Session + Database: Change PAssword!

Dax

Hello, i have a problem with changing the randomly generated password i made, i made a form and a script, and i had made a success login page, but i can't seem to figure out why it won't UPDATE the password, i tried lots of things, my script says it was successful, but it doesn't change it in the database... Yes there is connection and Yes sessions work...:

Login_success:

<? 
session_start(); 

$_SESSION['members'] = "yes";
$_SESSION['username'];
$_SESSION['password'] = $password;

echo "<img src='dowsmallwhite.png'><br><img src='logo1.png'><br><img src='loggedin.png'><br>Welcome ". $_SESSION['name'] ."! 
    You have successfully logged on!<br /><br />"; 

echo "You can now go to the <a href='memberpage.php'>member page</a>!<br>Go<a href='javascript:history.go(-1)'> Back!</a> <br />"; 

echo "<br /><a href='changepw.php'>Change Password</a><br><a href='logout.php'>Logout</a>"; 

?>

Changepw.php (the form itself)

<?
session_start();
$_SESSION['password'];
$_SESSION['username'];
?>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<p><img src="dowsmallwhite.png" width="300" height="100"></p>
<p><img src="changepass.png" width="250" height="100"> </p>
<FORM METHOD="post" ACTION="changepass.php">

  <P><STRONG>New Password:</STRONG><BR>
<INPUT NAME="new_pass" TYPE="text" id="new_pass" SIZE=25 MAXLENGTH=25></p>

  <P><STRONG>Confirm New Password:</STRONG><BR>
    <INPUT NAME="conf_new_pass" TYPE="password" id="conf_new_pass" SIZE=25 MAXLENGTH=25>
  </p>
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Change password!"></P>



</FORM>

<a href="forgotpass.htm">Forgot your password?</a><br>
<a href="show_adduser.html"><img src="registersmall.png" width="200" height="70" border="0"></a> 
</BODY>
</HTML>

Heres the script to Changepw, ChangePAss.php

<?
session_start();

include 'db.php';

$new1 = $new_pass;
$conf = $conf_new_pass;
$usernam = $_SESSION['username'];

if($new1==$conf){ 
$sql =  "UPDATE users SET password='$new1' WHERE username='$usernam'";
$result = @mysql_query($sql,$connection) or die("Couldn't execute query!"); 
echo"Your password has been changed successfully! Click <a href='memberpage.php'>here</a> to go to memberspage!";
} else { 
echo "Passwords don't match:"; 
include 'changepw.php';
} 
?>

The problem i think lies in the query stuff... the sql data and the
if statement that makes the UPDATE to mysql
Thanks for your time, please reply ASAP!🙂

Dax

I made some changes to ChanePass.php, BUT IT STILL DOESNT WORK :mad: :

<?
session_start();

$host = "*"; 
$usernameit = "*"; 
$passwordit = "*"; 
$database = "*"; 

$connection = mysql_pconnect("$host", "$usernameit", "$passwordit") or die("Couldn't connect.");
$db = @mysql_select_db($database, $connection) or die("Couldn't select database.");

$new1 = $new_pass;
$conf = $conf_new_pass;
$usernam = $_SESSION['username'];
$old = $old_pass;

if($new1==$conf){ 
$sql = "SELECT password FROM users WHERE password='".md5($old)."'";
$result = @mysql_query($sql,$connection) or die("Couldn't execute query!");
$oldcheck = mysql_numrows($result);

if($old > 0) {
echo "Error: ".mysql_error($result);
exit();
}
$sql2 =  "UPDATE users SET password='".md5($new1)."' WHERE username='$usernam'";
$result2 = @mysql_query($sql2,$connection) or die("Couldn't execute query!"); 
echo"Your password has been changed successfully! Click <a href='memberpage.php'>here</a> to go to memberspage!";
} else { 
echo "Passwords don't match:"; 
include 'changepw.php';
} 
if (!$result2) {
echo "Error: ".mysql_error($result2);
exit();  

}
?>

Dax

i looked at other codes and changed ChanePass.php to:

<?
session_start();
$_SESSION['username'] = $username;

$host = "*"; 
$usernameit = "*"; 
$passwordit = "*"; 
$database = "*"; 

$connection = mysql_pconnect("$host", "$usernameit", "$passwordit") or die("Couldn't connect.");
$db = @mysql_select_db($database, $connection) or die("Couldn't select database.");

$new1 = $_POST['new_pass'];
$conf = $_POST['conf_new_pass'];
$usernam = $_POST['username'];
$old = md5($_POST['old_pass']);

if($new1==$conf){ 
$sql = "SELECT password FROM users WHERE password='$old'";
$result = @mysql_query($sql,$connection) or die("Couldn't execute query!");
$oldcheck = mysql_numrows($result);

  if($old > 0) {
  echo "Error: ".mysql_error($result);
  exit();
  }
$sql2 =  "UPDATE users SET password='".md5($new1)."' WHERE username='$usernam'";
$result2 = @mysql_query($sql2,$connection) or die("Couldn't execute query!"); 
echo"Your password has been changed successfully! Click <a href='memberpage.php'>here</a> to go to memberspage!";
} else { 
echo "Passwords don't match:"; 
include 'changepw.php';
} 
if (!$result2) {
echo "Error: ".mysql_error($result2);
exit();  

}
?>

please tell me whats wrong it still doesnt work :mad: :mad: :mad: 🙁

Threehearts

Hi!
$sql = "UPDATE users SET password='$new1' WHERE username='$usernam'";

you forgot an "e":
its $username not $usernam.

🙂
greetings, jakpb

Dax

i did that cuz its suppose to be

i wanted to make it different from username, incase it conflicts with the other username, so i put usernam DUH DUH DUH DUH DUH DUH DUH F04WKTOP43T'V'RE 🙁 ITS HOPELESS

Threehearts

hmmm...
1) get yourself a beer
2) have you tried running the query with the actual values directly in mysql?
3) are you sure that for $_POST['username'] there is a entry in the db?

... i couldnt see anything wrong with your code, im sorry.

is the data type ok?
(just guessing wildly)

Dax

what datatype??

Threehearts

hi!
happened to me recently, defined value as INT in sql and wanted to write 'YES' instead of 1 into the db....
or the string is too long and therfore not accepted, something like this...
just fishing in muddy water though.

shrugs

hope you find a solution soon...

greetings, jakob

Dax

damnit, WHY DOESNT' ANYONE WHO KNOWS THE SOLUTION REPLY :mad:

sdjensen

Try removing the @ if front of the db-calls.
Without the @, it will show if there is an error in the mysql function calls.

Var_dump'ing the sql statement before execute it will show the error in 80% of the cases.


$sql2 =  "UPDATE users SET password='".md5($new1)."' WHERE username='$usernam'"; 
var_dump($sql2);
$result2 = @mysql_query($sql2,$connection) or die("Couldn't execute query!");

If still error, try execute the output from $sql2 in phpadmin to see if it gives the same error.

What happens when you run the code?
What does the output looks like?