In the Below code i have Current password, new password and repeat new password fields but i don't want current password field to change password.
Note : I want only new password and repeat new password in the form.
<?php
session_start();
$user = $_SESSION['username'];
if (isset($_SESSION['username']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include_once "connect_to_mysql.php";
$queryget = mysql_query("SELECT password FROM members WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE members SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='login.php'> Login Again</a>");
}
else
die("New password doesn't match!");
}else
die("Old password doesn't match!");
}
else
{
echo"
<form action='change_password.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
Try with this code:
<?php
session_start();
$user = $_SESSION['username'];
if (isset($_SESSION['username']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include_once "connect_to_mysql.php";
$queryget = mysql_query("SELECT password FROM members WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE members SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='login.php'> Login Again</a>");
}
else {
die("New password doesn't match!");
}
else
{
echo"
<form action='change_password.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
Remove old password field from your form as well remove if condition which checks your old password in database with old password to form
here is code you may need
<?php
session_start();
$user = $_SESSION['username'];
if (isset($_SESSION['username']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include_once "connect_to_mysql.php";
$queryget = mysql_query("SELECT password FROM members WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE members SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='login.php'> Login Again</a>");
}
else
die("New password doesn't match!");
}
else
{
echo"
<form action='change_password.php' method='POST'>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
Related
A part of a website I am making gives the option to the user to change their password. I have configured this code and it works fine.
I now want to add a form to the same page, that gives the user an option to change their USERNAME instead. (Individually, so they change their username but don't change the password).
Do I need to repeat the exact same following code and paste it beneath it, obviously adapting particular words to be for the username not password, or is there a way I can ADD to the existing code so that its one single processing code? How do I do this? So for example the first line:
if ($submit == 'Change Password') {,
in my head in English language, I'd like the code to say IF 'change password' OR the 'change username' button is submitted... do the following code etc.
//processing code
<?php
require_once('checklog.php');
require_once('functions.php');
// Grab the form data
$submit = trim($_POST['submit']);
$password = trim($_POST['password']);
$newpassword = trim($_POST['newpassword']);
$repeatpassword = trim($_POST['repeatpassword']);
// Create some variables to hold output data
$message = '';
// Start to use PHP session
session_start();
if ($submit == 'Change Password') {
include_once('connect.php');
mysqli_select_db($db_server, $db_database) or die("Couldn't find db");
//clean the input now that we have a db connection
$password = clean_string($db_server, $password);
$newpassword = clean_string($db_server, $newpassword);
$username = $_SESSION['username'];
$repeatpassword = clean_string($db_server, $repeatpassword);
if ($password && $newpassword) {
if ($repeatpassword == $newpassword) {
if (strlen($newpassword) > 25 || strlen($newpassword) < 6) {
$message = "Password must be 6-25 characters long";
} else {
// check whether username exists
$password = salt($password);
$query = "SELECT username FROM users WHERE username='$username' and password='$password'";
$result = mysqli_query($db_server, $query);
//if theres a result change password to new password
if ($row = mysqli_fetch_array($result)) {
$newpassword = salt($newpassword);
$repeatpassword = salt($repeatpassword);
//update password
$query = "UPDATE users SET password='$newpassword' WHERE username='$username'";
mysqli_query($db_server, $query) or die("Update failed. " . mysqli_error($db_server));
$message = "<strong>Password change successful!</strong>";
} else {
$message = "User account not found.";
}
mysqli_free_result($result);
}
} else {
$message = "Password must match";
}
} else {
$message = "Please enter all fields";
}
include_once('db_close.php');
}
include_once('header_logged.php');
?>
// the forms to change the password or username
!--change password form -->
To change your Password:
<form method="post" action="changepassword.php">
Current password: <input type='password' name='password'>
<br>
<br>
New Password: <input type='password' name='newpassword'>
<br>
<br>
Repeat New Password: <input type='password' name='repeatpassword'>
<input type='submit' name='submit' value='Change Password'>
<input type='reset' name='reset' value='Reset'>
</form>
<p><strong><?php
echo $message;
?></strong></p>
<!--change username form -->
To change your Username:
<form method="post" action="changepassword.php">
Current Username: <input type='username' name='username'>
<br>
<br>
New Username: <input type='username' name='newusername'>
<br>
<br>
Repeat New Username: <input type='username' name='repeatusername'>
<input type='submit' name='change' value='Change Username'>
<input type='reset' name='reset' value='Reset'>
</form>
Thanks for any help, very much appreciated.
use this:
if(isset($_POST['submit']) || isset($_POST['change'])){
//write your code here
}
I've just created a page where users are able to change details such as their password and email address. It works, but now I want to allow a user to change their email without having to change their password as well.
So basically, if a user only wanted to change their email it will update in the database without having to change their password as well.
How would I do this?
Code:
<title>Honda |</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
<link href="../css/style.css" rel="stylesheet" type="text/css" media="all"/>
<?php
session_start();
$username = $_SESSION['sess_user'];
echo '<div class="search1"><h2>' . $username . '</h2></div>';
if (isset($_SESSION['sess_user'])) {
//user is logged in
if (isset($_POST['submit'])) {
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$email = $_POST['email'];
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('../includes/config.php');
$queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword == $oldpassworddb) {
//check two new passwords
if ($newpassword == $repeatnewpassword) {
//successs
//change password in db
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
die("<div class='successmate'>Your password has been changed. <a href='index2.php'><br><br> Return</a></div>");
} else
die("<div class='results'>New password doesn't match!</div>");
} else
die("<div class='results'>Old password doesn't match!</div>");
} else {
echo "
<form class='search1' action='changepassword.php' method='POST'>
<label>Current Password:</label> <input type='password' id='password' name='oldpassword'><p>
<label>New Password:</label> <input type='password' id='password' name='newpassword'><p>
<label>Repeat New Password:</label> <input type='password' name='repeatnewpassword'><p>
<label>Email:</label> <input type='email' name='email'><p>
<input type='submit' name='submit' class='submit' value='submit'><br><br><br>
<h2><p><a href='index2.php'>Back</a></p></h2>
</form>
";
}
} else
die ("You must be logged in to change your password");
?>
<img src="../images/main.jpg">
Any help would be appreciated!
EDIT-Michael:
<title>Honda |</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
<link href="../css/style.css" rel="stylesheet" type="text/css" media="all" />
<?php
session_start();
$username = $_SESSION['sess_user'];
echo '<div class="search1"><h2>'.$username.'</h2></div>';
if (isset($_SESSION['sess_user']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$email = $_POST['email'];
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('../includes/config.php');
$queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
if ($newpassword==$repeatnewpassword)
{
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
}}
if (isset($_POST['email']) AND $_POST['email'] != '') {
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
die("<div class='successmate'>Your password has been changed. <a href='index2.php'><br><br> Return</a></div>");
}
else
die("<div class='results'>New password doesn't match!</div>");
}else
die("<div class='results'>Old password doesn't match!</div>");
}
else
{
echo"
<form class='search1' action='changepassword.php' method='POST'>
<label>Current Password:</label> <input type='password' id='password' name='oldpassword'><p>
<label>New Password:</label> <input type='password' id='password' name='newpassword'><p>
<label>Repeat New Password:</label> <input type='password' name='repeatnewpassword'><p>
<label>Email:</label> <input type='email' name='email'><p>
<input type='submit' name='submit' class='submit' value='submit'><br><br><br>
<h2><p><a href='index2.php'>Back</a></p></h2>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
<img src="../images/main.jpg">
You can change your code as follows:
//successs
//change password in db
if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
if ($newpassword==$repeatnewpassword)
{
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
}}
if (isset($_POST['email']) AND $_POST['email'] != '') {
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
die("<div class='successmate'>Your password has been changed. <a href='index2.php'><br><br> Return</a></div>");
}
EDIT
Complete Page:
$username = $_SESSION['sess_user'];
echo '<div class="search1"><h2>'.$username.'</h2></div>';
if (isset($_SESSION['sess_user']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$email = $_POST['email'];
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('../includes/config.php');
$queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
if ($newpassword==$repeatnewpassword)
{
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
echo "Password changed";
}
else {echo "New PASSWORDs doesn't match";}
}
}
else {echo "New PASSWORDs doesn't match";}
if (isset($_POST['email']) AND $_POST['email'] != '') {
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
echo "EMAIL changed";
}}
else
{
echo"
<form class='search1' action='changepassword.php' method='POST'>
<label>Current Password:</label> <input type='password' id='password' name='oldpassword'><p>
<label>New Password:</label> <input type='password' id='password' name='newpassword'><p>
<label>Repeat New Password:</label> <input type='password' name='repeatnewpassword'><p>
<label>Email:</label> <input type='email' name='email'><p>
<input type='submit' name='submit' class='submit' value='submit'><br><br><br>
<h2><p><a href='index2.php'>Back</a></p></h2>
</form>
";
}}
else
die ("You must be logged in to change your password");
?>
<img src="../images/main.jpg">
Do a check to see if they are interested in resetting anything else other than email:
if (isset($_POST['submit'])) {
//start changing password
//check fields
if(isset($_POST['oldpassword']) && (! empty($_POST['oldpassword']))){
//password was posted, they may want to change it
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
}
...
just created a 'changedetails.php' page where users are able to change their details such as 'password' and 'email'. They all work successful but I am trying to allow a user to change their email without having to change their password as well.
So basically, if a user only wanted to change their email it will update in the DB without having to change their passwords.
Code:
<title>Honda |</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
<link href="../css/style.css" rel="stylesheet" type="text/css" media="all" />
<?php
session_start();
$username = $_SESSION['sess_user'];
echo '<div class="search1"><h2>'.$username.'</h2></div>';
if (isset($_SESSION['sess_user'])) {
//user is logged in
if (isset($_POST['submit'])) {
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$email = $_POST['email'];
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('../includes/config.php');
$queryget = mysql_query("SELECT password
FROM login
WHERE username='$username'")
or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb) {
//check two new passwords
if ($newpassword==$repeatnewpassword) {
//successs
//change password in db
$querychange = mysql_query("UPDATE login
SET password='$newpassword'
WHERE username='$username'");
$querychange = mysql_query("UPDATE login
SET email='$email'
WHERE username='$username'");
die("<div class='successmate'>
Your password has been changed. <a href='index2.php'>
<br><br> Return</a></div>");
} else {
die("<div class='results'>New password doesn't match!</div>");
}
} else {
die("<div class='results'>Old password doesn't match!</div>");
}
} else {
echo "<form class='search1' action='changepassword.php' method='POST'>";
echo "<label>Old Password:</label> <input type='password' id='password' name='oldpassword'>";
echo "<p><label>New Password:</label> ";
echo "<input type='password' id='password' name='newpassword'>";
echo "<p><label>Repeat New Password:</label> ";
echo "<input type='password' name='repeatnewpassword'><p>";
echo "<label>Email:</label> <input type='email' name='email'>";
echo "<p><input type='submit' name='submit' class='submit' value='submit'>";
echo "<br><br><br><h2><p><a href='index2.php'>Back</a></p></h2></form>";
}
} else {
die ("You must be logged in to change your password");
}
?>
<img src="../images/main.jpg">
Thanks!
UPDATE 2:
if ($newpassword != "") {
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
}
else
die("<div class='results'>New password doesn't match!</div>");
}else
die("<div class='results'>Old password doesn't match!</div>");
}
}
if ($email != "") {
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
die("<div class='successmate'>Your password has been changed. <a href='index2.php'><br><br> Return</a></div>");
}
}
else
{
echo"
<form class='search1' action='changepassword.php' method='POST'>
<label>Current Password:</label> <input type='password' id='password' name='oldpassword'><p>
<label>New Password:</label> <input type='password' id='password' name='newpassword'><p>
<label>Repeat New Password:</label> <input type='password' name='repeatnewpassword'><p>
<label>Email:</label> <input type='email' name='email'><p>
<input type='submit' name='submit' class='submit' value='submit'><br><br><br>
<h2><p><a href='index2.php'>Back</a></p></h2>
</form>
";
}
{else
die ("You must be logged in to change your password");
?>
The problem is you are running the 2 queries right after each other, you need to add a check to see if password is blank, then skip password query, if email is blank then skip email query
EDIT:
if ($newpassword != "") {
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
else
die("<div class='results'>New password doesn't match!</div>");
}else
die("<div class='results'>Old password doesn't match!</div>");
}
}
if ($email != "") {
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
die("<div class='successmate'>Your password has been changed. <a href='index2.php'><br><br> Return</a></div>");
}
FULL CODE SET(Requested by OP)
<title>Honda |</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
<link href="../css/style.css" rel="stylesheet" type="text/css" media="all" />
<?php
session_start();
$username = $_SESSION['sess_user'];
echo '<div class="search1"><h2>'.$username.'</h2></div>';
if (isset($_SESSION['sess_user'])) {
//user is logged in
if (isset($_POST['submit'])) {
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$email = $_POST['email'];
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('../includes/config.php');
$queryget = mysql_query("SELECT password FROM login WHERE username='$username'")
or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
if ($newpassword != "") {
//check passwords
if ($oldpassword==$oldpassworddb) {
//check two new passwords
if ($newpassword==$repeatnewpassword) {
//successs
//change password in db
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
die("<div class='successmate'>
Your password has been changed. <a href='index2.php'>
<br><br> Return</a></div>");
} else {
die("<div class='results'>New password doesn't match!</div>");
}
} else {
die("<div class='results'>Old password doesn't match!</div>");
}
}
if ($email != "") {
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
die("<div class='successmate'>
Your email been changed. <a href='index2.php'>
<br><br> Return</a></div>");
}
} else {
echo "<form class='search1' action='changepassword.php' method='POST'>";
echo "<label>Old Password:</label> <input type='password' id='password' name='oldpassword'>";
echo "<p><label>New Password:</label> ";
echo "<input type='password' id='password' name='newpassword'>";
echo "<p><label>Repeat New Password:</label> ";
echo "<input type='password' name='repeatnewpassword'><p>";
echo "<label>Email:</label> <input type='email' name='email'>";
echo "<p><input type='submit' name='submit' class='submit' value='submit'>";
echo "<br><br><br><h2><p><a href='index2.php'>Back</a></p></h2></form>";
}
} else {
die ("You must be logged in to change your password");
}
?>
<img src="../images/main.jpg">
I'm attempting to create a page whereby users are able to change their password, but having trouble with my sql statment, can someone tell me where i'm going wrong? here's the code;
<?php
session_start();
include_once("home_start.php");
require_once("functions.php");
require_once("db_connect.php");
$submit = trim($_POST['submit']);
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$newpassword = trim($_POST['newpassword']);
$repeatnewpassword = trim($_POST['repeatnewpassword']);
if ($username && $password){
session_start();
require_once("db_connect.php");
mysqli_select_db($db_server, $db_database) or die("Couldn't find db");
$username = clean_string($db_server, $username);
$password = clean_string($db_server, $password);
$pass = $_POST[‘password’];
$salt = "$salt1$string$salt2";
$hashpass = md5($pass . $salt);
$query = "SELECT * FROM users WHERE username='$username'";
$result = mysqli_query($db_server, $query);
if($row = mysqli_fetch_array($result)){
$db_username = $row['username'];
$db_password = $row['password'];
if($username==$db_username && salt($password)==$db_password){
$_SESSION['username']=$username;
$_SESSION['logged']="logged";
$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE
username='$username'") or die(mysql_error());
} else {
$message = "<h1>Incorrect password!</h1>";
}
mysqli_free_result($result);
require_once("db_close.php");
} else {
$message = "<h1>Please enter a valid username/password</h1>";
}
//home_start/end only required if submitting to a separate page
//include_once("home_start.php");
echo $message;
}
?>
<h1>Change Password</h1>
<form id="register" action='password.php' method='POST'>
Username: <input type='text' name='username'><br />
Current Password: <input type='password' name='password'><br />
New Password: <input type='password' name='newpassword'><br />
Repeat New Password: <input type='password' name='repeatnewpassword'><br />
<input type='submit' name='submit' value='Login'> <br />
</form>
<?php include_once("home_close.php"); ?>
When you are comparing the password for verification, I found that you have used salt over your given password. Which means you have already a salted(or encrypted) password in db.
salt($password)==$db_password
But when you are storing the new password in to db, I didn't see you encrypt(or salt) on it.
UPDATE users SET password='$newpassword'...
So, when you are doing login using the new password, you'll never get it matched!
I created a PHP script that allows a user on my website to change their password once registered, but am getting an error when I try to open it on the site. I believe it is due to a syntax error on my part but I can't seem to spot it. Can someone take a look and see what you can find? Here is the script:
<?php
session_start();
$user = $_SESSION['username'];
if ($user)
{
//user is logged in
if ($_POST['submit'])
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("Old password doesn't match!");
}
else
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
else
die ("You must be logged in to change your password");
}
?>
The error I am getting is as follows:
Notice: Undefined index: submit in /var/www/localhost/htdocs/changepassword.php on line 11
You must be logged in to change your password.
Thanks in advance for your help.
Well first you should notice that mysql is deprecated, use mysqli or PDO instead More info or like NullPointer has pointed More Good Info :)
change the end of your code like this to get the right results that you want for fail:
}else
die ("Nothing came from the $_POST variable");
}else
die ("You must be logged in to change your password");
The error that your getting is maybe because your $_POST variable isn't set, use isset() to check if $_POST was set.example:
if (isset($_POST['submit']))
{
//submit post was set
}else
{
//submit post wasn´t set
}
If you still not getting any value, check your form.
UPDATE:
to see the actual form you must end the isset before the form your code stays like this:
<?php
session_start();
$user = $_SESSION['username'];
if (isset($_SESSION['username']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("New password doesn't match!");
}else
die("Old password doesn't match!");
}
else
{
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
But you wont see it until your logged in. Your second problem is that your $user variable seems to dont have any value. after trying the above code if it wont work.
put this line after
$user = $_SESSION['username'];
echo 'Here it shold show the user: '.$user.'';
if it wont show up your not passing the session value right.
One more thing, if your form is pointing to same page, thats what it looks like change your line to this line:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8");?>" method='POST'>
Your input html form has an extra space in it
<input type='submit' name ='submit' value='submit'>
Change it to
<input type='submit' name='submit' value='submit'>
You should also make sure
if (isset($_POST['submit']))