Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: Change Password

  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Change Password

    Hello, I'm having problems with my script not working the way that I want it to. See what I want it to do is first check and see if there is a user_id up in the address bar, and if there is move on to grabbing the random_key user_id from the table called recovery. Once it does that, its suppose to check the one key that was submitted to the database and see if the one thats in the database matches the one thats in the URL. If thats true, then display a form that they can then change their password. But its not doing that at all. No errors are being displayed as well, so I'm confused what I'm doing wroing. I do realize that this may not be the best way to do things. Please do understand that I do not run my own website that people will be using this feature on my site. This is just for learning purposes only. This is just so that I can looking from my wrongs and rights, once I understand what I'm doing a lot better, then I'll worry about other things such as making a more secure website. Heres the PHP code:


    PHP Code:

    <?php

    if($_GET['user_id'] !='')
       
         {
         
         include(
    'db.php');
         
         
    $query mysql_query("SELECT user_id, random_key FROM recovery WHERE user_id = '$user_id'") or die('Database error: ' mysql_error());
         
         if(
    mysql_num_row($query) == 1)
         
           {
           
           
    $row mysql_fetch_assoc($query);
           
           if(
    $_GET['key'] != $row['random_key'] && $_GET['user_id'] != $row['user_id'])
             {
             
             
    $error 'Error';
             
             }
             else
             {
             
             
    $newpass $_POST['newpass'];
             
             
    $sql mysql_query("UPDATE INTO users SET password = '$newpass'") or die('Database error: ' mysql_error());
             
             echo 
    '<form action="" method="post">
             <input name="newpass" type="password" />
             <input name="retype" type="password" />
             <input name="submit" type="submit" value="Change Password" />
             </form>'
    ;

             
             }
             }
             else
             {
             
    $error 'Error:';
             }
             }
             
    ?>

    Thanks guys,

    Jon W(Newbie)
    Last edited by Jon W; 01-18-2008 at 01:07 PM.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,864
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    I think there must be some change in the logic, say
    1) Check the random key & userid in the url, if a match found display a form to enter new password.
    2)Put hidden fields to store the usrid&random key and post the form along with these info.
    3)Now, in the POST you can again check for integrity and then do the other stuffs.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Hrmm.. I'm kinda confused on what you mean there. Can you example yourself a little better?

    Thanks
    Jon
    Last edited by Jon W; 01-18-2008 at 02:12 PM.

  • #4
    Regular Coder
    Join Date
    Mar 2007
    Location
    Quebec
    Posts
    261
    Thanks
    6
    Thanked 7 Times in 7 Posts
    First off, this
    PHP Code:
    if(mysql_num_row($query) == 1
    should be
    PHP Code:
    if(mysql_num_rows($query) == 1
    (notice the s at the end of rows).

    I see you've set an error variable, but its never being echoed out anywhere.
    Finally in your SQL query, you seem to be using the variable $user_id, but I haven't seen it be initialized anywhere?
    PHP Code:
    WHERE user_id '$user_id'") 
    So fixing the few things pointed out should fix it... I think
    PHP Code:
    <?php

    if($_GET['user_id'] !='')
       
         {
         
         include(
    'db.php');
         
    $user_id $_GET['user_id'];
         
    $query mysql_query("SELECT user_id, random_key FROM recovery WHERE user_id = '$user_id'") or die ('Database error: ' mysql_error());
         
         if(
    mysql_num_rows($query) == 1)
         
           {
           
           
    $row mysql_fetch_assoc($query);
           
           if(
    $_GET['key'] != $row['random_key'] && $_GET['user_id'] != $row['user_id'])
             {
             
             
    $error 'Error';
             
             }
             else
             {
             
             
    $newpass $_POST['newpass'];
             
             
    $sql mysql_query("UPDATE INTO users SET password = '$newpass'") or die('Database error: ' mysql_error());
             
             echo 
    '<form action="" method="post">
             <input name="newpass" type="password" />
             <input name="retype" type="password" />
             <input name="submit" type="submit" value="Change Password" />
             </form>'
    ;

             
             }
             }
             else
             {
             
    $error 'Error:';
             }
             }
            
    //added this in to check for errors
            
    if(isset($error)){
              echo 
    $error;
            }
    ?>

  • #5
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,864
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    else
    {

    $newpass = $_POST['newpass'];

    $sql = mysql_query("UPDATE INTO users SET password = '$newpass'") or die('Database error: ' . mysql_error());

    echo '<form action="" method="post">
    <input name="newpass" type="password" />
    <input name="retype" type="password" />
    <input name="submit" type="submit" value="Change Password" />
    </form>';


    }
    You've put your update query and display form in the same case. How can you expect this? If update is OK then why do you want to display the form again?
    Also have a look at mysql update syntax
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •