Update Password Checker

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Philth
    New Member
    • Oct 2007
    • 38
    #1

    Update Password Checker

    Hi folks,

    Can anyone spot any problems with this? It's not returning any errors.

    Code:
    <?php 
// login2.php
include("connect_courses.php");

if(isset($_POST['Submit']) && $_POST['Submit'] == "Submit")
{

$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
$mynewpassword = $_POST['mynewpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM users WHERE username='$myusername'");
if(!$result) 
{ 
echo "The username you entered does not exist. <a href=index.php>Try Again</a>"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo "You entered an incorrect password. <a href=index.php>Try Again</a>"; 
} 
else
if($mynewpassword==$confirmnewpassword) 
    $sql=mysql_query("UPDATE users SET password='$mynewpassword' where username='$myusername'"); 
    if($sql) 
    { 
    echo "Congratulations! You have successfully changed your password."; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same. <a href=change_password_courses.php>Try Again</a>"; 
}  }  
?>
    Many thanks.
    Tags: None
    • Dormilich
      Recognized Expert Expert
      • Aug 2008
      • 8694
      #2
      why should it return any errors?

        Comment

        • Philth
          New Member
          • Oct 2007
          • 38
          #3
          By that I mean it's not echoing any of the messages.

            Comment

            • labmonkey111
              New Member
              • Sep 2008
              • 44
              #4
              The if-statement on line 25 is missing curly braces, the scope you seem to intend to have based on your indentation is not the way php will see it. As it is written, the only way you will have no output is if the first if statement evaluates to false, I would put an else for that statement to see if that is the case. A couple of other problems I see is you are not safeguarding again a mysql injection attack (run all user input through mysql_real_esca pe_string()), and you aren't doing any error checking on the query execution, so if there is an error with the sql, you won't know about it. Try this:
              Code:
              $sql=mysql_query("...") or die($qry."\n".mysql_error());

                Comment

                • pezhvak
                  Banned
                  New Member
                  • Jul 2009
                  • 17
                  #5
                  this line is wrong:
                  Code:
                  if(isset($_POST['Submit']) && $_POST['Submit'] == "Submit")
                  change it to:
                  Code:
                  if(isset($_POST['Submit']))
     if($_POST['Submit'] == "Submit")
                  why i do this::
                  in the first IF we check if "Submit" is set or not and in the second IF we check if value of "Submit" field are equal with "Submit" string or not

                  in the way you wrote if the "Submit" field isn't set the PHP will trigger an error about your second statement in your IF condition::
                  Code:
                  if(isset($_POST['Submit']) && $_POST['Submit'] == "Submit")
                  its why $_POST['submit'] is not set but you want to check if the value are equal with "Submit" or not...

                  i don't think this is the problem of your script, but i don't have enough time to read all of your script right now.. i will check it later,

                    Comment

                    • Dormilich
                      Recognized Expert Expert
                      • Aug 2008
                      • 8694
                      #6
                      Originally posted by pezhvak
                      this line is wrong:
                      Code:
                      if(isset($_POST['Submit']) && $_POST['Submit'] == "Submit")
                      not quite, if isset() returns false the second expression is not executed because the condition can never become true.

                        Comment

                        • Markus
                          Recognized Expert Expert
                          • Jun 2007
                          • 6092
                          #7
                          Originally posted by Dormilich
                          not quite, if isset() returns false the second expression is not executed because the condition can never become true.
                          Exactly. If one condition fails, the subsequent conditions are skipped (unless you are negating the condition).

                            Comment

                            • pezhvak
                              Banned
                              New Member
                              • Jul 2009
                              • 17
                              #8
                              ok... ok someone said that before..

                                Comment

                                Previous template Next
                                Working...