Change Password Page Problems

xNeOx · Nov 3, 2011

Hello, I have written a Change Password Page script and it unfortunately does not seem to work. It displays "Your current password did not match what we have on file. Try again" whatever I do... Whether I send a form without completing the fields.. Whether I enter all fields correctly.. I don't know what's wrong with it.

<?

session_start();
if (!$_SESSION['idx'])
header("Location: index.php");

$id = $_SESSION['idx'];
$successMsg = "";
$errorMsg = "";


if ($_POST['parse'] == "passchange") {

$current_pass = $_POST['current_pass'];
$new_pass1 = $_POST['new_pass1'];
$new_pass2 = $_POST['new_pass2'];

if ($new_pass1 != $new_pass2) {
$errorMsg = 'Create New Password and Confirm New Password did not match.
<p><a href="settings.php">Try again</a></p>'; 
}

// Connect to database
     include_once "ctm.php";
 // Add MD5 Hash to the password variable
     $hash_cur_pass = md5($current_pass);
$hash_new_pass = md5($new_pass1);
$sql = mysql_query("SELECT * FROM x WHERE id='$idx' AND password='$hash_cur_pass'");
     $pass_check_num = mysql_num_rows($sql);

if ((!$current_pass) || (!$new_pass1) || (!$new_pass2)){ 
$errorMsg = 'Please fill in all fields';
}

if ($pass_check_num > 0) {
$sqlUpdate = mysql_query("UPDATE x SET password='$hash_new_pass' WHERE id='$id'");
$successMsg = 'Your password has been changed successfully.
<p><a href="profile.php">Click here to go to your profile</a></p>'; 

} else {
$errorMsg = 'Your current password did not match what we have on file.
<p><a href="change_pass.php">Try again</a></p>'; 
}


}

?>

Thanks in advance.

bradgrafelman · Nov 3, 2011

Try printing out the SQL query and visually inspecting it to see if it looks right. You might also try executing it manually (e.g. outside of your PHP script) to verify it shows the rows you expect it to. If it doesn't, then you need to find the row you expected it to show and figure out why that row didn't match the query's criteria.

NogDog · Nov 3, 2011

[COLOR="Red"]$id[/COLOR] = $_SESSION['idx'];

$sql = mysql_query("SELECT * FROM x WHERE id='[COLOR="Red"]$idx[/COLOR]' AND password='$hash_cur_pass'");

Derokorian · Nov 3, 2011

$sql = mysql_query("SELECT * FROM x WHERE id='$idx' AND password='$hash_cur_pass'");

$idx is undefined, you defined the id as $id earlier in the script (the correct variable name was used in the update query tho, which will never run with this one being wrong).

HTH

Change Password Page Problems

XxNeOx

Bbradgrafelman

NogDog

DDerokorian