4 replies to this topic

[Crofty]

ok well i am trying to make a change password script but cant seem to get it to work right here is what i have if you see anything wrong let me know. i set it up to see when it goes wrong and i get errror1

if(isset($_POST['submit'])){
$username = $_POST['username'];
$email = $_POST['email'];
$newpass1 = md5($_POST['newpass1']);
$newpass2 = md5($_POST['newpass2']);
$sql = "SELECT * FROM users WHERE username='$username'";
$r = mysql_query($sql) or die(mysql_error());	
if ($r['email'] == $email){
if ($newpass1 == $newpass2){
$sql2 = "UPDATE `users` SET  password=$newpass1 WHERE username='$username'";
$result = mysql_query($sql2) or die(mysql_error());	
header("location: index.php?view=home");
exit();
}else{
echo'Error2';
}
}else{
echo 'error1';
}
}else{
top();
echo'<form action="'.$PHP_SELF.'" method="POST" enctype="multipart/form-data">
<table width="403" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
	<td><div align="center">UserName:</div></td>
 <td width="273">
	 <div align="center">
	   <input name="username" type="text" size="40"  maxlength="100">
	 </div></td>
  </tr>
  <tr>
	<td width="130"><div align="center">E-Mail: </div></td>
 <td width="273">
	 <div align="center">
	   <input name="email" type="text" size="40"  maxlength="100">
	 </div></td>
  </tr>
  <tr>
	<td><div align="center">New Password:</div></td>
 <td>
	 <div align="center">
	   <input name="newpass1" type="password" size="40"  maxlength="100">
	 </div></td>
  </tr>
  <tr>
	<td><div align="center">Retype Password: </div></td>
 <td>
	 <div align="center">
	   <input name="newpass2" type="password" size="40"  maxlength="100">
	 </div></td>
  </tr>
  <tr>
	<td><div align="center"></div></td>
		<td>
		  <div align="left">
			<input name="submit" type="submit" id="submit" value="Change Password">
		  </div></td>
  </tr>
</table></form>';
bottom();
}

Edited by Crofty, 23 September 2006 - 09:59 AM.

[cheerio]

replace

$sql = "SELECT * FROM users WHERE username='$username'";
$r = mysql_query($sql) or die(mysql_error());

with

$sql = "SELECT * FROM users WHERE username='$username'";
$query = mysql_query($sql) or die(mysql_error());
$r = mysql_fetch_array($query);

[Mr. Matt]

dam u cheerio beat me to it

Matt

Edited by deadly, 23 September 2006 - 10:26 AM.

[cheerio]

haha deadly. I'm gonna start counting how many times i've beat you to it

[Crofty]

Thanks Guys