[Resolved] change password

sirTemplar

i found this somewhere here and tried to make use of it. thanks. but i am having problems.

1) when user inputs new password and on the retype puts a different password, it echoes "Your new passwords don't match"
but still updates the database!(with the value on the input on new), and echoes "password changed". what i want is when there is no match between them, the database should not be updated!!! what's wrong here??? thanks.

<?
$old = $_POST["oldpass"]; 
$new = $_POST["newpass"]; 
$new2 = $_POST["newpass1"]; 

if ((!$old) || (!$new) || (!$new2)) { 
echo "You forgot to enter some of the required information."; 
if (!$old) { 
echo "You have to enter an old password!"; 
} 
if (!$new) { 
echo "You have to enter a new password!"; 
} 
if (!$new2) { 
echo "You have to retype your new password!"; 
} 
exit(); 
} 

if (($new) != ($new2)) { 
echo "Your new passwords don't match!"; 
} 
?>

<?

$password = $new; 
$decrypted_pass = $new; 
$password = md5($password); 
$username = $_SESSION['username']; 


// connect to database 
include("connect.php"); 

$query = "UPDATE table SET  

	password='$password'
	WHERE username='$username'";		

if ($result = mysql_query($query)){
	echo "password changed<br>";
	} else {echo "error changing password";}

?>

p.s.
after they successfully changed their password, i want them also to be logged out and redirected to the login page and enter with their new password!

The_Chancer

You need to break out of the routine if they dont match.

At the moment, all you do is tell them they they don't then carry on as normal.

<?
$old = $_POST["oldpass"]; 
$new = $_POST["newpass"]; 
$new2 = $_POST["newpass1"]; 

if ((!$old) || (!$new) || (!$new2)) { 
echo "You forgot to enter some of the required information."; 
if (!$old) { 
echo "You have to enter an old password!"; 
} 
if (!$new) { 
echo "You have to enter a new password!"; 
} 
if (!$new2) { 
echo "You have to retype your new password!"; 
} 
exit(); 
} 

if (($new) != ($new2)) { 
die("Your new passwords don't match!"); 
} 
?>

<?

$password = $new; 
$decrypted_pass = $new; 
$password = md5($password); 
$username = $_SESSION['username']; 


// connect to database
include("connect.php"); 

$query = "UPDATE table SET  

    password='$password'
    WHERE username='$username'";        

if ($result = mysql_query($query)){
    echo "password changed<br>";
    } else {echo "error changing password";}

?>

Should work...

FireBadger

Alternativly

if (($new) = ($new2)) { 
   // insert into database
} 
else
{
   echo "Your new passwords don't match!"; 
};

sirTemplar

that was really fast. thanks! last one... how do i redirect them to the first page of the reserved are after they have successfully changed the password? the page is called main.php. thanks again.

The_Chancer

<?
$old = $_POST["oldpass"]; 
$new = $_POST["newpass"]; 
$new2 = $_POST["newpass1"]; 

if ((!$old) || (!$new) || (!$new2)) { 
echo "You forgot to enter some of the required information."; 
if (!$old) { 
echo "You have to enter an old password!"; 
} 
if (!$new) { 
echo "You have to enter a new password!"; 
} 
if (!$new2) { 
echo "You have to retype your new password!"; 
} 
exit(); 
} 

if (($new) != ($new2)) { 
die("Your new passwords don't match!"); 
} 
?>

<?

$password = $new; 
$decrypted_pass = $new; 
$password = md5($password); 
$username = $_SESSION['username']; 


// connect to database
include("connect.php"); 

$query = "UPDATE table SET  

    password='$password'
    WHERE username='$username'";        

if ($result = mysql_query($query)){
   header("Location: http://www.example.com/main.php");
    } else {
   header("Location: http://www.example.com/passworderror.php");}
?>

Just redirect the page accordingly... header() functions are good...