JOP
Reputation: 35
PHP: change password
I am implementing a password change function for my website. Unofortunately it doesn't work.
In the .html file I got the code:
<form method='post' >
<td>Old Password:</td>
<td><input name='oldpw' type='password' required='required'/></td>
<tr>
<td>New Password:</td>
<td><input name='newpw' type='password' required = 'required' /></td>
<tr>
<td>Confirm Password:</td>
<td><input name='conpw' type='password' required = 'required' /></td>
<td>
<input type='submit' value='Change Password' />
</td>
</tr>
</form>
In the account.php file I wrote this:
if (isset($_POST['newpw'])){
$pw=$dbc->query("select passwort from kundenaccount where accname= '" . $_SESSION['accname'] . "';")
$row = $pw->fetch_object()
$pawo = $row->passwort
if (md5($_POST['oldpw']) == $pawo){
if ($_POST['newpw']==$_POST['conpw']){
$dbc->query("UPDATE accname SET passwort='" . md5($_POST['newpw']) . "' WHERE accname='" . $_SESSION['accname'] . "';")
}
else { echo "Passwords do not match" }
}
else { echo "Wrong password entered"}
}
Do anyone see my mistake? I try to solve this problem since days..
Hope anyone can help.
Thanks
Upvotes: 2
Views: 8486
Answers (4)
Henri Thiesen
Reputation: 9
Another solution to the problem
<?php
include ('connect_db.php');
if(isset($_POST['submit']))
{
$oldpw = $_POST ['oldpw'];
$newpw = $_POST ['newpw'];
$retypepw = $_POST ['retypepw'];
$sql = mysql_query("SELECT * FROM users WHERE password = '$oldpw'") or die (mysql_error());
if ($sql)
{
$row = mysql_fetch_array($sql);
extract ($row);
if ($oldpw <> $password) {
echo "Passwords dont match";}
else
if ($newpw == $retypepw){
$update = mysql_query("UPDATE users SET password = '$newpw' WHERE password = '$oldpw' ") or die (mysql_error());
if($update)
{
echo "Successfully changed password"; }
}
else { echo "Password dont match";}
}
}
?>
Upvotes: 0
user2067005
Reputation: 839
Try this on your form:
<form method='post' action='account.php'>
UPDATE:
I went through and made the script for my database, works fine. change values where needed:
<?php
$dbc = new mysqli("localhost", "db-user", "db-pass", "db-name");
if (isset($_POST['newpw'])){
$pw=@$dbc->query("select passwort from kundenaccount where accname= '" . $_SESSION["accname"] . "'");
$row = $pw->fetch_object();
$pawo = $row->password ;
if (md5($_POST['oldpw'])== $pawo){
if ($_POST['newpw']==$_POST['conpw']){
@$dbc->query("UPDATE kundenaccount SET passwort='" . md5($_POST['newpw']) . "' WHERE accname='" . $_SESSION['accname'] . "'");
}
else { echo "Passwords do not match"; }
}
else { echo "Wrong password entered";}
}
?>
Upvotes: 2
mpapec
Reputation: 50677
if ($_POST['oldpw']==md5($pawo))
should be
if (md5($_POST['oldpw']) == $pawo)
Upvotes: 1
immulatin
Reputation: 2118
md5 is a one way hash so you cannot undo it, you should compare the other way.
if (md5($_POST['oldpw'])==$pawo){
NOTE: MD5 is not considered secure, I would upgrade to some other algorithm..
Upvotes: 0
Related Questions
- Changing a password PHP MySQL
- Change password using php
- Php 5.5 change password
- Change Password in PHP
- changing password in php/codeigniter
- Error With Change Password Script in PHP
- change password function
- Changing password problems in PHP
- Change Linux User password from PHP script
- Php, update password without login?