Skip to content Skip to sidebar Skip to footer
Home / Html / Passwords / Php

Change Password In Mysql Table?

Post a Comment
Hi im having a problem with my change password script. im trying to allow a user to change their password in the mysql table 'ptb_users.password' it's suppose to store this as md5.

Solution 1: 

if(isset($_POST['submit']))
{

   $email = $_POST['email'];
   echo$newpassword = ($_POST['password1']);
   echo$confirmpasssword = ($_POST['password2']);

        if($newpassword=$confirmpassword) 
        {
            echo$newpassword = md5($newpassword);
            echo$result = mysql_query("UPDATE users SET password='$newpassword' WHERE email='$email' "); 
        }
                if($result) 
                { 
                echo"Thank You. Your Password has been successfully changed."; 
                }
            else
            { 
            echo"The new password and confirm password fields must be the same"; 
            }  
}

can anyone tell me is this correct coding, to change password and store in mysqldb.

Solution 2:

first you do not check the old password properly (md5 stored, plaintext compare... won't work) second you do not have any confirmpassword set, so this wont work too

what would work is:

$password = md5($_POST['password']);
$newpassword = md5($_POST['newpassword']);

$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']." AND password = '".$password."'");
if(!$result) 
{ 
echo"The username you entered does not exist or old password didn't match"; 
} 
else
{
     $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id'].""); 
}
if($sql) 
{ 
    echo"Thank You. Your Password has been successfully changed."; 
}

Solution 3:

There are many things wrong with this.

Let's get the basics out of the way first:

  1. Don't use mysql_ functions. switch to PDO or mysqli while you can.

  2. md5 is in its dying days. See this answer - understandably, you may be so entrenched in md5 you can't get out without pestering every user to update their pw.

Your problem then is this:

if($password!= mysql_result($result, 0))

You're not comparing against a md5 stored hash. It should be something like this:

if(md5($password) != mysql_result($result, 0))

and this:

if($newpassword=$confirmnewpassword)

is just reassigning a variable. I think you wanted

if($newpassword == $confirmnewpassword)

As for output, you may want to consider the if/else structures you're using here. This could be cleaned up significantly and all together looks out of date. Maybe just an opinion.

If you have a specific thing to hone in on, let me know and I may update.

EDIT

This whole block should be cleaned. Something like this may help:

if(!$result) 
{ 
    echo"The username you entered does not exist"; 
} 
else
{
    if(md5($password) != mysql_result($result, 0)) 
    { 
        echo"Current PW does not match what we have"; 
    }
    else
    {
        if($newpassword == $confirmnewpassword) 
        {
            $newpassword=md5($newpassword);
            $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."") ordie(mysql_error());

            if($sql) 
            { 
              echo"Thank You. Your Password has been successfully changed."; 
            } 
        }
        else
        { 
            echo"The new password and confirm new password fields must be the same"; 
        }
    } 
}

Post a Comment for "Change Password In Mysql Table?"