I have been trying my hardest to write a script that will allow a member to change his/her password after entering their old password then their new one twice to verify it. And every time it is not successful!! Can any body help me write this script? All help will be appreciated. Thanks.

In What language PHP or ASP?

php

I think this should work

<?php
$connection=mysql_connect("localhost","USERNAME"," PASSWORD");
$db=mysql_select_db("DATABASENAME",$connection);
$result = mysql_query("select password from passwordtable where username=$_POST['username']");
if(!$result)
{
echo "oops! The Username you entered does not exist";
}
else
if($_POST['password']!= mysql_result($result, 0))
{
echo "You entered an incorrect password";
}
else if($_POST['newpassword']!=$_POST['confirmnewpasssword'])
{
echo "The new password and confirm new password fields must be the same";
}
else
$sql=mysql_query(UPDATE passwordtable SET password=$_POST['newpassword'] where username=$_POST['username']);
if($sql)
{
echo "Congratulations You have successfully changed your password";
}
?>

ok i'll try it now...

i tried it but nothing happens, the page loads up blank and doesn't change the password. and yes i have included the right database info any ideas what it could be?

PHP Code:

<?php

include 'db.php';

$result = mysql_query("SELECT password FROM users WHERE username=$_POST['username']");
if(!$result)
{
echo "The username you entered does not exist";
}
else
if($_POST['password']!= mysql_result($result, 0))
{
echo "You entered an incorrect password";
}
else if($_POST['newpassword']!=$_POST['confirmnewpasssword'])
{
echo "The new password and confirm new password fields must be the same";
}
else
$sql=mysql_query(UPDATE users SET password=$_POST['newpassword'] where username=$_POST['username']);
if($sql)
{
echo "Congratulations You have successfully changed your password";
}
?>

Add an else after the last if to print out a message if the query did not execute properly. Did you check the table, Manson, to see if the change took?

yea i did, the password is still set to the randomly made one from joining.

Then I would say that the SQL execution failed at the mysql_query function call.

Can you confirm that your database has a table called users and that table have the columns password and username? And can you confirm that in the users table you have a row whose value in the value held in $_POST[username]? Is that value even valid?

I know it's a lot of questions, but if you can answer yes to all these, then we can try something else.

yep they are all there. and yes its valid. i use it in the login script.

would it work as $_SESSION['username'] instead rather than $_POST['username']?

the username is stored in the session until they are logged out so i dunno....lol. (still new at this)

Ok, no problem.

If the value is coming through in the $_POST array, let's just pull it from there.

You know what -- I just took a fresh look at the code. The SQL needs to be put into quotes.




........Actually, I'm surprised you didn't get a syntax error or another such error on this.

hehe ok, i see now, i'll add them then let ya know

well just tried it and no success!!! i just dnt get it! its still coming up blank! not even an error message

Common programming mistake is not verifying the userinput.
POST vars should be trimmed, checked for quotes and other special chars.

anyone have any other suggestions for a script then? instead of edit this one and try and figure out whats not happening, just re-write it, like i said i have tried and there is more chance of me winning th elottery than getting this right lol

As a test try this first script. Be sure to put a valid user name where the variable is defined.

If the first script works, then try the second script. Add your error trapping AFTER you know that the basic coding is working.


first script

PHP Code:

<?PHP

// make sure to connect to database here

$newpass = "itworks';
$username = "put a valid username in here";

$sql = "UPDATE users SET password='$newpass' where username='$username'";
$result = mysql_query($sql);

?>

Second script

PHP Code:

<?PHP

// make sure to connect to database here

$newpass = trim($_POST['newpassword'];
$username = trim($_POST['username'];

$sql = "UPDATE users SET password='$newpass' where username='$username'";
$result = mysql_query($sql);

?>

hth

Lite...

O K Buddy try this out
I had a look at the code given by me as well as yours and found some mistakes
First Sql queries should be within double quotes which krynt or someone has already pointed and you must have rectified it by now
Second inside an SQL query any variables like $_POST array and all should be within single quotes so here is the purified code

<?php

include 'db.php';

$result = mysql_query("SELECT password FROM users WHERE username='$_POST['username']' "); //Here was a mistake
if(!$result)
{
echo "The username you entered does not exist";
}
else
if($_POST['password']!= mysql_result($result, 0))
{
echo "You entered an incorrect password";
}
else if($_POST['newpassword']!=$_POST['confirmnewpasssword'])
{
echo "The new password and confirm new password fields must be the same";
}
else
$sql=mysql_query("UPDATE users SET password='$_POST['newpassword']' where username='$_POST['username']' ");
if($sql)
{
echo "Congratulations You have successfully changed your password";
}
?>

I am also new in php but i've got a good logic and programming skill
I was also trying to update a database sometimes back I saw that You get a blank document if there is any syntex error in your php script
To see the problem that i faced see the thread need help in dealing with forms in php and Mysql forum here You can search this thread or see all threads stsrted by me that is rungss

ok thanks guys, i will let you know with what happens

nup no luck, nothing is happening at all.

hey guys, i did a bit of fiddling around and got it to work finally! this is the final coding:

PHP Code:

<?php 

session_start();

include 'db.php'; 

$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo "You entered an incorrect password"; 
} 
if($newpassword=$confirmnewpassword) 
    $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>