Change Password Script...
Posted: Sun Apr 29, 2012 11:30 pm
ok i know how you said not to use all if statements but this is easier for me to understand also i need help with my change password script... i do not know how to make it change the password also it keeps saying incorrect password when i try to change it.
changepass.php:
[syntax=php]<?php
include('core/init.inc.php');
?>
<html>
<head>
<title>CHANGE PASSWORD</title>
</head>
<body>
<form action="changepass.php?act=true" method="post">
<table cellpadding="2" cellspacing="2" border="1">
<tr>
<td colspan="2"><label><b>Change Password</b></label></td>
</tr>
<tr>
<td>Old Password:</td>
<td><input type="password" value="" name="pass" /></td>
</tr>
<tr>
<td>New Password:</td>
<td><input type="password" value="" name="cpass" /></td>
</tr>
<tr>
<td>Confirm New Password:</td>
<td><input type="password" value="" name="crepass" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Change Password" name="submit" /></td>
</tr>
</form>
<?php
if ($_GET['act'] == true){
if ($_POST['submit']){
$user = $_SESSION['user_username'];
$pass = htmlspecialchars($_POST['pass']);
$cpass = htmlspecialchars($_POST['cpass']);
$crepass = htmlspecialchars($_POST['crepass']);
if ($pass && $cpass && $crepass){
$query1 = sprintf("SELECT * FROM users WHERE user_username='$user'", mysql_real_escape_string($user_username));
while ($row = mysql_fetch_assoc($query1)){
$dbpass = $row['pass'];
}
if ($pass == $dbpass){
if ($cpass == $crepass){
mysql_query("UPDATE users SET user_password='$crepass' WHERE user_username='$user'");
echo "<script>
alert('Your password has been changed!');
</script>
<meta http-equiv='refresh' content='1;url=index.php'>";
} else {
echo "The passwords in both of the fields do not match!";
}
} else {
echo "The password is incorrect.";
}
} else {
echo "Please fill in all of the fields.";
}
}
}
?>
</body>
<html>[/syntax]
changepass.php:
[syntax=php]<?php
include('core/init.inc.php');
?>
<html>
<head>
<title>CHANGE PASSWORD</title>
</head>
<body>
<form action="changepass.php?act=true" method="post">
<table cellpadding="2" cellspacing="2" border="1">
<tr>
<td colspan="2"><label><b>Change Password</b></label></td>
</tr>
<tr>
<td>Old Password:</td>
<td><input type="password" value="" name="pass" /></td>
</tr>
<tr>
<td>New Password:</td>
<td><input type="password" value="" name="cpass" /></td>
</tr>
<tr>
<td>Confirm New Password:</td>
<td><input type="password" value="" name="crepass" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Change Password" name="submit" /></td>
</tr>
</form>
<?php
if ($_GET['act'] == true){
if ($_POST['submit']){
$user = $_SESSION['user_username'];
$pass = htmlspecialchars($_POST['pass']);
$cpass = htmlspecialchars($_POST['cpass']);
$crepass = htmlspecialchars($_POST['crepass']);
if ($pass && $cpass && $crepass){
$query1 = sprintf("SELECT * FROM users WHERE user_username='$user'", mysql_real_escape_string($user_username));
while ($row = mysql_fetch_assoc($query1)){
$dbpass = $row['pass'];
}
if ($pass == $dbpass){
if ($cpass == $crepass){
mysql_query("UPDATE users SET user_password='$crepass' WHERE user_username='$user'");
echo "<script>
alert('Your password has been changed!');
</script>
<meta http-equiv='refresh' content='1;url=index.php'>";
} else {
echo "The passwords in both of the fields do not match!";
}
} else {
echo "The password is incorrect.";
}
} else {
echo "Please fill in all of the fields.";
}
}
}
?>
</body>
<html>[/syntax]