Hi…
I have used this script with some minor changes…still it is not working. when i submit the change password request it shows me only one message that YOU MUST BE LOGGED IN TO CHANGE THE PASSWORD… It skips the entire script and jump to the very last condition where this message execute.
<?php
session_start();
?>
<?php
$email = $_SESSION['Email'];
if ($email) {
//user is logged in
if ($_POST['submit'])
{
//check fields
$oldpassword = ($_POST['oldpassword']);
$newpassword = ($_POST['newpassword']);
$repeatnewpassword = ($_POST['repeatnewpassword']);
//check pass against db
$connect = mysql_connect("localhost","hyperli1_root","ankur");
mysql_select_db("hyperli1_test");
$queryget = mysql_query("SELECT Password FROM Mem_Data WHERE Email= '$email'") or die("Query didn't work");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['Password'];
//check pass
if ($oldpassword==$oldpassworddb)
{
//check twonew pass
if ($newpassword==$repeatnewpassword)
{
//success
//change pass in db
if (strlen($newpassword)>25||strlen($newpassword)<6)
{
echo "Password must be betwwen 6 & 25";
}
else
{
$querychange = mysql_query("
UPDATE Mem_Data SET Password='$newpassword' WHERE Email='$email'
");
session_destroy();
die("Your password has been successfully changed.<a href='mbindex.php'>Return</a> to the main page");
}
}
else
die("New Pass don't match");
}
else
die("Old Pass doesn't match");
}
else
{
?>
<div class="adminrightpart">
<table width="500px" cellpadding="0" cellspacing="0" border="0" class="pwtbl">
<form action='changepw.php' method='POST'>
<tr>
<td>Old password:</td> <td><input type='text' name='oldpassword'></td>
</tr>
<tr height="20"><td></td></tr>
<tr>
<td>New password:</td> <td><input type='password' name='newpassword'></td>
</tr>
<tr height="20"><td></td></tr>
<tr>
<td>Repeat new password:</td> <td><input type='password' name='repeatnewpassword'></td>
</tr> <tr height="50"><td></td></tr>
<tr>
<td colspan="2" align="center"><input type='submit' name='submit' value='Change Password'></td>
</tr>
</form>
</table>
</div>
</div>
</div>
<?php }
}
else die("You must be logged in to change your password");
?>