Pebbles Pebbles - 1 month ago 8x
MySQL Question

How to make a change password PHP script work

I am a simpleton with less than a cursory knowledge of programming. I have a family web site where we share photos, videos, files and other resources. The site has a simple login feature that begins a session, and I want to be able to provide people with the ability to change their password once logged in.

The database is in MySQL and is extremely simple with only; ID, username, and, password columns (not encrypted or hashed at all).

When it comes to PHP and MySQL I tend to research other people's examples and make them my own, and with the login script I found this very easy to do. However, I have tried and tried and tried to find a PHP snippet that fits with my site and will allow users to change their passwords and have unfortunately failed at every attempt.

I am hoping that someone can assist me in developing what I have already to make it work for my site, any help will be hugely appreciated!

My form simply asks for the logged in user to enter a new password, and then confirm the same password:

<form name="frmChange" role="form" class="form-signin" method="POST" action="changepword_script.php">

<div class="form-group">

<label for="InputPassword2">New Password</label>
<input type="password" class="form-control" id="InputPassword2" placeholder="New Password" name="newPassword">
<label for="InputPassword3">Confirm New Password</label>
<input type="password" class="form-control" id="InputPassword3" placeholder="Confirm Password" name="confirmPassword"> </div>
<button class="btn btn-lrg btn-default btn-block" type="submit" value="send">Change it</button>



And my php script (also very simple) just needs to check that the passwords match and then update the database if they do (I have removed the IP address of the database and replaced with zeros):



if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {

$dbcon = mysql_connect ('', 'my_db_username', 'my_db_password')

$password1 = $_POST['newPassword'];
$password2 = $_POST['confirmPassword'];

$password1 = mysql_real_escape_string($password1);
$password2 = mysql_real_escape_string($password2);

if ($password1 <> $password2) { echo "Your passwords do not match.";}

if (mysql_query(UPDATE ebsmembers SET password='$password1' WHERE username='$session[username]'))
{echo "You have successfully changed your password.";}



Again, any help would be massively appreciated as I have really struggled with making this work!

Many thanks,


Tweaked a few things that where errors or didn't make sense to me. Also switched to mysqli_*.



if (!(isset($_SESSION['username']) || $_SESSION['username'] == ''))

$dbcon = mysqli_connect('', 'my_db_username', 'my_db_password', 'my_db_name') or die(mysqli_error($dbcon));

$password1 = mysqli_real_escape_string($dbcon, $_POST['newPassword']);
$password2 = mysqli_real_escape_string($dbcon, $_POST['confirmPassword']);
$username = mysqli_real_escape_string($dbcon, $_SESSION['username']);

if ($password1 <> $password2)
    echo "Your passwords do not match";
else if (mysqli_query($dbcon, "UPDATE ebsmembers SET password='$password1' WHERE username='$username'"))
    echo "You have successfully changed your password.";