Change Password Script...
Posted: Sun Apr 29, 2012 11:30 pm
ok i know how you said not to use all if statements but this is easier for me to understand also i need help with my change password script... i do not know how to make it change the password also it keeps saying incorrect password when i try to change it.
changepass.php:
changepass.php:
<?php include('core/init.inc.php'); ?> <html> <head> <title>CHANGE PASSWORD</title> </head> <body> <form action="changepass.php?act=true" method="post"> <table cellpadding="2" cellspacing="2" border="1"> <tr> <td colspan="2"><label><b>Change Password</b></label></td> </tr> <tr> <td>Old Password:</td> <td><input type="password" value="" name="pass" /></td> </tr> <tr> <td>New Password:</td> <td><input type="password" value="" name="cpass" /></td> </tr> <tr> <td>Confirm New Password:</td> <td><input type="password" value="" name="crepass" /></td> </tr> <tr> <td colspan="2"><input type="submit" value="Change Password" name="submit" /></td> </tr> </form> <?php if ($_GET['act'] == true){ if ($_POST['submit']){ $user = $_SESSION['user_username']; $pass = htmlspecialchars($_POST['pass']); $cpass = htmlspecialchars($_POST['cpass']); $crepass = htmlspecialchars($_POST['crepass']); if ($pass && $cpass && $crepass){ $query1 = sprintf("SELECT * FROM users WHERE user_username='$user'", mysql_real_escape_string($user_username)); while ($row = mysql_fetch_assoc($query1)){ $dbpass = $row['pass']; } if ($pass == $dbpass){ if ($cpass == $crepass){ mysql_query("UPDATE users SET user_password='$crepass' WHERE user_username='$user'"); echo "<script> alert('Your password has been changed!'); </script> <meta http-equiv='refresh' content='1;url=index.php'>"; } else { echo "The passwords in both of the fields do not match!"; } } else { echo "The password is incorrect."; } } else { echo "Please fill in all of the fields."; } } } ?> </body> <html>