Solved

Changing password

Posted on 2007-04-11
10
191 Views
Last Modified: 2013-12-13
With following script I want to change passwords of users. But it doesn't change it correctly. After I change a password, I can't login with that password.

<?php
     if($id)
     {
            $sql2 = "SELECT name, level FROM users WHERE id = " .$id;
            //echo $sql2;
            $res = mysql_query($sql2) or die('QUERY_SELECT ERROR: <hr />' . mysql_error());
            $results = mysql_fetch_assoc($res);
            // if($_SERVER['REQUEST_METHOD'] == 'POST')
            if (isset($_POST['test']))
                {
                    //echo "title str len:".strlen(trim($_POST['name']));
                              //echo "article str len:".strlen(trim($_POST['pass']));
                    if ((strlen(trim($_POST['name'])) < 2) || (strlen(trim($_POST['pass'])) < 2))
                    {
                         $error = "One or both fields are empty. This is not allowed. Please fill something in.";
                    }    
                    if (empty($error))
                              {
                               //error is niet leeg dus query uitvoeren
                               $pass = md5($_POST['pass']);
                               $sql3 = 'UPDATE users SET pass ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string($_POST['pass']).'"  WHERE id = '. $id;
                               //echo $sql3;
                               $update = mysql_query($sql3) or die('QUERY_UPDATE ERROR: <hr />'. mysql_error());
                               echo "Changes have been made!";
                               }
                    else
                               {
                               //error is niet leeg dus error weergeven
                               echo $error;
                               }
                }
                                               
// form without PHP
?>
<!-- HIER FORMULIER -->
<form method="post" action="http://localhost/eindwerk2/pages/changinguser.php?id=<?=$id?> " style="margin-left:1px;">
<table>
      <tr>
            <td>
                  <input type="hidden" name="id" value="<?php echo $id; ?> " />
            </td>
      </tr>
      <tr>
            <td valign="top">
                  Username&nbsp;
            </td>
            <td>
                  <input type="text" name="name" value="<?php echo $results['name']; ?>"style="width:535px;" />
            </td>
      </tr>
      <tr>
            <td valign="top">
                  Password
            </td>
            <td>
                  <input type="password" name="pass" value="" />
            </td>
      </tr>
      <tr>
            <td></td>
            <td>
                  <input type="hidden" name="test" value="posted" />
                  <input type="submit" value="Change" />
            </td>
      </tr>
</table>
</form>    
<?php
}
?>
0
Comment
Question by:jvuz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 29

Accepted Solution

by:
TeRReF earned 500 total points
ID: 18887913
I assume your name column is called name :)

Change this line:
$sql3 = 'UPDATE users SET pass ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string($_POST['pass']).'"  WHERE id = '. $id;

into

$sql3 = 'UPDATE users SET name ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string($_POST['pass']).'"  WHERE id = '. $id;
0
 
LVL 21

Author Comment

by:jvuz
ID: 18887936
Thanx,

stupid mistake from me! But I still cannot login with the new password. Is it possible that I need to place the md5 somewhere else?
0
 
LVL 21

Author Comment

by:jvuz
ID: 18887958
That seems to work now
I changed this

$pass = md5($_POST['pass']);
                               $sql3 = 'UPDATE users SET name ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string($_POST['pass']).'"  WHERE id = '. $id;

into this

//$pass = md5($_POST['pass']);
                               $sql3 = 'UPDATE users SET name ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string(md5($_POST['pass'])).'"  WHERE id = '. $id;

But, it seems now that it changed the level into zero and it should keep the level in what it was before.
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 29

Expert Comment

by:TeRReF
ID: 18887963
Are you  sure the original passwords are already md5 encrypted?
You will have to test the passwords when they are both md5 encrypted, so at login, you would do something like (simplified without any error checking of course):

$passwd = md5($_POST['pass']);

Then compare it with the DB stored password...
0
 
LVL 29

Expert Comment

by:TeRReF
ID: 18887971
Oh wait, you did the right thing! What do you mean by level?
0
 
LVL 21

Author Comment

by:jvuz
ID: 18887991
Every user has a certain level (between 1 and 3). I already changed it into this

<?php
     if($id)
     {
            $sql2 = "SELECT name, level FROM users WHERE id = " .$id;
            //echo $sql2;
            $res = mysql_query($sql2) or die('QUERY_SELECT ERROR: <hr />' . mysql_error());
            $results = mysql_fetch_assoc($res);
            // if($_SERVER['REQUEST_METHOD'] == 'POST')
            if (isset($_POST['test']))
                {
                    //echo "title str len:".strlen(trim($_POST['name']));
                              //echo "article str len:".strlen(trim($_POST['pass']));
                    if ((strlen(trim($_POST['name'])) < 2) || (strlen(trim($_POST['pass'])) < 2))
                    {
                         $error = "One or both fields are empty. This is not allowed. Please fill something in.";
                    }    
                    if (empty($error))
                              {
                               //error is niet leeg dus query uitvoeren
                               $sql3 = 'UPDATE users SET name ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string(md5($_POST['pass'])).'", level="'.($_POST['level']).'"  WHERE id = '. $id;
                               //echo $sql3;
                               $update = mysql_query($sql3) or die('QUERY_UPDATE ERROR: <hr />'. mysql_error());
                               echo "Changes have been made!";
                               }
                    else
                               {
                               //error is niet leeg dus error weergeven
                               echo $error;
                               }
                }
                                               
// form without PHP
?>
<!-- HIER FORMULIER -->
<form method="post" action="http://localhost/eindwerk2/pages/changinguser.php?id=<?=$id?> " style="margin-left:1px;">
<table>
      <tr>
            <td>
                  <input type="hidden" name="id" value="<?php echo $id; ?> " />
            </td>
      </tr>
      <tr>
            <td valign="top">
                  Username&nbsp;
            </td>
            <td>
                  <input type="text" name="name" value="<?php echo $results['name']; ?>"style="width:535px;" />
            </td>
      </tr>
      <tr>
            <td valign="top">
                  Password
            </td>
            <td>
                  <input type="password" name="pass" value="" />
            </td>
      </tr>
      <tr>
            <td valign="top">
                  Level
            </td>
            <td>
                  <input type="text" name="level" value="<?php echo $results['level']; ?>"style="width:535px;" />
            </td>
      </tr>
      <tr>
            <td></td>
            <td>
                  <input type="hidden" name="test" value="posted" />
                  <input type="submit" value="Change" />
            </td>
      </tr>
</table>
</form>    
<?php
}
?>

it does the update. Now I was thinking about the password. Wouldn't it be better that it takes the password and put it in its inputbox, so that when I don't change a password it would not change it into a blank password?
0
 
LVL 29

Expert Comment

by:TeRReF
ID: 18888027
THat's a possibility, or you could test on it (like you do in a way, but more like this)
if (!empty($_POST['pass']))
  // password not empty, update it in query
else
  // password empty, skip the update in the query
0
 
LVL 21

Author Comment

by:jvuz
ID: 18888043
OK, thanx, another question. I get the level from the db. Is it possible to put it in a selection list (or dropdownlist)? That way, it can never be anythin else then 1, 2 or 3 because that will be the only options?
0
 
LVL 29

Expert Comment

by:TeRReF
ID: 18888058
Yes, that is possible indeed, just generate some HTML from the result (something like this (not tested, but you'll get the idea)):

$html = '<select name="whatever">';
$res = mysql_query('SELECT level etc...');
while ($row = mysql_fetch_array($res)) {
  $html .= '<option value="'.$row['level'].'">'.$row['level'].'</option>';
}
$html .= '</select>';
0
 
LVL 5

Expert Comment

by:PatrickAdrichem
ID: 18893113
Dunno if its been said yet

but ehm

$pass = md5($_POST['pass']);  // <--- doesnt do anything since your using the post value in the DB again!!!
                               $sql3 = 'UPDATE users SET name ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string($_POST['pass']).'"  WHERE id = '. $id;

-----

$pass = md5($_POST['pass']);
                               $sql3 = 'UPDATE users SET name ="'. mysql_real_escape_string($_POST['name']).'" , pass = "'. mysql_real_escape_string($pass).'"  WHERE id = '. $id; // now its used..
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question