change password script...

jamesp

OKay, here's the deal, I have created a change password script for my website but it always resets the encrypted password to 1, I have set some sessions and am using $_SESSION['username'] to validate with the database and make sure which account to change, here's the code:

<?php
session_start();
include 'db.php';

$old = $POST["oldpass"];
$new = $POST["newpass"];
$new2 = $_POST["newpass1"];

if ((!$old) || (!$new) || (!$new2)) {
echo "You forgot to enter some of the required information.";
if (!$old) {
echo "You have to enter an old password!";
}
if (!$new) {
echo "You have to enter a new password!";
}
if (!$new2) {
echo "You have to retype your new password!";
}
exit();
}

if (($new) != ($new2)) {
echo "Your new passwords don't match!";
}

$password = $new;
$decrypted_pass = $new;
$password = md5($password);
$username = $_SESSION['username'];

$query = "UPDATE (table) SET password='$password' AND decrypted_pass='$decrypted_pass' WHERE username='$username'";
$result = @ ($query);
if (mysql_affected_rows($result) == 1) { ?><script>
location.replace('/pass_changed.php');
</script><? } ?>

Any help would be great, thanks.

mmilano

try this as your sql statement:

UPDATE table SET password='$password',decrypted_pass='$decrypted_pass' WHERE username='$username'

i dont' think 'AND' should be in between fields you are updating.

jamesp

i really appreciate that man, it actually works now.