Solved

Change Password

Posted on 2003-10-31
12
384 Views
Last Modified: 2013-12-12
Hi i have created a login script using the tutorial follwing:
http://www.phpfreaks.com/tutorials/40/0.php

it send a generated password to the user via email but does not inlude a script to change the password after activation of the email address and username. Take a look at the link so you can see how the code works. I have got some code but get the follwing error:

Parse error: parse error, unexpected T_STRING in /changepw.php on line 10

Code: this code is called from a form on a html page
-----------------------------------------------changepw.php--------------------------------------

<?
function change_pass($old_pass1, $new_pass1, $new_pass2, $user) {
$oldpass = md5($old_pass1);
$queryoldpass = mysql_query("SELECT PASSWORD FROM users WHERE username = ".$user." AND password = ".$oldpass."");
if($new_pass1 == $new_pass2) {
   if($queryoldpass) {
      $newpass = md5($new_pass1);
        $updatepass = mysql_query("UPDATE PASSWORD FROM users WHERE PASSWORD = ".$oldpass." VALUES ('".$newpass."')";
      if(!$updatepass="") {
         echo "Error!";
         exit;
      } else {
         echo "Password Updated!";
      }
   } else {
      echo "Paswords DO NOT Match!";
   }
}
?>
-------------------------------------------------------------------------------------------



Thanks,

Web_Dev
0
Comment
Question by:web_dev
  • 8
  • 4
12 Comments
 
LVL 33

Expert Comment

by:snoyes_jw
ID: 9660936
exit is a function, and should therefore be written exit().  But that's line 11, so try it and post again if you get the same error.
0
 

Author Comment

by:web_dev
ID: 9660973
yeh that worked i got an error on line 8 saying unexpected ; so i took that out and now i get the following error

Parse error: parse error, unexpected T_IF in /changepw.php on line 9
0
 
LVL 33

Accepted Solution

by:
snoyes_jw earned 50 total points
ID: 9661263
There should be a ; at the end of the line; could be a mismatched quotes problem.  PHP will expand variables inside double quotes, so jumping in and out of double quotes is not necessary.  Your update query is not legal syntax, and even if it were, it would change everybody's password that happened to be the same, which would definitely upset some of the other users (just think of how many of your users are going to use "PASSWORD" for their password)

You're also going to have a problem with the logic of testing whether or not the old password matches, because your "if" statement is looking at whether mysql returns a result set at all, even if it's empty.

This might work a little better:

<?
function change_pass($old_pass1, $new_pass1, $new_pass2, $user) {
    if($new_pass1 == $new_pass2) {
        $queryoldpass = mysql_query("SELECT username FROM users WHERE username = '$user' AND password = '$oldpass'") or die(mysql_error());
        if(mysql_num_rows($queryoldpass) > 0) {
            $newpass = md5($new_pass1);
            mysql_query("UPDATE users SET password = '$newpass' WHERE username = '$user'") or die(mysql_error());
            echo "Password Updated!";
        }
        else
            echo "Wrong username/password";
    }
    else
        echo "Paswords DO NOT Match!";
}
?>
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:web_dev
ID: 9661295
ok i implemented your code and all i get is a blank page back....
0
 
LVL 33

Expert Comment

by:snoyes_jw
ID: 9661406
Are you calling the function?
0
 

Author Comment

by:web_dev
ID: 9661409
from where?
0
 

Author Comment

by:web_dev
ID: 9661410
and how?
0
 
LVL 33

Expert Comment

by:snoyes_jw
ID: 9663616
Someplace you have a form that prompts the user for their user name, old password, and new password, perhaps in a file called getnewpassword.html.  Then you submit that form to some page, perhaps called changepassword.php, which includes the function we're writing in this post.  Then you have to call the function with the variables from the form, something like

extract($HTTP_POST_VARS);
change_pass($old_pass, $new_pass1, $new_pass2, $user);

where old_pass, new_pass1, new_pass2, and user are the names of the form elements from the previous page (e.g., you have <input type="password" name="old_pass">)
0
 

Author Comment

by:web_dev
ID: 9663747
where do i put that in the form or top of the page? .....
0
 

Author Comment

by:web_dev
ID: 9664447
right i call the function at the top of the php page and it just displays wrong user/pass when details are correct i have check everything now cant change anything
0
 

Author Comment

by:web_dev
ID: 9665479
Hi i found out why it keeps displaying wrong username/password. I changed the password in the DB so it is not encrypted and it successfully changed the password. it doesn't match the old password with the encrypted password. how do i do that?
0
 

Author Comment

by:web_dev
ID: 9665482
Dont worry now i worked it out...what i done was to put

$oldpass = md5($old_pass1);

before the

$queryoldpass = mysql_query("SELECT username FROM users WHERE username = '$username' AND PASSWORD = '$oldpass'") or die(mysql_error());

Thanks for your help...

Web_Dev
     
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question