Changing password - Codewalkers

Codewalkers Forums Sponsor:

You eat, breathe and sleep innovation. Build your mobile intelligence with BlackBerry® experts this July. Register Today!

September 26th, 2002, 11:59 AM

Anonymous

Registered User

Codewalkers God 35th Plane (22000 - 22499 posts)

Join Date: Apr 2007

Posts: 22,309

Time spent in forums: < 1 sec
Reputation Power: 24

Changing password

hello,

I'm trying to change the password of the user(admin).I want the user to type his old password and a new password twice.If the old password is the same as that of in the table and the new password which is typed twice is same, the table is updated with the new password else it has to display the error message.The password is stored in the encrypted form, i.e using Md5.Could somebody pls tell me where the error is.
Many thanks

Code:

<?

include "../dbconnection.ini";

if (isset($submit) && isset($oldpassword))
    {
if ($newpassword <> $newpassword2)
        {
echo "New passwords do not match. Please re-enter passwords!";
        exit;
        }
        else
        	 {
$sql="update TBL_USER set USER_PASSWORD= '".md5($newpassword)."' where USER_NAME ='admin' AND USER_PASSWORD= '".md5($oldpassword)."'";
      $result=ibase_query($connection,$sql);
      if (!$result)
      {
echo "Error executing the update statement. <br/>Interbase Reported:".ibase_errmsg()." <br/>".
      "SQL=$sql<br />n";
      }
      else
      	{
      echo "Password successfully changed!";
      	}
      		}
   }
	else
         {
   echo"<link rel="stylesheet" type="text/css" href="../formate.css">";
   echo"<form action="$PHP_SELF" method="POST">n";
   echo"<h4>Change administrator password</h4>";
   echo"<table border="0" width="364" height="1">
   <tr>
   <td width="185" height="17">Old password</font></td>
   <td width="163" height="17">
   <p><input type="password" name="oldpassword"></p></td>
   </tr>
   <tr>
   <td width="185" height="17">New password</font></td>
   <td width="163" height="17">
   <p><input type="password" name="newpassword"></p>
   </td>
   </tr>
   <tr>
   <td width="185" height="1">Repeat new password</font></td>
   <td width="163" height="1"><input type="password" name="newpassword2"></td>
   </tr>
   </table>
   ";
  echo"<input type="submit" value="submit" name="submit">";
  echo"</form></body></html>";
  	   }
?>

September 26th, 2002, 12:17 PM

Anonymous

Registered User

Join Date: Apr 2007

Posts: 22,309

Time spent in forums: < 1 sec
Reputation Power: 24

I fixed it

September 26th, 2002, 12:22 PM

Matt

Moderator

Codewalkers Specialist (4000 - 4499 posts)

Join Date: Apr 2007

Location: Florida

Posts: 4,158

Time spent in forums: 4 h 10 m 20 sec
Reputation Power: 6

RE: Changing password

Well, if you are getting an error message, please post that....

One logic error I see though is this:

php Code:

Original - php Code
$sql="update TBL_USER set USER_PASSWORD= '".md5($newpassword)."' where USER_NAME ='admin' AND USER_PASSWORD= '".md5($oldpassword)."'"; $result=ibase_query($connection,$sql); if (!$result) {

$sql="update TBL_USER set USER_PASSWORD= '".md5($newpassword)."' where USER_NAME ='admin' AND USER_PASSWORD= '".md5($oldpassword)."'";
      $result=ibase_query($connection,$sql);
      if (!$result)
      {

As long as it is a valid query (which it appears to be), it will always return true. So even if the old password does not match the one in the database, it will report that the password was changed even though it hasn't been. The better way would be to do a select query for the admin name and old password, if you get a any rows back, then update with the new password.

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: