Change user password

hello everyone…

I have tried to work this code the whole day I seem to get no where. Can please someone help me see the mistake.

The code is supposed to be changing the user password. What happen is ; I get these messages You entered an incorrect password. Try Again Congratulations! You have successfully changed your password. Continue

And if I check in the database the password field is being erased!..please help…
the form:

<form id="update"  name="update" method="POST"  class="formfield" action="u.php" >
       <div> 
<label class="fixedwidth">Username:</label>
<input name="username" id="username" type="text" class="fixedwidth"/>
	</div>
    
   			
	 
	 <div >
<label class="fixedwidth">Old password:</label>
<input name="oldpassword" id="oldpassword" type="password" class="fixedwidth"/>
	</div>
 <div >
<label class="fixedwidth">New Password:</label>
<input name="password" id="password" type="password" class="fixedwidth" />
	</div>
<div>
<label class="fixedwidth">Confirm New Password:</label>
<input name="password1" id="password1" type="password" class="fixedwidth"  />
	</div>	
	
	<div class="buttonarea">
	  <div align="center">
	    <input name="update" id="update" type="submit" value="Change Password" />
	    <label>
	    <input type="reset" name="cancel" id="cancel" value="Cancel"  onclick="location.href='Admin_index.php'"/>
	    </label>
	  </div>
	</div>
    
		
		</form>

the php file

<?php 

session_start();

//connect to the database
$conn = dbConnect('Admin_username');

$username = $_POST['username'];
$oldpassword = $_POST['oldpassword'];
$password = $_POST['password'];
$confirmnewpassword = $_POST['password1'];
$pswd = sha1(md5($password));
$result = mysql_query("SELECT password FROM users WHERE username='$username'");
if(!$result) 
{ 
echo "The username you entered does not exist. <a href=use.php>Try Again</a>"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo "You entered an incorrect password. <a href=use.php>Try Again</a> "; 
} 
else
if($password==$confirmnewpassword) 
		$pass = sha1(md5($password));
    $sql=mysql_query("UPDATE users SET password='$pass' where username='$username'"); 
    if($sql) 
    { 
    echo "Congratulations! You have successfully changed your password. <a href=Admin_index.php>Continue</a>"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same. <a href=use.php>Try Again</a> "; 
}  
?> 

SHouldn’t you compare the old password? Not the new one?


if($password!= mysql_result($result, 0))  
{  
echo "You entered an incorrect password. <a href=use.php>Try Again</a> ";  
}  

Should be:


if($oldpassword!= mysql_result($result, 0))  
{  
echo "You entered an incorrect password. <a href=use.php>Try Again</a> ";  
}  

also, [FPHP]elseif[/FPHP] is a valid expression in PHP. readability ++.

The reason you’re seeing multiple messages is because you havent wrapped this section in curly braces:


if($password==$confirmnewpassword) //No Curly Brace here?
        $pass = sha1(md5($password)); //If only refers to this line.
    $sql=mysql_query("UPDATE users SET password='$pass' where username='$username'");  //This line will always be executed in the current context.
    if($sql) 
    { 
    echo "Congratulations! You have successfully changed your password. <a href=Admin_index.php>Continue</a>"; 
    } 

If you want an if clause to contain more than one command, you -must- wrap it.

Thanks for reply Immerse and StaLion;

I have re-write the code but it seem to be working only when the username and the oldpassword are the same.

If one enters a wrong username with correct password; I get these errors
Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 3 in C:\wamp\www\change_passeord.php on line 24
You entered an incorrect password. Try Again The new password and confirm new password fields must be the same. Try Again

correct username wrong password I get:
You entered an incorrect password. Try Again The new password and confirm new password fields must be the same. Try Again

Any more help please!