Oliver Whysall Oliver Whysall - 7 months ago 22
SQL Question

Changing User Password in PHP and mySQL

Found the answer!!



Found the answer after a long break from looking at it!

was just simply changing

$querynewpass = "UPDATE tz_members SET `pass`='".$_POST['$passwordnew1']."' WHERE usr='{$_SESSION['usr']}'";


to:

$querynewpass = "UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'";


just the simple md5 that i had missed off!

The Problem:



im trying to change a user password using a form where they enter their current password and a new password. it should check the mySQL database to see if their current password that was entered matches the current session user they are logged into and then update the mySQL database to the new password. Here is the script i have for it so far:

if($_POST['submit']=='Change')
{
// Checking whether the Password Change form has been submitted

$err = array();
// Will hold our errors


if(!$_POST['password1'] || !$_POST['passwordnew1'])
$err[] = 'All the fields must be filled in!';

if(!count($err))
{
$_POST['password1'] = mysql_real_escape_string($_POST['password1']);
$_POST['passwordnew1'] = mysql_real_escape_string($_POST['passwordnew1']);

// Escaping all input data

$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_SESSION['usr']}' AND pass='".md5($_POST['password1'])."'"));

if($row['usr'])
{
// If everything is OK change password

$querynewpass = "UPDATE user SET `password`='".$_POST['$passwordnew1']."' WHERE id='".$_SESSION['usr']."'";
$resultnewpass = mysql_query($querynewpass) or die(mysql_error());

}
else $err[]='Wrong Password To Start With!';
}

if($err)
$_SESSION['msg']['passwordchange-err'] = implode('<br />',$err);
// Save the error messages in the session

header("Location: index.php");
exit;
}


but it comes with an error "Table 'databasename.user' doesn't exist"
i have a login and register form that work using this method without error!

UPDATE:
i have a database that has a table called tz_members and the columns are id, pass, user, regIP and dt

my mysql query is now:

$querynewpass = "UPDATE tz_members SET `pass`='".$_POST['$passwordnew1']."' WHERE usr='{$_SESSION['usr']}'";


UPDATED AGAIN
adding the form code for you to see:

<!-- Pass Change Form -->
<form action="" method="post">
<?php

if($_SESSION['msg']['passwordchange-err'])
{
echo '<div class="err">'.$_SESSION['msg']['passwordchange-err'].'</div>';
unset($_SESSION['msg']['passwordchange-err']);
}

if($_SESSION['msg']['passwordchange-success'])
{
echo '<div class="success">'.$_SESSION['msg']['passwordchange-success'].'</div>';
unset($_SESSION['msg']['passwordchange-success']);
}
?>

<label class="grey" for="password1">Current Password:</label>
<input class="field" type="password" name="password1" id="password1" value="" size="23" />
<label class="grey" for="password">New Password:</label>
<input class="field" type="password" name="passwordnew1" id="passwordnew1" size="23" />
<input type="submit" name="submit" value="Change" class="bt_register" />
</form>

Answer

Your are using two different tables (and columns) in the two queries that seem to be related to the same table.

Check your schema and adjust the second query appropriately.

The second query should probably be something along the lines of:

$querynewpass = "UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'";