I have a script for changing the password to an account that should be retreiving a password from a db and making sure it matches an input field and then changes the password to the value of a different input field, but it can't pass the db comparison because the sql always gives me this outcome Resource id #3 rather than the password.
heres the script
<?php
session_start();
if(!isset($_SESSION['user'])){
header("Location: index.php");
} else {
require ('dbconnectusers.php');
$id = $_SESSION['user'];
if (!empty($_POST['oldpass']) && !empty($_POST['newpass']) && !empty($_POST['confirmnewpass']))
{
$myquery = "SELECT * FROM users WHERE userid = '$id'";
if(!$myquery) die("SQL ERROR: ".mysql_error());
$dbpass = mysql_query($myquery) or die(mysql_error());
$sha1 = sha1($_POST['oldpass']);
if($dbpass == $sha1){
if(strlen($_POST['newpass'])>=5){
if($_POST['newpass'] == $_POST['confirmnewpass']){
$newpass = $_POST['newpass'];
$pass = sha1($newpass);
mysql_query("UPDATE users SET password='$pass'
WHERE userid='$id'")or die(mysql_error());
$_SESSION['message'] = 'You have sucessfully updated your account information.';
header('Location: '.$_SERVER['HTTP_REFERER']);
}else{
$_SESSION['message'] = 'Your Passwords do not match.';
header('Location: '.$_SERVER['HTTP_REFERER']);
exit;
}
}else{
$_SESSION['message'] = 'Your Password is shorter than 5 characters.';
header('Location: '.$_SERVER['HTTP_REFERER']);
exit;
}
} else {
$_SESSION['message'] = 'Your Password isn\'t valid .';
header('Location: '.$_SERVER['HTTP_REFERER']);
echo $dbpass;
echo '</br>';
echo $sha1;
exit;
}
}
}
?>
