hello everyone…
I have tried to work this code the whole day I seem to get no where. Can please someone help me see the mistake.
The code is supposed to be changing the user password. What happen is ; I get these messages You entered an incorrect password. Try Again Congratulations! You have successfully changed your password. Continue
And if I check in the database the password field is being erased!..please help…
the form:
<form id="update" name="update" method="POST" class="formfield" action="u.php" >
<div>
<label class="fixedwidth">Username:</label>
<input name="username" id="username" type="text" class="fixedwidth"/>
</div>
<div >
<label class="fixedwidth">Old password:</label>
<input name="oldpassword" id="oldpassword" type="password" class="fixedwidth"/>
</div>
<div >
<label class="fixedwidth">New Password:</label>
<input name="password" id="password" type="password" class="fixedwidth" />
</div>
<div>
<label class="fixedwidth">Confirm New Password:</label>
<input name="password1" id="password1" type="password" class="fixedwidth" />
</div>
<div class="buttonarea">
<div align="center">
<input name="update" id="update" type="submit" value="Change Password" />
<label>
<input type="reset" name="cancel" id="cancel" value="Cancel" onclick="location.href='Admin_index.php'"/>
</label>
</div>
</div>
</form>
the php file
<?php
session_start();
//connect to the database
$conn = dbConnect('Admin_username');
$username = $_POST['username'];
$oldpassword = $_POST['oldpassword'];
$password = $_POST['password'];
$confirmnewpassword = $_POST['password1'];
$pswd = sha1(md5($password));
$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result)
{
echo "The username you entered does not exist. <a href=use.php>Try Again</a>";
}
else
if($password!= mysql_result($result, 0))
{
echo "You entered an incorrect password. <a href=use.php>Try Again</a> ";
}
else
if($password==$confirmnewpassword)
$pass = sha1(md5($password));
$sql=mysql_query("UPDATE users SET password='$pass' where username='$username'");
if($sql)
{
echo "Congratulations! You have successfully changed your password. <a href=Admin_index.php>Continue</a>";
}
else
{
echo "The new password and confirm new password fields must be the same. <a href=use.php>Try Again</a> ";
}
?>