Ask a Question Register Login

PHP: change password

711

I am implementing a password change function for my website. Unofortunately it doesn't work.

In the .html file I got the code: 

 <form method='post' >
                    <td>Old Password:</td>                  
                    <td><input name='oldpw' type='password' required='required'/></td>
                <tr>
                    <td>New Password:</td>
                    <td><input name='newpw' type='password' required = 'required' /></td>
                <tr>                    
                    <td>Confirm Password:</td>                  
                    <td><input name='conpw' type='password' required = 'required' /></td>
                    <td> 
                    <input type='submit' value='Change Password' />
                    </td>
                </tr>           
                 </form>

In the account.php file I wrote this:

if (isset($_POST['newpw'])){

    $pw=$dbc->query("select passwort from kundenaccount where accname= '" . $_SESSION['accname'] . "';")
                $row = $pw->fetch_object()
                $pawo = $row->passwort 

        if (md5($_POST['oldpw']) == $pawo){
        if ($_POST['newpw']==$_POST['conpw']){
         $dbc->query("UPDATE accname SET passwort='" . md5($_POST['newpw']) . "' WHERE accname='" . $_SESSION['accname'] . "';")
         }
        else { echo "Passwords do not match" }
        }
    else { echo "Wrong password entered"}
    }

Do anyone see my mistake? I try to solve this problem since days..

Hope anyone can help.

Thanks

567

Answer

Solution:

Try this on your form:

 <form method='post' action='account.php'>

UPDATE:

I went through and made the script for my database, works fine. change values where needed:

<?php
$dbc = new mysqli("localhost", "db-user", "db-pass", "db-name");
if (isset($_POST['newpw'])){
    [email protected]$dbc->query("select passwort from kundenaccount where accname= '" . $_SESSION["accname"] . "'");
                $row = $pw->fetch_object();
                $pawo = $row->password ; 

    if (md5($_POST['oldpw'])== $pawo){

        if ($_POST['newpw']==$_POST['conpw']){
         @$dbc->query("UPDATE kundenaccount SET passwort='" . md5($_POST['newpw']) . "' WHERE accname='" . $_SESSION['accname'] . "'");
         }
        else { echo "Passwords do not match"; }
        }

    else { echo "Wrong password entered";}
    }
    ?>
268

Answer

Solution:

if ($_POST['oldpw']==md5($pawo))

should be

if (md5($_POST['oldpw']) == $pawo)
249

Answer

Solution:

md5 is a one way hash so you cannot undo it, you should compare the other way.

if (md5($_POST['oldpw'])==$pawo){

NOTE: MD5 is not considered secure, I would upgrade to some other algorithm..

93

Answer

Solution:

Another solution to the problem

 <?php

 include ('connect_db.php');
 if(isset($_POST['submit']))
     {
       $oldpw = $_POST ['oldpw'];
 $newpw = $_POST ['newpw'];
 $retypepw = $_POST ['retypepw'];

 $sql = mysql_query("SELECT * FROM users WHERE password = '$oldpw'") or die (mysql_error());
   if ($sql)

   {
       $row = mysql_fetch_array($sql);
       extract ($row);

       if ($oldpw <> $password) {
           echo "Passwords dont match";}

           else

       if ($newpw == $retypepw){
        $update = mysql_query("UPDATE users SET  password = '$newpw' WHERE password = '$oldpw' ") or die (mysql_error());
            if($update)

    {

        echo "Successfully changed password"; }
        }

    else { echo "Password dont match";}

       }

   }
    ?>

People are also looking for solutions to the problem: php - How can I add "ID" or "count number" after the "mysql repetitive values"

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.