I am trying to set up a strong hint that the password needs to be changed. I have created a statement of if ($cp = ‘yes’) { header (“Location: http://—/change_password.php”); } else {header (“Location: http://—/index.php”);
That is the short version where if the information I read from MySQL is yes I go to change the password, otherwise, I go to index.
I suspect as a beginner, I have made a mistake. Here is the full code for this section.
if ($u && $p && $captchchk) {
$query = "SELECT user_id, first_name, last_name, email, pass, chng_pass, roll FROM users_tbl WHERE user_id='$u' AND pass=SHA('$p')";
$result = mysql_query ($query) or trigger_error("Either the Password or Userid are incorrect.");
if (mysql_affected_rows() == 1) { // A match was made.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
$_SESSION['first_name'] = $row[1];
$_SESSION['userid'] = $row[0];
$_SESSION['chng_pass'] = $row[5];
$_SESSION['roll'] = $row[6];
$cp = $_SESSION['chng_pass'];
$token_id = rand(10000, 9999999);
$query2 = "UPDATE users_tbl SET token_id = $token_id WHERE user_id = '$_SESSION[userid]'";
$result2 = mysql_query ($query2);
$_SESSION['token_id'] = $token_id;
// FIX THIS the line below may be causing problems
// session_regenerate_id();
echo '<pre>',print_r($cp),'</pre>'; // this reads no1
if ($cp = 'yes') {
header("Location: http://www.recse.org/clergy/change_password.php");
mysql_close(); // Close the database connection.
exit();
} else {
header("Location: http://www.recse.org/clergy/index.php");
mysql_close(); // Close the database connection.
exit();
}
If there is a better way to do this, let me know. I would really like to find a way that will force a password change, but all I can figure out is to take the user to the change_password.php page.