简体   繁体   中英

Login & password change PHP & MYsql

I am working on a simple script that allows users to create an account and change password in a database. The only problem I'm having is creating a script that allows the user to change their password. It doesn't update in my DB. I am getting successfully message but it doesn't update in DB. Please help me any suggestions will be much appreciated Please let me know if any more details required?

            <form method="POST">
                old:<input type="text" name="old_pass">
                new:<input type="text" name="">
                conf:<input type="text" name="">
                <input type="submit" name="submit" value="save">
            </form>
            <?php 

            $conn_db = mysqli_connect("localhost","root","","oz");
            if(!$conn_db)
            {
                echo "not connect";
            }
                echo "connect".mysqli_error($conn_db);

                SESSION_START();
            if($_SERVER['REQUEST_METHOD']=="POST")
            {
            if(isset($_POST['submit']))
                {

                $old_pass=$_POST['old_pass'];
                $new_pass=$_POST['new_pass'];
                $re_pass=$_POST['re_pass'];
                $chg_pwd=mysqli_query($conn_db,"SELECT * FROM admin WHERE email='$email'");
                $chg_pwd1=mysqli_fetch_array($chg_pwd);
                $data_pwd=$chg_pwd1['pass'];
                if($data_pwd==$old_pass){
                if($new_pass==$re_pass){
                  $update_pwd=mysqli_query($conn_db,"UPDATE admin SET pass='$new_pass' where email='$email'");

                  echo "<script>alert('Update Sucessfully'); window.location='index.php'</script>";
                }
                else{
                  echo "<script>alert(`Your new and Retype Password is not match`); window.location='index.php'</script>";
                }
                }
                else
                {
                echo "<script>alert(`Your old password is wrong`); window.location='change.php'</script>";
                }}
            }
              ?>
  1. You are getting the success message because you are not actually checking if the update was successful. You're just checking if the password match: if($new_pass==$re_pass)

  2. You never define $email , so your WHERE clause generates an empty data set.

Try defining $email , for example: $email = $_POST['email'] and moving your alert and redirect inside of an if statement that checks the result of the query

if(mysqli_query($conn_db,"UPDATE admin SET pass='$new_pass' where email='$email'")) {
    echo "<script>alert('Update Sucessfully'); window.location='index.php'</script>";
}

NOTE:

  1. You shouldn't store your passwords in plain text.
  2. You should safely cast all input before running it in a query to prevent SQL Injection.

TRY USING THIS

if($new_pass==$re_pass){
  $update_pwd = $conn_db->query("UPDATE admin SET pass='$new_pass' WHERE email='$email'");
  if($update_pwd){ echo "<script>alert('Update Sucessfully'); window.location='index.php'</script>";
 } else { //echo server error }

                }

change your 'mysqli_query' to '$conn_db->query'. there will be no need to include '$conn_db' in the parenthesis. Meanwhile, if error logging is set in your php settings, you can see the error

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM