Changing User Password in PHP and mySQL

Question

Found the answer!!

Found the answer after a long break from looking at it!

was just simply changing

$querynewpass = "UPDATE tz_members SET `pass`='".$_POST['$passwordnew1']."' WHERE usr='{$_SESSION['usr']}'";

to:

$querynewpass = "UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'";

just the simple md5 that i had missed off!

The Problem:

im trying to change a user password using a form where they enter their current password and a new password. it should check the mySQL database to see if their current password that was entered matches the current session user they are logged into and then update the mySQL database to the new password. Here is the script i have for it so far:

if($_POST['submit']=='Change')
{
    // Checking whether the Password Change form has been submitted

    $err = array();
    // Will hold our errors


    if(!$_POST['password1'] || !$_POST['passwordnew1'])
        $err[] = 'All the fields must be filled in!';

    if(!count($err))
    {
        $_POST['password1'] = mysql_real_escape_string($_POST['password1']);
        $_POST['passwordnew1'] = mysql_real_escape_string($_POST['passwordnew1']);

        // Escaping all input data

        $row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_SESSION['usr']}' AND pass='".md5($_POST['password1'])."'"));

        if($row['usr'])
        {
            // If everything is OK change password

            $querynewpass = "UPDATE user SET `password`='".$_POST['$passwordnew1']."' WHERE id='".$_SESSION['usr']."'";
                        $resultnewpass = mysql_query($querynewpass) or die(mysql_error()); 

        }
        else $err[]='Wrong Password To Start With!';
    }

    if($err)
    $_SESSION['msg']['passwordchange-err'] = implode('<br />',$err);
    // Save the error messages in the session

    header("Location: index.php");
    exit;
}

but it comes with an error "Table 'databasename.user' doesn't exist" i have a login and register form that work using this method without error!

UPDATE: i have a database that has a table called tz_members and the columns are id, pass, user, regIP and dt

my mysql query is now:

$querynewpass = "UPDATE tz_members SET `pass`='".$_POST['$passwordnew1']."' WHERE usr='{$_SESSION['usr']}'";

UPDATED AGAIN adding the form code for you to see:

    <!-- Pass Change Form -->
            <form action="" method="post">      
            <?php

                    if($_SESSION['msg']['passwordchange-err'])
                    {
                        echo '<div class="err">'.$_SESSION['msg']['passwordchange-err'].'</div>';
                        unset($_SESSION['msg']['passwordchange-err']);
                    }

                    if($_SESSION['msg']['passwordchange-success'])
                    {
                        echo '<div class="success">'.$_SESSION['msg']['passwordchange-success'].'</div>';
                        unset($_SESSION['msg']['passwordchange-success']);
                    }
                ?>

                <label class="grey" for="password1">Current Password:</label>
                <input class="field" type="password" name="password1" id="password1" value="" size="23" />
                <label class="grey" for="password">New Password:</label>
                <input class="field" type="password" name="passwordnew1" id="passwordnew1" size="23" />
                <input type="submit" name="submit" value="Change" class="bt_register" />
            </form>

Answer 1

Your are using two different tables (and columns) in the two queries that seem to be related to the same table.

Check your schema and adjust the second query appropriately.

The second query should probably be something along the lines of:

$querynewpass = "UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'";

Answer 2

check your database. maybe user table is not present. and another thing, during the update, you are updating password without encryption, but you were fetching data from tz_members table by matching the encrypted password. so final solution from me: check your database and see if there are any user table or not. have fun

Answer 3

I was trying to do the same thing as you I finally did get it to work, it might have been helpful for you to post the correct completed code so anyone else that is looking for this could view the solution.

The only error I found which took me a few mins to debug with the above code was the following:

$querynewpass = mysql_query("UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'");

was the addition of the mysql_query() tag after that was added the code works great thanks fro sharing.

Answer 4

试试这个代码：

$SQL = "UPDATE `table-name` SET `password` = '".$newpassword."' WHERE `tablename`.`ID` = '".$_SESSION["database ID"];."';";