 files. One for the form, and one for the action the form takes.

newpw.php // This is the form page

<?
include "db.php"; // connect
$result = mysql_query("SELECT * FROM table WHERE id=$id",$db);
$myrow = mysql_fetch_array($result);
?>
<form method="post" action="newpw2.php?userid=<? echo $myrow["id"];?>">
<input type="hidden" name="id" value="<? print($myrow["id"]);?>">
<b>Current Password:</b><br>
<input type='text' name='currentpw'><br>
<b>New Password:</b><Br>
<input type='text' name='newpw'><br>
<input type="Submit" value="Update information"></form>

newpw2.php // This is the action the form takes

<?
include "db.php"; // Connection to DB
 $result = mysql_query("SELECT * FROM table WHERE id=$id",$db);
 $myrow = mysql_fetch_array($result);
$user_pass = $myrow["user_pass"];
$currentpw2 = md5($myrow["currentpw"];
?>
<?
if ($currentpw2 != $user_pass) {
echo "Sorry, The current password you entered does not match the current password now. Please re-enter the data and try to change your password again.";
} else {
include "db.php"; // Connection to DB
$newpw2 = md5($newpw);
mysql_query("UPDATE users SET user_pass='$newpw2' WHERE id='$id'");
 echo "Thank you! Password Changed!.";
}
?>

Maybe that helped you.. That is what I use, but a little different.

LordRogaine

Thanks for all the help. I'll give it a try!